A caching-only server increases DNS performance and reduces network loads by obtaining a single copy of frequently accessed information and making it available many times with no additional overhead. It obtains this information from authoritative name servers in the form of resource records and saves it in the local cache for future use. When it receives a request for the same information, it replies from the cached records.
Lab setup
To set up a practice lab, we need two Linux systems. We will configure one system as a caching-only name server and use another to test it. We also need internet connectivity on both systems. The following image shows the layout of this lab.
To learn how to set up this lab, please check the first tutorial of this tutorial series.
This tutorial is the second tutorial of the tutorial series "How to configure DNS name servers in Linux.". Other tutorial of this tutorial series are the following.
How to configure DNS Server in Linux
How to configure DNS Forwarding and a forwarder name server
How to configure a primary or master authoritative name server
How to configure a secondary or slave authoritative name server
Installing the caching-only name server
Login from the root account on RHELServer1, open a terminal and run the following command to install the bind and bind-utils packages.
#dnf install bind bind-utils
The bind package provides the named (DNS) service. The bind-utils package provides the tools we need to manage the named service.
The dnf command installs packages only if the system has at least one working repository. If your system is registered with the RHN network, it can access RedHat's online repositories without any additional settings. But if it is not registered with the RHN network, you manually need to configure at least one working repository. To learn how to configure a local repository, you can check the following tutorial.
How to configure a local yum respository
Currently, the system is configured to use the ISP's default DNS server ( or Google's DNS server). Change it to use the locally configured caching-only DNS server. We will configure the caching-only name server on this system. So, we will use this system's IP address.
Restart the interface and verify the system uses the local DNS server. To restart the interface, use the following commands.
#nmcli con down [interface name] #nmcli con up [interface name]
To view the DNS server's IP address, use the following command.
#cat /etc/resolv.conf
To learn more about the nmcli command and the /etc/resolv.conf file, you can check the following tutorials.
The nmcli command on Linux Examples and Usages
The /etc/hosts, /etc/resolv.conf, and /etc/nsswitch.conf Files
Configuring the caching-only name server
The /etc/named.conf is the DNS's main configuration file. By default, this file is configured for the caching-only name server. You can run the caching-only name server with the default configuration. But there is a problem. With the default configuration, the caching-only named server accepts queries only from the local system.
To allow queries from other systems, we need to update two options. These options are the listen-on-port and allow-query.
The first option allows the caching-only name server to accept queries on the specified IP addresses. We need to add the server's IP address to this option.
The second option configures allowed networks. We need to add the DNS client computers' network address to this option.
Open the /etc/named.conf file.
The following image highlights both options.
Add the server's IP address to the first option and the DNS client computers' network address to the second option and save the file.
Restart the named service.
#systemctl restart named
Client computers can send DNS queries on TCP and UDP protocols. On both protocols, port 53 belongs to DNS. All queries sent at this port reach DNS. Use the following commands to confirm the server is listening on port 53.
#netstat -antp #netstat -antu
The first command lists all opened TCP ports. The second command lists all ports.
Port 53 must be opened in the output of both commands.
Verifying the caching-only named server
To verify the caching-only name server, we can use any tool that sends DNS queries. For example, we can use the host command. This command sends DNS queries to the configured DNS server and prints the answer.
Let us use this command to resolve the name google.com.
#host -a google.com
As we can see in the above output, the query has been resolved by the caching-only name server configured on the local system. Since it was the first query the caching-only name server received for the name google.com, it resolved this name from the authoritative name servers. It took two milliseconds to resolve this name. If we send the same query again, it resolves the name from the cache. To verify it, let us use the host command again to resolve the same name and check the time it takes to resolve the name.
As we can see in the above output, this time, it took 0 milliseconds. It verifies the query has been resolved from the cache.
Viewing the cache data
DNS provides a command line tool called rndc for cache management. We can use this tool to view the cache data. DNS stores the cache data in an encrypted format. To view the cache data, first, we need to convert it into a regular text format. The following command converts the cache data into regular text format and saves it into the file named cache.dumb.db in the /var/named/data directory.
#rndc dumpdb -cache
To find a particular record in the cache data, you can use the grep command. For example, the following command finds all records related to the name google.com.
#grep google.com cache.dump.db
Flushing/removing/deleting the cache data
The following command flushes or deletes the caching-only name server's cache.
#rndc flush
Allowing DNS traffic through the Linux firewall
By default, the Linux firewall does not allow DNS traffic. It means other computers (DNS clients) can not send DNS queries to this caching-only name server. The firewall classifies traffic into zones. The pubic zone is the default zone. If you do not activate or change the default zone, the firewall automatically activates this zone on startup.
The following commands add a allow rule for DNS traffic in the default zone.
#firewall-cmd --get-default-zone #firewall-cmd --zone=public --add-service=dns
The first command prints the name of the default zone.
The second command adds a rule that allows the DNS traffic in the public zone.
Configuring DNS clients
By default, DNS client service is available on all Linux systems. To use this service, we need to configure the DNS server IP address. Linux saves the DNS server IP address in the /etc/resolv.conf file.
When we assign an IP configuration to an interface, Linux automatically updates this file from that configuration.
In our lab, we will configure RHELClient as a DNS client computer. Change DNS server IP address on it. Configure RHELServer1's IP address as the DNS server IP address.
Restart the interface and use the host command to resolve the name google.com.
As we can see in the above output, the query has been resolved by the caching-only name server configured on RHELServer1. It verifies the caching-only name server's configuration and setup.