Junk Food for the Brain

Open Source and Awesomesauce :)

Configure a Caching-Only Name Server in a Chroot Environment for Fedora 11

| Comments

Having a caching only name-server on your local Machine speeds up your browsing. Here’s how to set up a slightly more secure caching server using ISC Bind in Fedora 11.

  1. Install bind and bind-chroot packages
# yum install bind bind-chroot
  1. Edit your `/etc/sysconfig/named file.
# vim /etc/sysconfig/named

Add the following line:



  1. Edit your /etc/named.conf file.
# vim /etc/named.conf
  1. Change the following line:
listen-on port 53 {; };


listen-on port 53 { any; };

This allows the bind daemon to listen on all your network IPs, not just your loopback( address.

  1. Change this line:
allow-query     { localhost; };


allow-query     {; };

You now allow all the machines in your home LAN to use your DNS server.

  1. Make sure it starts at boot time.
# chkconfig named on

Restart your DNS server.

# service named restart
  1. Make sure its listening on the correct ports.
# netstat -ntupl | grep named

In my case, the DNS server IP is So, as seen here, the line udp 0 0* 2851/named shows it is listening correctly.

  1. Then test your server from another machine in your network. Most probably another linux box or laptop.
# dig @ google.com

The dig command, with the ‘@’ instructs it to get the IP address for google.com from your newly set up server. On my machine, it looked like this:-

[root@atreides ~]# dig @ google.com  
; < <>> DiG 9.6.1-RedHat-9.6.1-2.fc11 < <>> @ google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6515
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0  
;google.com.            IN  A  
google.com.     300 IN  A
google.com.     300 IN  A
google.com.     300 IN  A  
google.com.     171853  IN  NS  ns3.google.com.
google.com.     171853  IN  NS  ns1.google.com.
google.com.     171853  IN  NS  ns2.google.com.
google.com.     171853  IN  NS  ns4.google.com.  
;; Query time: 82 msec
;; WHEN: Sat Jul 18 20:14:59 2009
;; MSG SIZE  rcvd: 148

Note the SERVER: line. that shows you the answer for the query came from my DNS server (

  1. Finally, set up your /etc/resolv.conf accordingly.
    On the server:

And on all your other machines: