Running your own DNS server gives you full control over name resolution for internal infrastructure and reduces dependency on external resolvers. BIND9 (Berkeley Internet Name Domain) is the most widely deployed DNS server in the world and is available in the default RHEL 8 repositories. On RHEL 8, the package is split into bind (the server daemon) and bind-utils (client tools like dig and nslookup). This tutorial covers installing BIND9, creating a forward and reverse zone for example.com, and verifying resolution.
Prerequisites
- RHEL 8 server with a static IP address (e.g.,
192.168.1.100) - Root or
sudoaccess - A domain name to host — this guide uses
example.com - Firewalld running (
systemctl status firewalld) - SELinux in enforcing mode (default; BIND is SELinux-aware)
Step 1 — Install BIND9 and Utilities
Install the server and client packages from the AppStream repository.
dnf install -y bind bind-utilsAfter installation, the main configuration file is /etc/named.conf and zone files live under /var/named/. The daemon runs as the named user for privilege separation.
Step 2 — Configure /etc/named.conf
Edit the global options and declare your zone. Open /etc/named.conf and adjust the options block and add zone declarations.
options {
listen-on port 53 { 127.0.0.1; 192.168.1.100; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
allow-query { localhost; 192.168.1.0/24; };
recursion yes;
dnssec-validation yes;
};
zone "example.com" IN {
type master;
file "example.com.zone";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.rev";
allow-update { none; };
};Set listen-on to your server’s IP so BIND only binds to the desired interfaces. Restrict allow-query to your internal subnet to avoid becoming an open resolver.
Step 3 — Create the Forward Zone File
Create the forward zone file at /var/named/example.com.zone. This file maps hostnames to IP addresses.
$TTL 86400
@ IN SOA ns1.example.com. admin.example.com. (
2026051701 ; Serial (YYYYMMDDnn)
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ) ; Negative Cache TTL
@ IN NS ns1.example.com.
ns1 IN A 192.168.1.100
@ IN A 192.168.1.100
www IN A 192.168.1.100
mail IN A 192.168.1.101
@ IN MX 10 mail.example.com.Set the correct file ownership so the named daemon can read it, and apply the SELinux context.
chown root:named /var/named/example.com.zone
chmod 640 /var/named/example.com.zoneStep 4 — Create the Reverse Zone File
Create /var/named/192.168.1.rev for reverse DNS lookups (PTR records).
$TTL 86400
@ IN SOA ns1.example.com. admin.example.com. (
2026051701 ; Serial
3600
1800
604800
86400 )
@ IN NS ns1.example.com.
100 IN PTR ns1.example.com.
100 IN PTR example.com.
101 IN PTR mail.example.com.chown root:named /var/named/192.168.1.rev
chmod 640 /var/named/192.168.1.revStep 5 — Validate Configuration and Start named
Always validate before starting the daemon to catch syntax errors early.
named-checkconf /etc/named.conf
named-checkzone example.com /var/named/example.com.zone
named-checkzone 1.168.192.in-addr.arpa /var/named/192.168.1.revAll three commands should return without errors. Then enable and start the service.
systemctl enable --now namedStep 6 — Open the Firewall and Test Resolution
Allow DNS traffic through firewalld, then test with dig and nslookup.
firewall-cmd --permanent --add-service=dns
firewall-cmd --reloaddig @192.168.1.100 example.com
dig @192.168.1.100 -x 192.168.1.100
nslookup example.com 192.168.1.100A successful forward query returns an A record for 192.168.1.100; the reverse query returns the PTR record. Check /var/log/messages or journalctl -u named for any errors.
Conclusion
You now have a functioning BIND9 authoritative DNS server on RHEL 8, serving both forward and reverse zones for example.com. The configuration is validated by named-checkconf and protected by firewalld and SELinux. Remember to increment the serial number in your zone files every time you make a change.
Next steps: How to Install and Configure Postfix Mail Server on RHEL 8, How to Configure DNSSEC with BIND9 on RHEL 8, and How to Set Up a Split-Horizon DNS on RHEL 8.
