How to configure a caching only name server

A caching-only server increases DNS performance and reduces network loads by obtaining a single copy of frequently accessed information and making it available many times with no additional overhead. It obtains this information from authoritative name servers in the form of resource records and saves it in the local cache for future use. When it receives a request for the same information, it replies from the cached records.

Lab setup

To set up a practice lab, we need two Linux systems. We will configure one system as a caching-only name server and use another to test it. We also need internet connectivity on both systems. The following image shows the layout of this lab.

lab set up

To learn how to set up this lab, please check the first tutorial of this tutorial series.

Installing the caching-only name server

Login from the root account on RHELServer1, open a terminal and run the following command to install the bind and bind-utils packages.

#dnf install bind bind-utils

The bind package provides the named (DNS) service. The bind-utils package provides the tools we need to manage the named service.

install bind bind-utlis packages

The dnf command installs packages only if the system has at least one working repository. If your system is registered with the RHN network, it can access RedHat's online repositories without any additional settings. But if it is not registered with the RHN network, you manually need to configure at least one working repository. To learn how to configure a local repository, you can check the following tutorial.

How to configure a local yum respository

Currently, the system is configured to use the ISP's default DNS server ( or Google's DNS server). Change it to use the locally configured caching-only DNS server. We will configure the caching-only name server on this system. So, we will use this system's IP address.

change ip configuration

Restart the interface and verify the system uses the local DNS server. To restart the interface, use the following commands.

#nmcli con down [interface name]
#nmcli con up [interface name]

To view the DNS server's IP address, use the following command.

#cat /etc/resolv.conf

restart interface

To learn more about the nmcli command and the /etc/resolv.conf file, you can check the following tutorials.

Configuring the caching-only name server

The /etc/named.conf is the DNS's main configuration file. By default, this file is configured for the caching-only name server. You can run the caching-only name server with the default configuration. But there is a problem. With the default configuration, the caching-only named server accepts queries only from the local system.

To allow queries from other systems, we need to update two options. These options are the listen-on-port and allow-query.

The first option allows the caching-only name server to accept queries on the specified IP addresses. We need to add the server's IP address to this option.

The second option configures allowed networks. We need to add the DNS client computers' network address to this option.

Open the /etc/named.conf file.

etc named conf file

The following image highlights both options.

configure caching only name server

Add the server's IP address to the first option and the DNS client computers' network address to the second option and save the file.

caching-only name server configuration

Restart the named service.

#systemctl restart named

restart named service

Client computers can send DNS queries on TCP and UDP protocols. On both protocols, port 53 belongs to DNS. All queries sent at this port reach DNS. Use the following commands to confirm the server is listening on port 53.

#netstat -antp
#netstat -antu

The first command lists all opened TCP ports. The second command lists all ports.

Port 53 must be opened in the output of both commands.

verifing dns port

Verifying the caching-only named server

To verify the caching-only name server, we can use any tool that sends DNS queries. For example, we can use the host command. This command sends DNS queries to the configured DNS server and prints the answer.

Let us use this command to resolve the name

#host -a

testing caching-only name server

As we can see in the above output, the query has been resolved by the caching-only name server configured on the local system. Since it was the first query the caching-only name server received for the name, it resolved this name from the authoritative name servers. It took two milliseconds to resolve this name. If we send the same query again, it resolves the name from the cache. To verify it, let us use the host command again to resolve the same name and check the time it takes to resolve the name.

verifying caching-only name server

As we can see in the above output, this time, it took 0 milliseconds. It verifies the query has been resolved from the cache.

Viewing the cache data

DNS provides a command line tool called rndc for cache management. We can use this tool to view the cache data. DNS stores the cache data in an encrypted format. To view the cache data, first, we need to convert it into a regular text format. The following command converts the cache data into regular text format and saves it into the file named cache.dumb.db in the /var/named/data directory.

#rndc dumpdb -cache

To find a particular record in the cache data, you can use the grep command. For example, the following command finds all records related to the name

#grep cache.dump.db

rndc flush cache

Flushing/removing/deleting the cache data

The following command flushes or deletes the caching-only name server's cache.

#rndc flush

rndc dump

Allowing DNS traffic through the Linux firewall

By default, the Linux firewall does not allow DNS traffic. It means other computers (DNS clients) can not send DNS queries to this caching-only name server. The firewall classifies traffic into zones. The pubic zone is the default zone. If you do not activate or change the default zone, the firewall automatically activates this zone on startup.

The following commands add a allow rule for DNS traffic in the default zone.

#firewall-cmd --get-default-zone
#firewall-cmd --zone=public --add-service=dns

The first command prints the name of the default zone.

The second command adds a rule that allows the DNS traffic in the public zone.

add firewall rule for DNS service

Configuring DNS clients

By default, DNS client service is available on all Linux systems. To use this service, we need to configure the DNS server IP address. Linux saves the DNS server IP address in the /etc/resolv.conf file.

When we assign an IP configuration to an interface, Linux automatically updates this file from that configuration.

In our lab, we will configure RHELClient as a DNS client computer. Change DNS server IP address on it. Configure RHELServer1's IP address as the DNS server IP address.

configure dns client for testing

Restart the interface and use the host command to resolve the name

verifying dns client configuration

As we can see in the above output, the query has been resolved by the caching-only name server configured on RHELServer1. It verifies the caching-only name server's configuration and setup.

ComputerNetworkingNotes Linux Tutorials How to configure a caching only name server