Master DNS: Complete Guide to Setup, Zones, Caching, and Advanced Features

Introduction

The Domain Name System (DNS) translates human‑readable domain names into IP addresses. This guide explains DNS concepts, configuration files, and advanced features for building reliable name services.

Basic DNS Concepts

DNS uses hierarchical zones. Each zone has a Start of Authority (SOA) record, NS records, and resource records such as A, CNAME, MX, and PTR. The root zone "." delegates to top‑level domains (TLDs) like .com, which further delegate to authoritative name servers.

Configuration Files

The main server configuration is /etc/named.conf. Zones are defined with the zone statement, specifying type master or type slave and the zone file location.

zone "example.com" IN {
    type master;
    file "db.example.com";
};

Zone files contain resource records. Example:

$TTL 6h
@   IN SOA ns1.example.com. admin.example.com. (
        2023010101 ; serial
        3h         ; refresh
        1h         ; retry
        1w         ; expire
        1h )
    IN NS ns1.example.com.
ns1 IN A 192.0.2.1
www IN A 192.0.2.10

Master‑Slave Replication

A master server holds the authoritative zone file. Slave servers obtain copies via AXFR/IXFR. Define slaves with type slave and a masters list.

zone "example.com" IN {
    type slave;
    masters { 192.0.2.1; };
    file "slaves/db.example.com";
};

Notify messages inform slaves of changes; allow‑transfer restricts who may request zone transfers.

Caching and Recursive Queries

Recursive resolvers cache answers to reduce load. Control recursion with recursion yes/no and allow‑recursion. The forwarders option can point a resolver to upstream DNS servers.

Access Control Lists (ACLs)

ACLs limit which clients may query or perform zone transfers.

acl "trusted" { 192.0.2.0/24; 127.0.0.1; };
options { allow-query { trusted; }; };

Views for Intelligent DNS

Views serve different responses based on client source IP. Combine match-clients with separate zone files.

view "internal" {
    match-clients { 10.0.0.0/8; };
    zone "example.com" { type master; file "internal.db"; };
};
view "external" {
    match-clients { any; };
    zone "example.com" { type master; file "external.db"; };
};

CDN Integration

Use CNAME records to point a domain to a CDN provider. The CDN’s authoritative DNS can then return region‑specific A records via views, directing users to the nearest edge server.

Management with rndc

The rndc utility controls a running BIND server. Generate a shared key with rndc-confgen, add a controls block to named.conf, and use commands such as rndc reload, rndc flush, and rndc status.

# Generate key
rndc-confgen -a -c /etc/rndc.key
# Example controls block
controls {
    inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};

Logging

Define logging channels (syslog, file, null) and categories (queries, security, xfer‑in, xfer‑out). Example:

logging {
    channel default_file { file "/var/log/named.log"; severity info; };
    category queries { default_file; };
    category default { null; };
};

Conclusion

By mastering zone files, master‑slave replication, ACLs, views, and rndc management, you can build a secure, high‑performance DNS infrastructure that supports caching, CDN integration, and fine‑grained access control.