Ever wondered how your computer finds its way to a website like google.com without you having to type in a long string of confusing numbers? That is the magic of the Domain Name System, or DNS! Today, we are going to dive into the brain of the internet and learn how to configure our very own DNS server on Linux RHEL 10. Let’s get started!
To understand DNS, think of it as a massive, global digital phonebook. Computers do not actually understand names like “google.com”; they communicate using IP addresses, which look like 142.250.182.110. As humans, we find it much easier to remember words than long sequences of digits. Therefore, we need a mechanism that can translate a human-friendly name into a machine-readable IP address. This is called a Forward Lookup. On the other hand, if we have an IP address and want to find the associated name, that is called a Reverse Lookup.
Before we start the technical setup, you should know that DNS is arranged in an inverted tree hierarchy. At the very top is the Root (represented by a hidden dot). Below that are Top-Level Domains (TLDs) like .com, .org, or .net. Your specific website name sits under these TLDs. To manage this on Linux, we use a software package called BIND (Berkeley Internet Name Domain), which is the most widely used DNS software on the internet.
Now, let’s roll up our sleeves and look at the technical configuration on a Red Hat Enterprise Linux (RHEL) 10 machine.
Step 1: Preparing the Environment
First, we need to ensure our machine has a static identity. You cannot have a server that changes its address every time it reboots! We will set our static hostname using the command:
hostnamectl set-hostname dns-primary.nehraclasses.local
After setting this, we can verify our current IP address using the ip a command. Let’s assume our server IP is 192.168.229.137.
Step 2: Installing BIND Packages
We need two main tools: bind (the server itself) and bind-utils (which gives us cool testing tools like nslookup and dig). Run this command:
dnf install bind bind-utils -y
Once installed, we must enable the service so it starts automatically:
systemctl enable –now named
Step 3: Configuring the Main Configuration File
The heart of BIND is located at /etc/named.conf. Before editing, always take a backup! Use cp /etc/named.conf /etc/named.bak.
Inside this file, we need to make three critical changes:
- Listen on any: By default, BIND only listens to your own computer (localhost). We need to change the listen-on port 53 and listen-on-v6 port 53 lines to allow queries from any network interface.
- Allow queries: Update the allow-query line to include your specific network range, such as 192.168.229.0/24;. This tells the server who is allowed to ask it for directions.
- Define Zones: At the bottom of the file, we define our “Zones.” A zone is basically the part of the phonebook we are responsible for. We will create a Forward Zone for nehraclasses.local and a Reverse Zone for our IP range.
Step 4: Creating Zone Files
Now we create the actual “address books.” We go to /var/named/ and create two files:
- Forward Zone File (nehraclasses.local.db): This maps names to IPs. It includes the SOA (Start of Authority) record, which contains administrative details like serial numbers and refresh timers. We add “A” records (for IPv4) and “MX” records (for mail servers).
- Reverse Zone File (nehraclasses.local.rev): This does the opposite. It maps IPs to names using “PTR” (Pointer) records.
Step 5: Security and Permissions
Linux is very strict about safety. We must ensure the named user owns these files so the service can read them:
chown named:named /var/named/nehraclasses.local.*
Furthermore, we must tell the Linux Firewall to allow DNS traffic on Port 53 (UDP for queries and TCP for zone transfers):
firewall-cmd --add-service=dns --permanent
firewall-cmd --reload
Step 6: Testing the Setup
Before we celebrate, we must check for typos. Use named-checkconf to check the main file and named-checkzone for our database files. If they return “OK,” restart the service:
systemctl restart named
Finally, use the nslookup command. If you type nslookup mail.nehraclasses.local and it gives you back the correct IP, you have successfully built your own DNS server!
DNS might seem like a lot of files and numbers at first, but it is really just an organized way to help computers talk to each other using names we understand. By finishing this guide, you have learned the fundamentals of network identity management! This is a huge step in becoming a Linux expert. Now that your server is running, I highly recommend exploring DNSSEC (DNS Security Extensions). It adds a layer of digital signatures to your records, making sure that no one can “fake” your addresses. Keep experimenting with different record types like CNAMEs for aliases to see how flexible your new server can be!