How to configure a caching only name server
A caching-only server increases DNS performance and reduces network loads by obtaining a single copy of frequently accessed information and making it available many times with no additional overhead. It obtains this information from authoritative name servers in the form of resource records and saves it in the local cache for future use. When it receives a request for the same information, it replies from the cached records.
Lab setup
To set up a practice lab, we need two Linux systems. We will configure one system as a caching-only name server and use another to test it. We also need internet connectivity on both systems. The following image shows the layout of this lab.

This tutorial is part of the following tutorial series on DNS server concepts and configurations.
Chapter 01 How to configure DNS Server in Linux
Chapter 02 DNS Basic Concepts, Fundamentals, and Terminology
Chapter 03 DNS Server and Query Types Explained
Chapter 04 The /etc/hosts, /etc/resolv.conf, and /etc/nsswitch.conf files
Chapter 05 The dig command on Linux
Chapter 06 The nslookup command on Linux
Chapter 07 Change or specify the DNS server to the nslookup command
Chapter 08 DNS zone File Format
Chapter 09 The TTL and ORIGIN directives in the zone file
Chapter 10 Types of resources records in zone files
Chapter 11 The SOA Record Explained in the DNS zone file
Chapter 12 The NS Record, Glue record, and Lame Delegation
Chapter 13 The MX record in a zone file explained
Chapter 14 The a, aaaa, and cname DNS record types
Chapter 15 The pointer (PTR) record and Reverse mapping Explained
Chapter 16 How to configure a caching-only name server
Chapter 17 How to configure DNS Forwarding and a forwarder name server
Chapter 18 How to configure a primary or master authoritative name server
Chapter 19 How to configure a secondary or slave authoritative name server
Chapter 20 How to configure reverse mapping on DNS name servers
Installing the caching-only name server
Login from the root account on RHELServer1, open a terminal and run the following command to install the bind and bind-utils packages.
#dnf install bind bind-utils
The bind package provides the named (DNS) service. The bind-utils package provides the tools we need to manage the named service.

The dnf command installs a package only if the system has at least one working repository. If the system is registered with the RHN network, it can access RedHat's online repository without additional settings. If not, you must manually configure at least one working repository. You can check the following tutorial to learn how to set up a local Yum repository using the RHEL installation disk.
How to configure a local yum repository
In the previous tutorial, we configured this system to use the ISP's default DNS server ( or Google's DNS server). We need to change it to use the locally configured caching-only DNS server. We will configure the caching-only name server on this system. So, we will use this system's IP address.

Restart the interface and verify the system uses the local DNS server. To restart the interface, use the following commands.
#nmcli con down [interface name] #nmcli con up [interface name]
To view the DNS server's IP address, use the following command.
#cat /etc/resolv.conf

To learn more about the nmcli command and the /etc/resolv.conf file, you can check the following tutorials.
The nmcli command on Linux Examples and Usages
The /etc/hosts, /etc/resolv.conf, and /etc/nsswitch.conf Files
Configuring the caching-only name server
The /etc/named.conf is the DNS's main configuration file. The default configuration of this file allows us to run the caching-only name server. However, with the default configuration, the caching-only named server accepts queries only from the local system. To allow queries from other systems, we need to update two options. These options are the listen-on-port and allow-query.
The first option allows the caching-only name server to accept queries on the specified IP addresses. We add the server's IP address to this option.
The second option configures allowed networks. We add the DNS client computers' network address to this option.
Open the /etc/named.conf file.

The following image highlights both options.

Add the server's IP address to the first option and the DNS client computers' network address to the second option and save the file.

Restart the named service.
#systemctl restart named

Client computers send DNS queries using TCP and UDP protocols. On both protocols, port 53 belongs to DNS. All queries sent at this port reach DNS. Use the following commands to confirm the server is listening on port 53.
#netstat -antp #netstat -antu
The first command lists all opened TCP ports. The second command lists all ports. A LISTEN state on both ports confirms they are open for DNS queries.

Verifying the caching-only named server
We can use any tool that sends DNS queries to verify the caching-only name server. For example, we can use the host command. This command sends DNS queries to the configured DNS server and prints the answer.
Let us use this command to resolve the name google.com.
#host -a google.com

The above output verifies the caching-only name server configured on the local system resolved this query. Since it was the first query the caching-only name server received for the name google.com, it resolved this name from the authoritative name servers. It took two milliseconds to resolve this name. If we send the same query again, it translates the name from the cache. To verify it, let us use the host command again to resolve the same name and check the time it takes to resolve.

As we can see in the above output, this time, it took 0 milliseconds. It verifies the caching-only name server used the cache to resolve the query.
Viewing the cache data
DNS provides a command line tool called rndc for cache management. We can use this tool to view the cache data. DNS stores the cache data in an encrypted format. We can view it only after converting it into regular text. The following command converts the cache data into regular text format and saves it into the file named cache.dumb.db in the /var/named/data directory.
#rndc dumpdb -cache
The grep command allows us to find a particular record in the cache data. For example, the following command finds all results related to the google.com.
#grep google.com cache.dump.db

Flushing/removing/deleting the cache data
The following command flushes or deletes the caching-only name server's cache.
#rndc flush

Allowing DNS traffic through the Linux firewall
By default, the Linux firewall does not allow DNS traffic. That means other computers (DNS clients) can not send DNS queries to this caching-only name server. The firewall classifies traffic into zones. The pubic zone is the default zone. If you do not activate or change the default zone, the firewall automatically activates this zone on startup.
The following commands add an allow rule for DNS traffic in the default zone.
#firewall-cmd --get-default-zone #firewall-cmd --zone=public --add-service=dns
The first command prints the name of the default zone.
The second command adds a rule that allows the system to accept the DNS traffic in the public zone.

Configuring DNS clients
By default, DNS client service is available on all Linux systems. To use it, we need to configure the DNS server IP address. Linux saves the DNS server IP address in the /etc/resolv.conf file. When we assign an IP configuration to an interface, Linux automatically updates this file from that configuration.
In our lab, we will configure RHELClient as a DNS client computer. Change the DNS server's IP address on it. Use RHELServer1's IP address as the DNS server IP address.

Restart the interface and use the host command to resolve the name google.com.

The above output shows the caching-only name server configured on RHELServer1 resolved this query. It verifies the caching-only name server's configuration and setup.
Conclusion
A caching-only name server speeds up the name resolution process. A DNS client sends DNS queries to it. It resolves them from authoritative name servers and caches the result. If it receives the same queries from DNS clients, it resolves them using caches.
Author Laxmi Goswami Updated on 2025-10-01