Master DNS on Linux: Install BIND and Configure Forward & Reverse Zones

DNS Overview

DNS (Domain Name System) translates domain names to IP addresses and vice‑versa, operating over TCP/UDP on port 53. A Linux DNS server typically uses BIND (Berkeley Internet Name Domain) to provide these services.

Installing BIND

[root@localhost ~]# dnf install bind -y
Updating Subscription Management repositories.
BaseOS 2.7 MB/s | 2.7 kB 00:00
AppStream 2.9 MB/s | 3.2 kB 00:00
Dependencies resolved.
Installing:
  bind.x86_64 32:9.16.23-24.el9_5 509 k
  bind-dnssec-doc.noarch 32:9.16.23-24.el9_5 49 k
  bind-libs.x86_64 32:9.16.23-24.el9_5 1.2 M
  ...
Complete!

Basic BIND Configuration

The main configuration file /etc/named.conf defines global options, listening interfaces, directory for zone files, and includes other configuration snippets. Key directives include listen-on port 53 { IP; }; to bind the server to a specific address and directory "/var/named"; to set the zone file location.

Forward Zone Setup

Add a zone definition for example.com in named.conf:

options {
    listen-on port 53 { 192.168.72.135; };
    directory "/var/named";
};
zone "example.com" IN {
    type master;
    file "example.zone";
};

Create /var/named/example.zone with records such as SOA, NS, A, MX, and CNAME:

$TTL 1D
@ IN SOA ns.example.com. admin.example.com. (
        0 ; serial
        1H ; refresh
        1W ; retry
        2M ; expire
        1D ) ; minimum
@ IN NS ns
ns IN A 192.168.72.135
www IN A 10.10.10.11
mail IN A 92.68.22.14
web IN CNAME www

Reverse Zone Setup

Define a reverse lookup zone for the network 192.168.72.0/24:

zone "72.168.192.in-addr.arpa" IN {
    type master;
    file "fanxiang.zone";
};

Create /var/named/fanxiang.zone:

$TTL 1D
@ IN SOA ns.example.com. admin.example.com. (
        7 ; serial
        1D ; refresh
        1W ; retry
        2M ; expire
        1D ) ; minimum
@ IN NS ns
ns IN A 192.168.72.135
135 IN PTR www.example.com.

Testing the Configuration

Check syntax of the main file:

# named-checkconf

Validate zone files:

# named-checkzone example.com /var/named/example.zone
# named-checkzone 72.168.192.in-addr.arpa /var/named/fanxiang.zone

Start the DNS service:

# systemctl start named
# systemctl restart named

Use dig to query records:

# dig -t NS example.com @192.168.72.135
# dig -t A www.example.com @192.168.72.135
# dig -x 192.168.72.135 @192.168.72.135

Successful responses confirm that forward and reverse lookups are working as intended.

Service Management

The BIND daemon runs as a systemd service named named.service. Use systemctl status named, systemctl stop named, and systemctl enable named to manage its lifecycle.