BestHub
Sign in
Operations 17 min read

How to Set Up a Private BIND DNS Server on CentOS 7 (Step‑by‑Step Guide)

Learn how to install, configure, and maintain a private BIND DNS service on CentOS 7, covering server roles, ACLs, forward and reverse zones, zone files, firewall settings, testing with nslookup, and ongoing DNS record management for a secure internal network.

Efficient Ops
Efficient Ops
Efficient Ops
How to Set Up a Private BIND DNS Server on CentOS 7 (Step‑by‑Step Guide)

Introduction

CentOS 7 can be used to run a private BIND DNS service for an internal network. DNS translates IP addresses to host names, making it easier to remember machines inside a LAN.

Environment

CentOS 7 (Minimal Install)

Sample Setup

Four servers are required:

10.11.0.199 ns1
10.11.0.209 ns2
10.11.0.101 host1
10.11.0.102 host2
ns1 is the primary DNS, ns2 is the secondary DNS, host1 and host2 are the hosts registered in DNS.

Installation and Configuration

Update System

$ sudo yum update

Install BIND

$ sudo yum install bind bind-utils

Configure Primary DNS (ns1)

Edit /etc/named.conf and add an ACL named trusted that includes the IPs of ns1, ns2, host1 and host2.

acl "trusted" {
    10.11.0.199;  # ns1
    10.11.0.209;  # ns2
    10.11.0.101;  # host1
    10.11.0.102;  # host2
};

Modify the options block to listen on the private IP and allow queries from the trusted ACL.

options {
    listen-on port 53 { 127.0.0.1; 10.11.0.199; };
    #listen-on-v6 port 53 { ::1; };
    allow-transfer { 10.11.0.209; };
    allow-query { trusted; };
    recursion yes;
    dnssec-enable yes;
    dnssec-validation yes;
    ...
};

At the end of the file include the local zone configuration:

include "/etc/named/named.conf.local";

Create Local Zone File ( named.conf.local )

Define a forward zone for bj1.example.com and a reverse zone for the 10.11.0.0/16 subnet.

zone "bj1.example.com" {
    type master;
    file "/etc/named/zones/db.bj1.example.com";
};
zone "11.10.in-addr.arpa" {
    type master;
    file "/etc/named/zones/db.10.11";
};

Forward Zone File ( db.bj1.example.com )

$TTL    604800
@       IN      SOA     ns1.bj1.example.com. admin.bj1.example.com. (
              3     ; Serial
         604800     ; Refresh
          86400     ; Retry
        2419200     ; Expire
         604800 )   ; Negative Cache TTL

; NS records
        IN      NS      ns1.bj1.example.com.
        IN      NS      ns2.bj1.example.com.

; A records
ns1.bj1.example.com.          IN      A      10.11.0.199
ns2.bj1.example.com.          IN      A      10.11.0.209
host1.bj1.example.com.        IN      A      10.11.0.101
host2.bj1.example.com.        IN      A      10.11.0.102

Reverse Zone File ( db.10.11 )

$TTL    604800
@       IN      SOA     ns1.bj1.example.com. admin.bj1.example.com. (
              3     ; Serial
         604800     ; Refresh
          86400     ; Retry
        2419200     ; Expire
         604800 )   ; Negative Cache TTL

; NS records
        IN      NS      ns1.bj1.example.com.
        IN      NS      ns2.bj1.example.com.

; PTR records
199.0 IN      PTR     ns1.bj1.example.com.
209.0 IN      PTR     ns2.bj1.example.com.
101.0 IN      PTR     host1.bj1.example.com.
102.0 IN      PTR     host2.bj1.example.com.

Validate Configuration

Check the main configuration: $ sudo named-checkconf Check the forward zone:

$ sudo named-checkzone bj1.example.com /etc/named/zones/db.bj1.example.com

Check the reverse zone:

$ sudo named-checkzone 11.10.in-addr.arpa /etc/named/zones/db.10.11

Start and Enable BIND

$ sudo systemctl start named
$ sudo systemctl enable named

Open Firewall Ports

$ sudo firewall-cmd --zone=public --permanent --add-port=53/tcp
$ sudo firewall-cmd --zone=public --permanent --add-port=53/udp
$ sudo firewall-cmd --reload

Configure Secondary DNS (ns2)

Repeat the ACL and options adjustments on ns2, then create a named.conf.local with slave zones pointing to the primary server.

zone "bj1.example.com" {
    type slave;
    file "slaves/db.bj1.example.com";
    masters { 10.11.0.199; };
};
zone "11.10.in-addr.arpa" {
    type slave;
    file "slaves/db.10.11";
    masters { 10.11.0.199; };
};

Validate, start, enable, and open firewall ports on ns2 just like on ns1.

Configure DNS Clients

Edit /etc/resolv.conf on each host to use the private DNS servers:

search bj1.example.com
nameserver 10.11.0.199
nameserver 10.11.0.209

Testing

Install bind-utils and use nslookup for forward and reverse queries.

$ nslookup host2
$ nslookup host2.bj1.example.com
$ nslookup 10.11.0.102

Maintenance

To add or remove hosts, update the forward and reverse zone files (A and PTR records), adjust the ACL, increment the SOA serial number, and reload BIND:

$ sudo systemctl reload named

Forwarding to External DNS

If external resolution is needed, add forwarders in the options block:

options {
    ...
    forwarders { 8.8.8.8; 8.8.4.4; };
    ...
};

With these steps the private DNS service is fully operational and can be managed as the network evolves.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxDNSBINDServer AdministrationCentOS
Efficient Ops
Written by

Efficient Ops

This public account is maintained by Xiaotianguo and friends, regularly publishing widely-read original technical articles. We focus on operations transformation and accompany you throughout your operations career, growing together happily.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment