DNS Server Setup for Centos 6 / RHEL 6

DNS stands for Domain Name System, or Domain Name Server. DNS resolves an IP address to a hostname or vice versa. This tutorials walks through the installation and setup of a Bind9 DNS server for Centos 6/RHEL 6. This is just for a master DNS server and setup of a slave is not covered.

bind9package installation

We’ll start with the installation of the bind9 package.To install the bind service use yum:
yum install bind dnsutils

Note: dnsutils is not compulsory package to run bind webserver, but we will use a dig command which is part of this package as a testing tool of your bind configuration.

Creating a DNS zone file

At this stage we will need to create a new zone file for a domain. Navigate to /var/named/ directory and create the zone files. /var/named/ directory will contain zone files for our domains
cd /var/named

Now create the a zone file mydomain.com.zone that will hold a DNS records for mydomain.com.
$TTL 300
@ IN SOA ns1.mydomain.com. admin.mydomain.com. (
201503011 ; Serial (YYMMDDN)
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 day
@ IN NS ns1.mydomain.com.
@ IN NS ns2.mydomain.com.

mydomain.com. IN MX 10 mail.mydomain.com.
mydomain.com. IN A
ns1 IN A
ns2 IN A
www IN CNAME mydomain.com.
mail IN A
ftp IN CNAME mydomain.com.


  • SOA Record: name server authoritative for a zone mydomain.com is ns1.mydomain.com and admin.mydomain.com is an email address of a person responsible for this DNS zone.
  • NS Records: two name servers for a mydomain.com zone are ns[1,2].mydomain.com
  • MX (Mail Exchange): mydomain.com mail exchange record. Number 10 means a preference for multiple MX records
  • CNAME Record (Canonical Name record ): restart the query using the canonical name instead of the original name
Creating a Reverse DNS Zone file

At this stage the bind DNS server can resolve an IP address mapped to a mydomain.com host. What we should do now is to resolve a host from an IP address. For this we are going to need another file and that is 0.168.192.in-addr.arpa.zone filewith a following content:
$TTL 86400
0.168.192.in-addr.arpa. IN SOA ns1.mydomain.com. admin.mydomain.com. (
201503011 ; Serial (YYMMDDN)
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 day
0.168.192.in-addr.arpa. IN NS ns1.mydomain.com.
0.168.192.in-addr.arpa. IN NS ns2.mydomain.com. IN PTR mydomain.com.


  • PTR Record: DNS record used for a mapping of an IP address to a host name.
Updating a BIND Configuration File

At this point we should have two files ready:

All we need to do now is to insert both zone file names into a bind’s configuration file /etc/named.conf. To do that add following lines into this file:
zone "mydomain.com" {
type master;
file "//var/named/mydomain.com.zone";

zone "0.168.192.in-addr.arpa" {
type master;
file "/var/named/0.168.192.in-addr.arpa.zone";

Comment/Edit also the following lines:
#listen-on port 53 {; };
allow-query { any; };
recursion no;

  • Listen-on must be commented to listen on all available interfaces.
  • Recursion should be turned off to prevent your server from being abused in “reflection” DDoS attacks.
  • Change the allow-query directive to “any” in order to allow users proper access to hosted zones.

Last thing before we go ahead to check a configuration is to add and IP address of a stable DNS server to a named.conf file. This IP address is used in case that a local DNS server do not know the answer to a name resolution query. You can use or which are Google DNS IP for resolving other names.

Add the new stable DNS server IP address
forwarders {;

Checking bind’s zone files and configuration

Before we attempt to start a bind nameserver with a new zone and configuration here are some tools to check if we have not done some typo or misconfiguration.
To check a configuration files run a following command:

If no output had been produced your config files looks OK.
To check a DNS zone files we can use named-checkzone command:
named-checkzone mydomain.com /etc/bind/zones/mydomain.com.zone

reverse zone file check:
named-checkzone 0.168.192.in-addr.arpa /etc/bind/zones/0.168.192.in-addr.arpa.zone

Start/restart bind nameserver service
At this point nothing can stop us to run bind9 dns server:
/etc/init.d/named start

Testing a bind server configuration
A dig command from dnsutils package will become handy to help us to test a new configuration of bind nameserver.
First we will test host-to-IP resolution:
dig @ www.mydomain.com

Next we test IP-to-host resolution:
dig @ -x

All dig output should have ANSWER sections correctly.

– masterkenneth

Leave a Reply

Your email address will not be published. Required fields are marked *