BestHub
Sign in
Operations 17 min read

How to Set Up a Private BIND DNS Server on CentOS 7 (Step‑by‑Step Guide)

Learn how to install, configure, and maintain a private BIND DNS service on CentOS 7, covering server roles, ACLs, forward and reverse zones, zone files, firewall settings, testing with nslookup, and ongoing DNS record management for a secure internal network.

Efficient Ops
Efficient Ops
Efficient Ops
How to Set Up a Private BIND DNS Server on CentOS 7 (Step‑by‑Step Guide)

Introduction

CentOS 7 can be used to run a private BIND DNS service for an internal network. DNS translates IP addresses to host names, making it easier to remember machines inside a LAN.

Environment

CentOS 7 (Minimal Install)

Sample Setup

Four servers are required:

<code>10.11.0.199 ns1
10.11.0.209 ns2
10.11.0.101 host1
10.11.0.102 host2</code>
ns1 is the primary DNS, ns2 is the secondary DNS, host1 and host2 are the hosts registered in DNS.

Installation and Configuration

Update System

<code>$ sudo yum update</code>

Install BIND

<code>$ sudo yum install bind bind-utils</code>

Configure Primary DNS (ns1)

Edit

/etc/named.conf

and add an ACL named

trusted

that includes the IPs of ns1, ns2, host1 and host2.

<code>acl "trusted" {
    10.11.0.199;  # ns1
    10.11.0.209;  # ns2
    10.11.0.101;  # host1
    10.11.0.102;  # host2
};</code>

Modify the

options

block to listen on the private IP and allow queries from the trusted ACL.

<code>options {
    listen-on port 53 { 127.0.0.1; 10.11.0.199; };
    #listen-on-v6 port 53 { ::1; };
    allow-transfer { 10.11.0.209; };
    allow-query { trusted; };
    recursion yes;
    dnssec-enable yes;
    dnssec-validation yes;
    ...
};</code>

At the end of the file include the local zone configuration:

<code>include "/etc/named/named.conf.local";</code>

Create Local Zone File ( named.conf.local )

Define a forward zone for

bj1.example.com

and a reverse zone for the

10.11.0.0/16

subnet.

<code>zone "bj1.example.com" {
    type master;
    file "/etc/named/zones/db.bj1.example.com";
};
zone "11.10.in-addr.arpa" {
    type master;
    file "/etc/named/zones/db.10.11";
};</code>

Forward Zone File ( db.bj1.example.com )

<code>$TTL    604800
@       IN      SOA     ns1.bj1.example.com. admin.bj1.example.com. (
              3     ; Serial
         604800     ; Refresh
          86400     ; Retry
        2419200     ; Expire
         604800 )   ; Negative Cache TTL

; NS records
        IN      NS      ns1.bj1.example.com.
        IN      NS      ns2.bj1.example.com.

; A records
ns1.bj1.example.com.          IN      A      10.11.0.199
ns2.bj1.example.com.          IN      A      10.11.0.209
host1.bj1.example.com.        IN      A      10.11.0.101
host2.bj1.example.com.        IN      A      10.11.0.102</code>

Reverse Zone File ( db.10.11 )

<code>$TTL    604800
@       IN      SOA     ns1.bj1.example.com. admin.bj1.example.com. (
              3     ; Serial
         604800     ; Refresh
          86400     ; Retry
        2419200     ; Expire
         604800 )   ; Negative Cache TTL

; NS records
        IN      NS      ns1.bj1.example.com.
        IN      NS      ns2.bj1.example.com.

; PTR records
199.0 IN      PTR     ns1.bj1.example.com.
209.0 IN      PTR     ns2.bj1.example.com.
101.0 IN      PTR     host1.bj1.example.com.
102.0 IN      PTR     host2.bj1.example.com.</code>

Validate Configuration

Check the main configuration:

<code>$ sudo named-checkconf</code>

Check the forward zone:

<code>$ sudo named-checkzone bj1.example.com /etc/named/zones/db.bj1.example.com</code>

Check the reverse zone:

<code>$ sudo named-checkzone 11.10.in-addr.arpa /etc/named/zones/db.10.11</code>

Start and Enable BIND

<code>$ sudo systemctl start named
$ sudo systemctl enable named</code>

Open Firewall Ports

<code>$ sudo firewall-cmd --zone=public --permanent --add-port=53/tcp
$ sudo firewall-cmd --zone=public --permanent --add-port=53/udp
$ sudo firewall-cmd --reload</code>

Configure Secondary DNS (ns2)

Repeat the ACL and

options

adjustments on ns2, then create a

named.conf.local

with slave zones pointing to the primary server.

<code>zone "bj1.example.com" {
    type slave;
    file "slaves/db.bj1.example.com";
    masters { 10.11.0.199; };
};
zone "11.10.in-addr.arpa" {
    type slave;
    file "slaves/db.10.11";
    masters { 10.11.0.199; };
};</code>

Validate, start, enable, and open firewall ports on ns2 just like on ns1.

Configure DNS Clients

Edit

/etc/resolv.conf

on each host to use the private DNS servers:

<code>search bj1.example.com
nameserver 10.11.0.199
nameserver 10.11.0.209</code>

Testing

Install

bind-utils

and use

nslookup

for forward and reverse queries.

<code>$ nslookup host2
$ nslookup host2.bj1.example.com
$ nslookup 10.11.0.102</code>

Maintenance

To add or remove hosts, update the forward and reverse zone files (A and PTR records), adjust the ACL, increment the SOA serial number, and reload BIND:

<code>$ sudo systemctl reload named</code>

Forwarding to External DNS

If external resolution is needed, add forwarders in the

options

block:

<code>options {
    ...
    forwarders { 8.8.8.8; 8.8.4.4; };
    ...
};</code>

With these steps the private DNS service is fully operational and can be managed as the network evolves.

networkLinuxDNSBINDServer AdministrationCentOS
Efficient Ops
Written by

Efficient Ops

This public account is maintained by Xiaotianguo and friends, regularly publishing widely-read original technical articles. We focus on operations transformation and accompany you throughout your operations career, growing together happily.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment