How to Install and Configure Caching-Only DNS Server on Linux

This article will show you how to configure a DNS caching server (also called a forwarding server) in a local environment using BIND. DNS (Domain Name System) servers are critical infrastructure components for proper website and server operation. While many users rely on DNS servers provided by hosting companies or domain controllers, setting up a local caching DNS server can improve performance and reduce external dependencies.

What is a Caching DNS Server

A caching DNS server stores DNS query results locally to speed up future requests. These servers are called resolvers because they handle recursive queries and perform the heavy lifting of tracking DNS data from authoritative servers. When a client requests a domain name, the caching server first checks its cache before querying external DNS servers.

Installing BIND Packages

To install the required BIND packages, use the following command. The bind-chroot package provides additional security by running BIND in a chrooted environment:

# yum install bind bind-chroot

Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.8.2-0.37.rc1.el6_7.7 will be installed
--> Processing Dependency: bind-libs = 32:9.8.2-0.37.rc1.el6_7.7 for package: 32:bind-9.8.2-0.37.rc1.el6_7.7.x86_64
---> Package bind-chroot.x86_64 32:9.8.2-0.37.rc1.el6_7.7 will be installed
--> Running transaction check
...
Complete!

Copy Configuration Files

For security, copy the BIND configuration files from the sample files to the chroot directory:

# cd /var/named/chroot/etc
# cp /usr/share/doc/bind-9.8.2/sample/etc/named.conf /var/named/chroot/etc
# cp /usr/share/doc/bind-9.8.2/sample/etc/named.rfc1912.zones /var/named/chroot/etc

Configure the DNS Server

Edit the main BIND configuration file /var/named/chroot/etc/named.conf with the following settings:

options {
    listen-on port 53 { 127.0.0.1; any; };
    listen-on-v6 port 53 { ::1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { localhost; any; };
    allow-query-cache { localhost; any; };
    recursion yes;
    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;
    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
    managed-keys-directory "/var/named/dynamic";
};

logging {
    channel default_debug {
        file "data/named.run";
        severity dynamic;
    };
};

include "/etc/named.rfc1912.zones";

Key Configuration Options

Set Permissions and Validate

Update the file permissions for the configuration files:

# chown root:named named.conf named.rfc1912.zones

Check the configuration file syntax before starting the service:

# named-checkconf named.conf

If no output is returned, the configuration is valid.

Start and Enable the Service

Start the BIND service and enable it to start automatically at boot:

# service named restart
# chkconfig named on

Testing the Caching DNS Server

Test the DNS server by sending queries directly to it using nslookup:

# nslookup google.com 192.168.87.150

Server: 192.168.87.150
Address: 192.168.87.150#53

Non-authoritative answer:
Name: google.com
Address: 216.58.220.46

The "Non-authoritative answer" indicates that the response came from a caching server rather than the authoritative DNS server for the domain.

Conclusion

You have successfully configured a caching DNS server using BIND on Linux. This server will cache DNS responses locally, improving query performance and reducing external DNS traffic. The caching server is now ready to serve DNS queries for your local network environment.