How to configure a caching only name server

A caching-only server increases DNS performance and reduces network loads by obtaining a single copy of frequently accessed information and making it available many times with no additional overhead. It obtains this information from authoritative name servers in the form of resource records and saves it in the local cache for future use. When it receives a request for the same information, it replies from the cached records.

Lab setup

To set up a practice lab, we need two Linux systems. We will configure one system as a caching-only name server and use another to test it. We also need internet connectivity on both systems. The following image shows the layout of this lab.

Lab set up

Installing the caching-only name server

Login from the root account on RHELServer1, open a terminal and run the following command to install the bind and bind-utils packages.

#dnf install bind bind-utils

The bind package provides the named (DNS) service. The bind-utils package provides the tools we need to manage the named service.

Installing bind bind-utlis packages

The dnf command installs a package only if the system has at least one working repository. If the system is registered with the RHN network, it can access RedHat's online repository without additional settings. If not, you must manually configure at least one working repository. You can check the following tutorial to learn how to set up a local Yum repository using the RHEL installation disk.

How to configure a local yum repository

In the previous tutorial, we configured this system to use the ISP's default DNS server ( or Google's DNS server). We need to change it to use the locally configured caching-only DNS server. We will configure the caching-only name server on this system. So, we will use this system's IP address.

Changing the IP configuration

Restart the interface and verify the system uses the local DNS server. To restart the interface, use the following commands.

#nmcli con down [interface name]
#nmcli con up [interface name]

To view the DNS server's IP address, use the following command.

#cat /etc/resolv.conf

Restarting the interface

To learn more about the nmcli command and the /etc/resolv.conf file, you can check the following tutorials.

Configuring the caching-only name server

The /etc/named.conf is the DNS's main configuration file. The default configuration of this file allows us to run the caching-only name server. However, with the default configuration, the caching-only named server accepts queries only from the local system. To allow queries from other systems, we need to update two options. These options are the listen-on-port and allow-query.

The first option allows the caching-only name server to accept queries on the specified IP addresses. We add the server's IP address to this option.

The second option configures allowed networks. We add the DNS client computers' network address to this option.

Open the /etc/named.conf file.

vi /etc/named.conf file

The following image highlights both options.

Configuring caching-only name server

Add the server's IP address to the first option and the DNS client computers' network address to the second option and save the file.

caching-only name server configuration

Restart the named service.

#systemctl restart named

Restarting the named service

Client computers send DNS queries using TCP and UDP protocols. On both protocols, port 53 belongs to DNS. All queries sent at this port reach DNS. Use the following commands to confirm the server is listening on port 53.

#netstat -antp
#netstat -antu

The first command lists all opened TCP ports. The second command lists all ports. A LISTEN state on both ports confirms they are open for DNS queries.

verifying DNS ports

Verifying the caching-only named server

We can use any tool that sends DNS queries to verify the caching-only name server. For example, we can use the host command. This command sends DNS queries to the configured DNS server and prints the answer.

Let us use this command to resolve the name google.com.

#host -a google.com

testing caching-only name server

The above output verifies the caching-only name server configured on the local system resolved this query. Since it was the first query the caching-only name server received for the name google.com, it resolved this name from the authoritative name servers. It took two milliseconds to resolve this name. If we send the same query again, it translates the name from the cache. To verify it, let us use the host command again to resolve the same name and check the time it takes to resolve.

verifying caching-only name server

As we can see in the above output, this time, it took 0 milliseconds. It verifies the caching-only name server used the cache to resolve the query.

Viewing the cache data

DNS provides a command line tool called rndc for cache management. We can use this tool to view the cache data. DNS stores the cache data in an encrypted format. We can view it only after converting it into regular text. The following command converts the cache data into regular text format and saves it into the file named cache.dumb.db in the /var/named/data directory.

#rndc dumpdb -cache

The grep command allows us to find a particular record in the cache data. For example, the following command finds all results related to the google.com.

#grep google.com cache.dump.db

rndc flush cache

Flushing/removing/deleting the cache data

The following command flushes or deletes the caching-only name server's cache.

#rndc flush

rndc dump

Allowing DNS traffic through the Linux firewall

By default, the Linux firewall does not allow DNS traffic. That means other computers (DNS clients) can not send DNS queries to this caching-only name server. The firewall classifies traffic into zones. The pubic zone is the default zone. If you do not activate or change the default zone, the firewall automatically activates this zone on startup.

The following commands add an allow rule for DNS traffic in the default zone.

#firewall-cmd --get-default-zone
#firewall-cmd --zone=public --add-service=dns

The first command prints the name of the default zone.

The second command adds a rule that allows the system to accept the DNS traffic in the public zone.

adding firewall rules for DNS service

Configuring DNS clients

By default, DNS client service is available on all Linux systems. To use it, we need to configure the DNS server IP address. Linux saves the DNS server IP address in the /etc/resolv.conf file. When we assign an IP configuration to an interface, Linux automatically updates this file from that configuration.

In our lab, we will configure RHELClient as a DNS client computer. Change the DNS server's IP address on it. Use RHELServer1's IP address as the DNS server IP address.

Configure the DNS client for testing

Restart the interface and use the host command to resolve the name google.com.

Verifying DNS client configuration

The above output shows the caching-only name server configured on RHELServer1 resolved this query. It verifies the caching-only name server's configuration and setup.

Conclusion

A caching-only name server speeds up the name resolution process. A DNS client sends DNS queries to it. It resolves them from authoritative name servers and caches the result. If it receives the same queries from DNS clients, it resolves them using caches.

ComputerNetworkingNotes Linux Tutorials How to configure a caching only name server

We do not accept any kind of Guest Post. Except Guest post submission, for any other query (such as adverting opportunity, product advertisement, feedback, suggestion, error reporting and technical issue) or simply just say to hello mail us ComputerNetworkingNotes@gmail.com