How to setup a cache-only DNS server

A cache-only dns server (also known as a resolver) queries for information from other servers and stores the result of such queries in a memory cache for future use. This is a useful exercise in the event of repeating a request for a second time; a second (& similar) query will return a result in a shorter time when compared to the time the result was returned for the first query.

1: Install the bind package

If it hasn’t been previously installed, use the following command to install the bind package:

yum install bind bind-utils -y

2. Edit the named.conf file
The configuration file is by default called named.conf and it is located in the etc directory. Open this file with a text editor and make the following changes;

listen-on port 53 {; any;};
      allow-query {localhost; any;};
      allow-query-cache {localhost; any;};
      recursion yes; 

The next two images are the default configuration file and the edited configuration file. Make the necessary adjustment as indicated by the marked part of the images. Ensure you have the correct port number as this will be used in altering the firewall to allow traffic through.

Save and quit the editor.

3. Confirm file ownership
Ensure that the file ownership for named.conf is still root:named. You can use the following command to view the ownership:

ls –lZ /etc/named.conf

If for whatever reason the ownership has changed, use the chown command to make the ownership root:named.

If the server is enabled by selinux, you will need to ensure you have the right selinux context. Just to be on the safe side, run the chcon command as ssen in the image below.

  • 4. Test the configuration
    After making the above configurations, test the configuration to ensure you have the right settings. If the settings are right the checkconf command should retun no result. The checkconf command is; named-checkconf /etc/named.conf

5. Restart and enable
Restart the named service and it to ensure it is persistent across reboot. You can also check the status of the named service.

6. Edit the firewall configuration
Edit the firewall configuration to allow the stated port through the firewall. Then reload the firewall afterwards

7. Test the setup
Use the dig command to test the setup. The dig command is used as follows;

   dig active-web-address

 The command to test my setup will look like; dig

The above image is the result of the first query. Note the query time; compare it with the query time for the second query, which is the image below.

You can also latch on to the cache-only dns server from a client machine such that the client machine can also have a cache service when running queries.

Open up the ifcfg file on the client machine as follows;

vi /etc/sysconfig/network-scripts/ifcfg-ens33

The network interface I am using is ens33; remember to alter the command to accommodate the interface on your machine

Make the following changes to this file;


Now restart the network service on the client machine and run the dig command on an active website. Then run the command again; note the query times for both command

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session. I welcome you to follow me on Twitter and Facebook.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x