Mastering BIND on Linux: Complete DNS Setup and Configuration Guide
This guide walks you through installing BIND on Linux, configuring forward and reverse DNS zones, editing named.conf, testing syntax with named‑checkconf and named‑checkzone, and verifying records with dig, providing a full end‑to‑end DNS server deployment tutorial.
DNS Service (Linux)
DNS Introduction
DNS (Domain Name Server) translates domain names to IP addresses and vice‑versa. It operates at the network and transport layers, using UDP and TCP on port 53; queries are first sent via UDP and fall back to TCP when necessary.
Bind Software
Installation
[root@localhost ~]# dnf install bind -y
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.
BaseOS 2.7 MB/s | 2.7 kB 00:00
AppStream 2.9 MB/s | 3.2 kB 00:00
Dependencies resolved.
==============================================================================================================================
Package Architecture Version Repository Size
==============================================================================================================================
Installing:
bind x86_64 32:9.16.23-24.el9_5 appStream 509 k
Installing dependencies:
bind-dnssec-doc noarch 32:9.16.23-24.el9_5 appStream 49 k
bind-libs x86_64 32:9.16.23-24.el9_5 appStream 1.2 M
bind-license noarch 32:9.16.23-24.el9_5 appStream 14 k
fstrm x86_64 0.6.1-3.el9 appStream 30 k
libmaxminddb x86_64 1.5.2-4.el9 appStream 35 k
libuv x86_64 1:1.42.0-2.el9_4 appStream 151 k
protobuf-c x86_64 1.3.3-13.el9 baseOS 37 k
python3-bind noarch 32:9.16.23-24.el9_5 appStream 72 k
python3-ply noarch 3.11-14.el9 baseOS 111 k
Installing weak dependencies:
bind-dnssec-utils x86_64 32:9.16.23-24.el9_5 appStream 122 k
bind-utils x86_64 32:9.16.23-24.el9_5 appStream 213 k
Transaction Summary
==============================================================================================================================
Install 12 Packages
Total size: 2.6 M
Installed size: 7.2 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing: 1/1
Installing: bind-license-32:9.16.23-24.el9_5.noarch 1/12
Installing: protobuf-c-1.3.3-13.el9.x86_64 2/12
Installing: libuv-1:1.42.0-2.el9_4.x86_64 3/12
Installing: libmaxminddb-1.5.2-4.el9.x86_64 4/12
Installing: fstrm-0.6.1-3.el9.x86_64 5/12
Installing: bind-libs-32:9.16.23-24.el9_5.x86_64 6/12
Installing: bind-utils-32:9.16.23-24.el9_5.x86_64 7/12
Installing: bind-dnssec-doc-32:9.16.23-24.el9_5.noarch 8/12
Installing: python3-ply-3.11-14.el9.noarch 9/12
Installing: python3-bind-32:9.16.23-24.el9_5.noarch 10/12
Installing: bind-dnssec-utils-32:9.16.23-24.el9_5.x86_64 11/12
Installing: bind-32:9.16.23-24.el9_5.x86_64 12/12
Running scriptlet: bind-32:9.16.23-24.el9_5.x86_64
Verifying: protobuf-c-1.3.3-13.el9.x86_64 1/12
Verifying: python3-ply-3.11-14.el9.noarch 2/12
Verifying: bind-32:9.16.23-24.el9_5.x86_64 3/12
Verifying: bind-dnssec-doc-32:9.16.23-24.el9_5.noarch 4/12
Verifying: bind-dnssec-utils-32:9.16.23-24.el9_5.x86_64 5/12
Verifying: bind-libs-32:9.16.23-24.el9_5.x86_64 6/12
Verifying: bind-license-32:9.16.23-24.el9_5.noarch 7/12
Verifying: bind-utils-32:9.16.23-24.el9_5.x86_64 8/12
Verifying: fstrm-0.6.1-3.el9.x86_64 9/12
Verifying: libmaxminddb-1.5.2-4.el9.x86_64 10/12
Verifying: libuv-1:1.42.0-2.el9_4.x86_64 11/12
Verifying: python3-bind-32:9.16.23-24.el9_5.noarch 12/12
Installed products updated.
Installed:
bind-32:9.16.23-24.el9_5.x86_64
bind-dnssec-doc-32:9.16.23-24.el9_5.noarch
bind-dnssec-utils-32:9.16.23-24.el9_5.x86_64
bind-libs-32:9.16.23-24.el9_5.x86_64
bind-license-32:9.16.23-24.el9_5.noarch
bind-utils-32:9.16.23-24.el9_5.x86_64
fstrm-0.6.1-3.el9.x86_64
libmaxminddb-1.5.2-4.el9.x86_64
libuv-1:1.42.0-2.el9_4.x86_64
protobuf-c-1.3.3-13.el9.x86_64
python3-bind-32:9.16.23-24.el9_5.noarch
python3-ply-3.11-14.el9.noarch
Complete!View Bind Files
[root@localhost ~]# rpm -ql bind
/etc/named.conf # Main configuration file
/etc/named.rfc1912.zones # Zone data configuration files
...
/var/named # Directory for zone files
/var/named/named.empty # Forward‑lookup template file
/var/named/named.localhost
/var/named/named.loopback # Reverse‑lookup template file
/var/named/slaves # Slave zone directory
/usr/lib/systemd/system/named.service # Service unit fileView Forward‑Lookup Template (named.empty)
$TTL 3H
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1This file defines the SOA, NS, A and AAAA records that map the zone to the local host.
DNS Forward‑Lookup Configuration
Goal: resolve www.example.com to the virtual machine IP 192.168.153.7.
Step 1 – Install bind
Use the command shown in the installation section above.
Step 2 – Edit Main Configuration File
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.72.135; };
directory "/var/named";
};
zone "example.com" IN {
type master;
file "example.zone";
};The options block sets the listening address and the directory for zone files. The zone block declares a master zone for example.com stored in example.zone.
Step 3 – Verify Main Configuration Syntax
[root@localhost ~]# named-checkconf
# No output means the configuration is syntactically correct.Step 4 – Create Zone Data File (example.zone)
$TTL 1D
@ IN SOA ns.example.com. admin.example.com. (
0 ; serial
1H ; refresh
1W ; retry
2M ; expire
1D ) ; minimum
IN NS ns
IN MX 5 mail
ns IN A 192.168.72.135 # NS record points to this server
www IN A 10.10.10.11
mail IN A 92.68.22.14
web IN CNAME wwwThis file defines the SOA, NS, MX, A, and CNAME records for the example.com domain.
Step 5 – Verify Zone File Syntax
[root@localhost ~]# named-checkzone example.com /var/named/example.zone
zone example.com/IN: loaded serial 0
OKStep 6 – Start the DNS Service
# systemctl start namedStep 7 – Test Resolution
# dig -t NS example.com @192.168.72.135
;; ANSWER SECTION:
example.com. 86400 IN NS ns.example.com.
# dig -t A www.example.com @192.168.72.135
;; ANSWER SECTION:
www.example.com. 86400 IN A 10.10.10.11DNS Reverse‑Lookup Configuration
Goal: map IP 192.168.72.135 back to www.example.com.
Step 1 – Edit Main Configuration
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.72.135; };
directory "/var/named";
};
zone "72.168.192.in-addr.arpa" IN {
type master;
file "fanxiang.zone";
};Step 2 – Verify Syntax
[root@localhost ~]# named-checkconf
# No output indicates success.Step 3 – Create Reverse Zone File (fanxiang.zone)
$TTL 1D
@ IN SOA ns.example.com. amdin.example.com. (
7
1D ; refresh
1W ; retry
2M ; expire
1D ) ; minimum
IN NS ns
ns IN A 192.168.72.135
135 IN PTR www.example.com.Step 4 – Verify Reverse Zone Syntax
[root@localhost ~]# named-checkzone 72.168.192.in-addr.arpa /var/named/fanxiang.zone
zone 72.168.192.in-addr.arpa/IN: loaded serial 7
OKStep 5 – Restart Service
# systemctl restart namedStep 6 – Test Reverse Lookup
# dig -x 192.168.72.135 @192.168.72.135
;; ANSWER SECTION:
135.72.168.192.in-addr.arpa. 86400 IN PTR www.example.com.These commands confirm that both forward and reverse DNS records are correctly configured and resolvable.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.