Home Whiteboard Practice Code Graphing Calculator Online Compilers Articles Tools
Tutorials Courses Jobs

Install and Configure Caching-Only DNS Server in RHEL/CentOS 7

Linux Centos 7 Operating System Open Source

DNS (Domain Name System) plays a crucial role in translating domain names into IP addresses, allowing users to access websites using human-readable URLs. To enhance DNS performance and reduce network latency, implementing a caching-only DNS server can significantly improve the speed and efficiency of DNS lookups. In this article, we will guide you through the process of installing and configuring a caching-only DNS server in RHEL/CentOS 7.

Prerequisites

Before proceeding, ensure that you have the following

  • A server running RHEL/CentOS 7.

  • Root or sudo access to the server.

  • Basic knowledge of the Linux command line.

How Caching-Only DNS Works

A caching-only DNS server does not host any DNS zones but instead forwards all queries to upstream DNS servers (forwarders) and caches the responses. When a client requests the same domain again, the server returns the cached result, eliminating the need to query upstream servers repeatedly.

Caching-Only DNS Server Flow Client Caching DNS Upstream DNS Query Forward Response Cached Result DNS Cache Subsequent queries served from cache

Step-by-Step Installation

Update the System

To begin, update your system packages to their latest versions by running the following command 

sudo yum update -y

Install BIND DNS Server

BIND (Berkeley Internet Name Domain) is the most widely used DNS software. Install the BIND package using the following command 

sudo yum install bind bind-utils -y

Configure BIND DNS Server

Next, we need to configure BIND to work as a caching-only DNS server. Open the BIND configuration file in a text editor 

sudo vi /etc/named.conf

Inside the file, replace its contents with the following configuration 

options {
   listen-on port 53 { any; };
   listen-on-v6 port 53 { any; };
   directory "/var/named";
   dump-file "/var/named/data/cache_dump.db";
   statistics-file "/var/named/data/named_stats.txt";
   memstatistics-file "/var/named/data/named_mem_stats.txt";
   recursion yes;
   dnssec-enable no;
   dnssec-validation no;
   allow-query { any; };
   forwarders { 8.8.8.8; 8.8.4.4; };
   forward only;
};

Save and close the file by pressing Esc followed by :wq.

Enable and Start BIND Service

To enable BIND to start automatically at system boot, run the following command 

sudo systemctl enable named

Then, start the BIND service using 

sudo systemctl start named

Check the service status to ensure it's running 

sudo systemctl status named

Testing the DNS Server

To ensure that the caching-only DNS server is functioning correctly, we can perform some tests.

Test DNS Resolution

Run the following command to check if the server is resolving domain names 

nslookup google.com 127.0.0.1

Expected output 

Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   google.com
Address: 172.217.12.14

Verify Caching Behavior

To verify that DNS entries are being cached, perform the same lookup twice and measure the response time 

dig @127.0.0.1 example.com

Run the command again immediately. The second query should show a significantly reduced query time, indicating the response was served from cache.

Security Configuration

Implement security measures to protect your caching-only DNS server from potential attacks.

Configure Firewall

Use firewall rules to allow DNS traffic only from trusted sources 

sudo firewall-cmd --zone=public --add-service=dns --permanent
sudo firewall-cmd --zone=public --add-source=192.168.0.0/24 --permanent
sudo firewall-cmd --reload

Implement Rate Limiting

Add rate limiting to the /etc/named.conf options block to prevent DNS amplification attacks 

rate-limit {
   responses-per-second 5;
   nxdomains-per-second 5;
   errors-per-second 5;
};

Performance Optimization

Parameter Description Recommended Value
max-cache-size Maximum memory for DNS cache 256M (for 4GB RAM)
max-ncache-ttl Maximum negative cache TTL 3600 (1 hour)
cleaning-interval Cache cleaning frequency 60 (minutes)

Monitoring and Logging

Monitor DNS server performance using built-in BIND statistics 

sudo rndc stats
sudo cat /var/named/data/named_stats.txt

View BIND-specific logs 

sudo tail -f /var/log/messages | grep named

Conclusion

By following these steps, you have successfully installed and configured a caching-only DNS server on RHEL/CentOS 7. The caching functionality improves DNS lookup performance by storing frequently accessed domain resolutions, reducing network latency and enhancing overall browsing experience. Proper security configuration and monitoring ensure your DNS server operates efficiently and securely.

Updated on: 2026-03-17T09:01:39+05:30

1K+ Views

Kickstart Your Career

Get certified by completing the course

Get Started
Advertisements