Environment Preparation

Establish a stable network baseline before deploying the DNS service. Disable transient security modules and assign static addressing to both the authoritative server and the testing client.

# Temporarily disable SELinux and halt the firewall
sudo setenforce 0
sudo systemctl stop firewalld

# Assign static IPv4 parameters to the DNS host
sudo nmcli con mod eth0 ipv4.method manual ipv4.addresses 172.16.10.10/24 ipv4.gateway 172.16.10.1 ipv4.dns 8.8.8.8
sudo nmcli con up eth0

# Assign static IPv4 parameters to the client host, pointing DNS to the server
sudo nmcli con mod eth0 ipv4.method manual ipv4.addresses 172.16.10.11/24 ipv4.gateway 172.16.10.1 ipv4.dns 172.16.10.10
sudo nmcli con up eth0

Install the BIND package suite on the primary node:

sudo dnf install bind bind-utils -y

Forward Resolution Configuration

Forward resolution translates domain names into IP addresses. This process requires modifying three distinct configuration layers:

1. Global Directives (/etc/named.conf): Override default localhost bindings to accept external queries.
2. Zone Registry (/etc/named.rfc1912.zones): Declare the authoritative namespace.
3. Zone Data File: Host the actual resource records.

Edit the global options to permit unrestricted listening and querying:

options {
    listen-on port 53 { any; };
    allow-query     { any; };
    recursion no;
    ...
};

Register the forward zone in the regional configuration file:

zone "internal-dev.net" IN {
    type master;
    file "internal-dev.net.zone";
    allow-update { none; };
};

Initialize the zone data file by duplicating the system template. The -a flag preserves SELinux contexts and ownership permissions:

cd /var/named
cp -a named.localhost internal-dev.net.zone

Populate the data file with SOA, NS, A, and CNAME records. Serial numbers are formatted as YYYYMMDDNN for easier tracking:

$TTL 86400
internal-dev.net.   IN SOA  ns.internal-dev.net. admin.internal-dev.net. (
                            2023110101  ; Serial
                            3600        ; Refresh
                            900         ; Retry
                            604800      ; Expire
                            86400 )     ; Minimum TTL

internal-dev.net.   IN  NS  ns.internal-dev.net.
ns.internal-dev.net. IN  A   172.16.10.10
web.internal-dev.net. IN A   172.16.10.10
api.internal-dev.net. IN A   172.16.10.10
portal.internal-dev.net. IN CNAME web.internal-dev.net.

Reload the service and validate resolution from the client:

sudo systemctl restart named
nslookup web.internal-dev.net

Reverse Resolution Configuration

Reverse resolution maps IP addresses back to hostnames using the in-addr.arpa hierarchy. The configuration mirrors the forward setup but requires inverted octet notation to the zone declaration.

Append the reverse zone definition to the regional configuration:

zone "10.16.172.in-addr.arpa" IN {
    type master;
    file "172.16.10.rev";
    allow-update { none; };
};

Generate the reverse data file from the loopback template:

cd /var/named
cp -a named.loopback 172.16.10.rev

Define Pointer (PTR) records. Only the host portion of the IP adress is required as the left-hand label. Every domain name must terminate with a trailing dot to indicate absolute qualification:

$TTL 86400
@   IN SOA  ns.internal-dev.net. admin.internal-dev.net. (
                    2023110101  ; Serial
                    3600        ; Refresh
                    900         ; Retry
                    604800      ; Expire
                    86400 )     ; Minimum TTL

@               IN  NS  ns.internal-dev.net.
ns              IN  A   172.16.10.10
10              IN  PTR ns.internal-dev.net.
10              IN  PTR web.internal-dev.net.
10              IN  PTR api.internal-dev.net.

Apply the configuration and execute a reverce lookup test:

sudo systemctl restart named
nslookup 172.16.10.10

The resolver will return all domain names explicitly mapped to the queried network interface.