How to Install and Configure Bind Chroot DNS Server on CentOS 6.4 VPS

This article will explain the steps to install and configure the DNS Server chroot binding on CentOS 6.4 virtual private server (VPS) or dedicated server. Usually if you plan to install email server or your own web server, it is good to have your own domain name service (DNS), so that you will have full control of the domain and subdomain. BIND (the Berkeley Internet Name Domain) also known as NAMED is the most widely used DNS server in the internet. Bind DNS helps to resolve domain name to ip address and ip address to domain name. Beside having full control of our registered domain name, it will also help to improve the speed of domain lookups. All these steps has been tested on CentOS 6.4 64 bit. When you run BIND in a chroot jail, the process is simply unable to see any part of the filesystem outside the jail. As an example, i will setting up BIND to run chrooted to the directory /var/named/chroot/. Well, to BIND, the contents of this directory will appear to be /, the root directory. A “jail” is a software mechanism for limiting the ability of a process to access resources outside a very limited area, and it’s purposely to enhance the security. Bind Chroot DNS server was by default configured to /var/named/chroot.

See also  How To Install Git on CentOS

1. Install Bind Chroot DNS server :

[root@centos64 ~]# yum install bind-chroot bind -y

2. Copy all bind related files to prepare bind chrooted environments :

[root@centos64 ~]# cp -R /usr/share/doc/bind-*/sample/var/named/* /var/named/chroot/var/named/

3. Create bind related files into chrooted directory :

[root@centos64 ~]# touch /var/named/chroot/var/named/data/cache_dump.db
[root@centos64 ~]# touch /var/named/chroot/var/named/data/named_stats.txt
[root@centos64 ~]# touch /var/named/chroot/var/named/data/named_mem_stats.txt
[root@centos64 ~]# touch /var/named/chroot/var/named/data/
[root@centos64 ~]# mkdir /var/named/chroot/var/named/dynamic
[root@centos64 ~]# touch /var/named/chroot/var/named/dynamic/managed-keys.bind

4. Bind lock file should be writeable, therefore set the permission to make it writable as below :

[root@centos64 ~]# chmod -R 777 /var/named/chroot/var/named/data
[root@centos64 ~]# chmod -R 777 /var/named/chroot/var/named/dynamic

5. Set if you do not use IPv6 :

[root@centos64 ~]# echo 'OPTIONS="-4"' >> /etc/sysconfig/named

6. Copy /etc/named.conf chrooted bind config folder :

[root@centos64 ~]# cp -p /etc/named.conf /var/named/chroot/etc/named.conf

7.Configure main bind configuration in /etc/named.conf. Append the ehowstuff.local information to the file :

[root@centos64 ~]# vi /var/named/chroot/etc/named.conf

a. Add bind DNS IP addresses :

listen-on port 53 {;;; };

b. Create forward and reverse zone :

zone "ehowstuff.local" {
    type master;
    file "";

zone "" IN {
        type master;
        file "";

Full configuration for named.conf :

// named.conf
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.

options {
        listen-on port 53 {;;; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

logging {
        channel default_debug {
                file "data/";
                severity dynamic;

zone "." IN {
        type hint;
        file "";

zone "ehowstuff.local" {
    type master;
    file "";

zone "" IN {
        type master;
        file "";

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

8. Create Forward and Reverse zone files for domain ehowstuff.local.

See also  How to Install and Configure phpLDAPadmin on CentOS 6.2

a) Create Forward Zone :

[root@centos64 ~]# vi /var/named/chroot/var/named/
;       Addresses and other host information.
$TTL 86400
@       IN      SOA     ehowstuff.local. hostmaster.ehowstuff.local. (
                               2013042201      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns1.ehowstuff.local.
               IN      NS      ns2.ehowstuff.local.
               IN      A
               IN      MX      10 mail.ehowstuff.local.

centos64           IN      A
mail            IN      A
ns1              IN      A
ns2              IN      A

b) Create Reverse Zone :

[root@centos64 ~]# vi /var/named/chroot/var/named/
;       Addresses and other host information.
$TTL 86400
@       IN      SOA     ehowstuff.local. hostmaster.ehowstuff.local. (
                               2013042201      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum IN      NS      centos64.ehowstuff.local. IN PTR mail.ehowstuff.local. IN PTR ns1.ehowstuff.local. IN PTR ns2.ehowstuff.local.

9. Start Bind service :

[root@centos64 ~]# /etc/init.d/named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]

10. Configure Bind auto start at boot :

[root@centos64 ~]# chkconfig --levels 235 named on

11. Test and verify Bind DNS setup :
a. Test and verify using host command :

[root@centos64 ~]# host -t ns ehowstuff.local
ehowstuff.local name server ns1.ehowstuff.local.
ehowstuff.local name server ns2.ehowstuff.local.
[root@centos64 ~]# host -t mx ehowstuff.local
ehowstuff.local mail is handled by 10 mail.ehowstuff.local.

b. Test and verify using nslookup command :

[root@centos64 ~]# nslookup
> set type=any
> ehowstuff.local

        origin = ehowstuff.local
        mail addr = hostmaster.ehowstuff.local
        serial = 2013042201
        refresh = 43200
        retry = 3600
        expire = 3600000
        minimum = 2592000
ehowstuff.local nameserver = ns1.ehowstuff.local.
ehowstuff.local nameserver = ns2.ehowstuff.local.
Name:   ehowstuff.local
ehowstuff.local mail exchanger = 10 mail.ehowstuff.local.
> exit

c. Test and verify using dig command :

[root@centos64 ~]# dig ehowstuff.local

; < <>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 < <>> ehowstuff.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6958
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;ehowstuff.local.               IN      A

ehowstuff.local.        2592000 IN      A

ehowstuff.local.        2592000 IN      NS      ns1.ehowstuff.local.
ehowstuff.local.        2592000 IN      NS      ns2.ehowstuff.local.

ns1.ehowstuff.local.    2592000 IN      A
ns2.ehowstuff.local.    2592000 IN      A

;; Query time: 1 msec
;; WHEN: Wed Apr  3 00:03:40 2013
;; MSG SIZE  rcvd: 117



  • Avatar Widya Gama says:

    Help me please.. I have followed your instruction above carefully and completely.

    Named looks OK when I type “/etc/init.d/named start” same as shown above.

    I have also created virtual host based on tutorial on
    But my domain is still not connected with my VPS. This is the 4th failed installation and configuration I have tried.

    I’m running on centOS 6.4 64bit nginx 1 IP.
    Thank You.

    • Avatar Widya Gama says:

      NB : Why are the commands “nslookup, host, dig” not working? I’m using as zone, not mydomain.local like your instruction above. And login as root. Are they the cause?

      • Avatar skytech says:

        In order to to use bind utilities like nslookup, host and dig, you have to install bind utilities package. Run the following command to install :

        # yum install bind-utils -y

    • Avatar skytech says:

      May i know a little bit your virtual host based configuration ? Please make sure bind dns can do query on the configured domain. I would recommend you do verification by using bind utilities tool to verify such as nslookup or dig command. Then proceed to troubleshoot on the web server (nginx) setting.. Hope this help. You may email to me admin[at] on the details, so we can do further troubleshooting..

  • Avatar Prasad Saxena says:

    I have an account with . The problem is that whenever I put the nslookup it shows me the localhost ip.
    It doesn’t show me the configured ip.
    I am running Centos 6.x X64.

  • Avatar jm says:

    there are quite a few mistakes in this tutorial for example no TTL in the zone files, IN not specified after the showstuff.local zone among others. I followed this tutorial to the letter to see if it worked but got heaps of errors.

Leave a Reply

Your email address will not be published. Required fields are marked *