Setting Up BIND DNS for Forward and Reverse Name Resolution
Installing the BIND DNS Server
On a Red Hat‑based system, use the package manager to install BIND.
# Install BIND
sudo dnf install bind bind-utils -y
If the server’s network configuration must be static, adjust it with nmcli or by editing the interface file. Below is an example that sets a static IP on a server (192.168.1.100/24) and a client (192.168.1.101/24).
# Server
sudo nmcli con mod ens32 ipv4.method manual ipv4.addresses 192.168.1.100/24 ipv4.gateway 192.168.1.1 ipv4.dns 1.1.1.1
sudo nmcli con down ens32 && sudo nmcli con up ens32
# Client
sudo nmcli con mod ens32 ipv4.method manual ipv4.addresses 192.168.1.101/24 ipv4.gateway 192.168.1.1 ipv4.dns 1.1.1.1
sudo nmcli con down ens32 && sudo nmcli con up ens32
Forward Zone Configuration
BIND’s main configuration file (/etc/named.conf) must be updated to listen on all interfaces and allow queries from any host.
Edit /etc/named.conf and adjust the options block:
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
};
Next, declare the forward zone in the same file or in a included configuration such as /etc/named.rfc1912.zones. The following snippet defines a master zone for example.com.
zone "example.com" IN {
type master;
file "example.com.zone";
allow-update { none; };
};
Create the zone data file by copying the default template and then populating it with resource records.
sudo cp -a /var/named/named.localhost /var/named/example.com.zone
Edit /var/named/example.com.zone:
$TTL 86400
@ IN SOA ns1.example.com. admin.example.com. (
2024030901 ; serial
1D ; refresh
2H ; retry
4W ; expire
2H ) ; minimum
IN NS ns1.example.com.
ns1 IN A 192.168.1.100
www IN A 192.168.1.100
mail IN A 192.168.1.100
files IN A 192.168.1.100
alias IN CNAME www
After saving the file, restart the service.
sudo systemctl restart named
Ensure the firewall allows DNS traffic (TCP/UDP port 53) if it is active.
Testing Forward Lookups
On the client, configure the DNS server to point to 192.168.1.100. This can be done by editing the interface file or simply adding the server to /etc/resolv.conf temporarily. Then perform lookups:
# Verify with nslookup
nslookup www.example.com
# Expected output shows the server and the resolved address 192.168.1.100
nslookup alias.example.com
# Should return canonical name = www.example.com and the IP.
# Query with dig
dig www.example.com
Reverse Zone Configuration
Reverse DNS maps IP addresses back to host names. Create a reverse zone for the 192.168.1.0/24 network. The zone name follows the reverse‑octet notation.
Add the zone declaration in the same configuratino file:
zone "1.168.192.in-addr.arpa" IN {
type master;
file "db.192.168.1";
allow-update { none; };
};
Generate the reverse zone file using the loopback template:
sudo cp -a /var/named/named.loopback /var/named/db.192.168.1
Edit /var/named/db.192.168.1:
$TTL 86400
@ IN SOA ns1.example.com. hostmaster.example.com. (
2024030902 ; serial
1D ; refresh
2H ; retry
4W ; expire
2H ) ; minimum
IN NS ns1.example.com.
100 IN PTR ns1.example.com.
100 IN PTR www.example.com.
100 IN PTR mail.example.com.
Restart BIND a second time:
sudo systemctl restart named
Testing Reverse Lookups
From the client, query the pointer (PTR) record for the server’s IP:
nslookup 192.168.1.100
The output should list the associated host names such as www.example.com, ns1.example.com, and mail.example.com.
You can also use dig -x for a reverse lookup:
dig -x 192.168.1.100
