Setup DNS Caching Server in Rocky Linux 8

Introduction

DNS caching improves the performance of domain name resolution by storing previously queried results locally.
A caching DNS server reduces the load on upstream DNS servers and speeds up repeated queries.
In this guide, we will configure a caching DNS server on Rocky Linux 8 and cover troubleshooting and security best practices.

Benefits of DNS Caching Server

  • Faster DNS resolution for frequently accessed domains.
  • Reduces network traffic to external DNS servers.
  • Improves reliability during upstream DNS downtime.
  • Helps in DNS load balancing for enterprise networks.

Step 1: Install Bind (DNS Server)

sudo dnf install bind bind-utils -y

Step 2: Configure Caching in BIND

Edit the main configuration file:

sudo vi /etc/named.conf

Make sure you have the following options for caching:


options {
    listen-on port 53 { any; };
    listen-on-v6 { any; };
    directory       "/var/named";
    dump-file       "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { any; };
    recursion yes;   // Enable caching
    forwarders { 8.8.8.8; 8.8.4.4; };  // Upstream DNS servers
};

Step 3: Start and Enable DNS Service


sudo systemctl enable --now named
sudo systemctl status named

Step 4: Adjust Firewall


sudo firewall-cmd --permanent --add-service=dns
sudo firewall-cmd --reload

Step 5: Verify Caching

Use dig to test DNS caching:

dig @localhost example.com

Check the SERVER: field and response time to verify caching works.

DNS Troubleshooting

  • Check service status: systemctl status named
  • Test DNS resolution: dig @localhost domain.com
  • Check logs for errors: journalctl -u named or /var/log/messages
  • Verify port 53 is open: ss -tulpn | grep 53

DNS Security Best Practices

  • Allow queries only from trusted networks using allow-query.
  • Disable recursion for public servers if not needed.
  • Use forwarders carefully to trusted upstream servers.
  • Regularly update BIND to patch security vulnerabilities.
  • Enable logging and monitor for suspicious activity.

Server Information


Package Name: bind
Configuration File: /etc/named.conf
Service Name: named
Port: 53 (UDP/TCP)
Server IP: Example - 192.168.1.100

Conclusion

By setting up a caching DNS server, administrators can reduce latency, improve reliability, and enforce DNS security policies.
Regular monitoring and proper configuration ensure efficient and safe DNS operations in enterprise environments.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Trends

Prometheus and Grafana Interview Questions and Answers
Force Linux User to Change Password at First Login and Periodically on Rocky Linux/RHEL-8
Create Bulk Zimbra Users Using Shell Script
Setup NFS Server and Client in Rocky Linux 8