Installing and Configuring a Name Server

3 Installing and Configuring a Name Server

By default, you can use the BIND installation to configure a caching-only name server using the configuration settings that are provided in the /etc/named.conf file and other included files.

To configure a caching-only name server:

Install the bind package.
```
sudo dnf install bind bind-utils
```
Edit /etc/named.conf and configure the settings required for the server.
The configuration file included with the BIND installation enables only the localhost to query named and resolve IP addresses:
```
options {
  listen-on port 53 { 127.0.0.1; };
  listen-on-v6 port 53 { ::1; };
  allow-query { localhost; };
  recursion yes;
};
```
For more information, see The named Configuration File.
1. Specify the network interfaces on which named listens for queries.
  The following example configures named to listen on three interfaces on an IPv4 network: the localhost, a network interface with IP address 192.168.0.10, and a network interface with the IP address 10.0.3.100:
```
listen-on port 53 { 127.0.0.1; 192.168.1.10; 10.0.3.100; };
```
2. Specify the IP addresses of clients that are allowed to query this server.
  In the following example, the localnets keyword grants any clients on the same network as the server permission to make queries:
```
allow-query { localhost; localnets; };
```
3. Specify the IP addresses of clients that are allowed to access cached data.
  In the following example, IP addresses between 192.168.1.0 and 192.168.1.254 are allowed to access cached data.
```
allow-query-cache { localhost; 192.168.1.0/24; };
```
4. Specify the IP addresses of clients that are allowed to make recursive queries.
  In the following example, IP addresses between 10.0.0.0 and 10.0.255.255 are allowed to receive recursively resolved data.
```
allow-recursion { localhost; 10.0.3.0/16; };
```
Save /etc/named.conf, then confirm that the syntax is correct.
```
sudo named-checkconf
```
If required, edit the zone files.
For more information, see:
- Resource Records in Zone Files
- Resource Records for Reverse-Name Resolution
Configure the system firewall to accept incoming TCP connections to port 53 and incoming UDP datagrams on port 53:
```
sudo firewall-cmd --zone=zone --add-port=53/tcp --add-port=53/udp
```
To make the change persist across reboots, include the --permanent option:
```
sudo firewall-cmd --permanent --zone=zone --add-port=53/tcp --add-port=53/udp
```
For more information about securing the firewall, see Oracle Linux 10: Configuring the Firewall.
Restart the named service and configure it to start following system reboots.
```
sudo systemctl enable --now named
```