How to Build a Full‑Featured DNS Server on Linux (Step‑by‑Step Guide)

Introduction

Domain Name System (DNS) translates human‑readable domain names into IP addresses, enabling users to access services without memorising numeric addresses. Setting up a DNS server on Linux provides local name resolution, load‑balancing, mail server location, and protection against DNS hijacking.

Prerequisites

CentOS (or compatible) virtual machine

Root access

Network connectivity

First, configure the network interface, disable the firewall and SELinux, then install the BIND package:

yum install bind -y

Server Configuration

Edit the main configuration file /etc/named.conf and set the basic options:

options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { ::1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file "/var/named/data/named.recursing";
    secroots-file "/var/named/data/named.secroots";
    allow-query { any; };
};

The options block defines listening ports, data directories, and query permissions.

Define Forward Zone

Add a forward zone for example.com:

zone "example.com" IN {
    type master;
    file "example.com.zone";
    allow-update { none; };
};

Define Reverse Zone

Add a reverse zone for the network 192.168.180.0/24 (written as 180.168.192.in-addr.arpa):

zone "180.168.192.in-addr.arpa" IN {
    type master;
    file "example.com.arpa";
    allow-update { none; };
};

Create Zone Files

Navigate to /var/named/ and copy the template file to create the forward and reverse zone files:

cd /var/named/
cp -p named.empty example.com.zone
cp -p named.empty example.com.arpa

Edit example.com.zone with the following records (red‑boxed sections in the original images):

@       IN  SOA     dns.example.com. root.example.com. (
                2024041201 ; serial
                7200       ; refresh
                3600       ; retry
                1209600    ; expire
                3600 )     ; minimum
        IN  NS      dns.example.com.
 dns    IN  A       192.168.180.188
 www    IN  A       192.168.180.189
 exam   IN  A       192.168.180.190
 ftp    IN  A       192.168.180.191
 sun    IN  A       192.168.180.44

Edit example.com.arpa for reverse lookups:

@       IN  SOA     dns.example.com. root.example.com. (
                2024041201 ; serial
                7200       ; refresh
                3600       ; retry
                1209600    ; expire
                3600 )     ; minimum
        IN  NS      dns.example.com.
188     IN  PTR     dns.example.com.
189     IN  PTR     www.example.com.
190     IN  PTR     exam.example.com.
191     IN  PTR     ftp.example.com.
44      IN  PTR     sun.example.com.

Validate and Start Service

Check the configuration syntax: named-checkconf /etc/named.conf If no errors are reported, restart the BIND service: systemctl restart named Use systemctl status named or journalctl -xe for troubleshooting.

Client Configuration

On a client machine, edit /etc/resolv.conf to point to the DNS server’s IP address:

nameserver 192.168.180.188

Testing

Perform forward lookup tests (e.g., dig www.example.com) and reverse lookup tests (e.g., dig -x 192.168.180.188). The results should match the records defined in the zone files.

Troubleshooting

If the service fails to start, run named-checkconf to locate syntax errors in named.conf or zone files.

Ensure all zone files end with a trailing dot ( .) for fully‑qualified domain names.

Verify that firewall rules allow traffic on port 53 (both TCP and UDP).