How to Build a Full‑Featured DNS Server on Linux with BIND (Step‑by‑Step Guide)

The Domain Name System (DNS) translates human‑readable domain names into IP addresses. This guide shows how to install and configure a BIND DNS server on a CentOS virtual machine, create forward and reverse zones, and verify the service.

Server preparation

Assign a static IP address to the VM.

Disable the firewall and SELinux (or configure them to allow DNS traffic).

Install the BIND package:

yum install bind -y

Configure /etc/named.conf

Edit the main configuration file and set the global options. A typical options block looks like:

options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { ::1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file "/var/named/data/named.recursing";
    secroots-file "/var/named/data/named.secroots";
    allow-query { any; };
};

These directives define the listening interfaces, data directory, cache dump, statistics files, and permit queries from any client.

Define zones

Add two zone statements – one for forward resolution of example.com and one for reverse resolution of the 192.168.180.0/24 network:

zone "example.com" IN {
    type master;
    file "example.com.zone";
    allow-update { none; };
};

zone "180.168.192.in-addr.arpa" IN {
    type master;
    file "example.com.arpa";
    allow-update { none; };
};

Create zone files

Copy the template file provided by BIND and edit it for each zone:

cp -p named.empty example.com.zone
cp -p named.empty example.com.arpa

Forward zone ( example.com.zone )

example.com.            IN  SOA   root.example.com. ( 2024041201 3H 1H 1W 1D )
@                       IN  NS    dns.example.com.
 dns                     IN  A     192.168.180.188
 www                     IN  A     192.168.180.189
 exam                    IN  A     192.168.180.190
 ftp                     IN  A     192.168.180.191
 sun                     IN  A     192.168.180.44

Explanation: SOA defines the start of authority, with the primary name server and contact email (the dot after the domain is mandatory). NS records point to the authoritative name server for the zone. A records map hostnames to IPv4 addresses.

Reverse zone ( example.com.arpa )

@                       IN  NS    dns.example.com.
188                     IN  PTR   dns.example.com.
189                     IN  PTR   www.example.com.
190                     IN  PTR   exam.example.com.
191                     IN  PTR   ftp.example.com.
44                      IN  PTR   sun.example.com.

Each PTR record maps an IP suffix to its corresponding hostname.

Validate and start the service

named-checkconf /etc/named.conf   # syntax check
systemctl restart named           # start/reload the daemon

On a client machine, point the resolver to the new server:

vim /etc/resolv.conf
# add a line: nameserver <code>your-dns-server-ip</code>

Testing

Use dig or nslookup to verify both forward and reverse lookups:

dig www.example.com
dig -x 192.168.180.189

Successful responses should return the IP address for the forward query and the hostname for the reverse query.

Troubleshooting

If the service fails to start, inspect the logs:

systemctl status named.service
journalctl -xe

Typical causes are syntax errors in named.conf or the zone files (e.g., missing trailing dots, incorrect file paths).

For resolution failures, double‑check the zone files for proper NS, A, and PTR records and ensure the final dot is present on fully‑qualified names.

Key takeaways

Understanding DNS caching, recursion, and forwarding is essential before deploying a server.

Accurate zone file syntax—especially the trailing dot on domain names—prevents startup errors.

Use dig or nslookup to confirm that forward and reverse mappings work as intended.