linux_wiki:configure_a_caching-only_name_server

This is an old revision of the document!


Configure A Caching-only Name Server

General Information

Caching-only name servers are non-authoritative. They perform lookups inside or outside the zone and cache the results to use locally.

The exam requires you to setup a DNS caching server. It does not specify which one.


DNS Caching Server: Unbound

Install required packages

yum install unbound


Enable the service

systemctl enable unbound


Open the firewall

firewall-cmd --permanent --add-service=dns
firewall-cmd --reload


Prevent errors about server-keys not existing

unbound-control-setup


Configure to accept on any interface and allow from certain networks

vim /etc/unbound/unbound.conf
 
interface: 0.0.0.0
access-control: 192.168.1.0/24 allow


Configure a fowarder (DNS server that should receive requests the caching server doesn't know)

vim /etc/unbound/unbound.conf
 
forward-zone:
  name: "."
  forward-addr: 192.168.1.152


Unbound requires DNSSEC validation by default. Disable for internal DNS that do not have this setup

vim /etc/unbound/unbound.conf
 
domain-insecure: "example.com"


Verify configuration

unbound-checkconf


Start the unbound service

systemctl start unbound


Configure a different system to use the DNS caching server

nmcli con mod eth0 ipv4.dns 192.168.1.151


Test a DNS lookup

dig server3.example.com

DNS Caching Server: Bind

Install required packages

yum install bind bind-utils
  • bind → server package
  • bind-utils → client utilities


Enable the service

systemctl enable named


Open the firewall for DNS

firewall-cmd --permanent --add-service=dns
firewall-cmd --reload


Make some named configuration changes

vim /etc/named.conf
 
listen-on port 53 { any; };
allow-query { any; };
 
dnssec-validation no;
  • listen on any IP
  • allow queries from any sources
  • do not validate local lookups


Check named.conf config syntax

named-checkconf
  • No output = no mistakes


Start the named service

systemctl start named


Test a domain lookup

nslookup google.com 127.0.0.1
 
OR
 
dig @127.0.0.1 google.com

  • linux_wiki/configure_a_caching-only_name_server.1475203511.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)