In this tutorial we will show you how to install and set-up Master Named (BIND) DNS server in Fedora 22 VPS.

To be more specific, in this case, we will setting up the master DNS server for the “” domain name in a chrooted environment.


First, you will need to log in to your VPS as ROOT via SSH. Once you are in you can clean-up dnf (this is not a necessary step but it won’t hurt). To do that just type:

dnf clean all

Another step that you can take and it is always a good practice is to update your packages. To do that just type:

dnf -y update

Next we will need to install “bind-chroot” package using “dnf“:

dnf install bind-chroot

Now we will need to edit the BIND (named) main configuration file in “/etc/named.conf“, but first, just in case, backup the file:

cp /etc/named.conf{,.orig}

and edit with:

nano /etc/named.conf

once the file is in the edit mode add the following

* Deny transfers by default except for the listed hosts.
acl "xfer" {

* trusted hosts which are allowed to use the cache 
* and perform recursive queries/lookups
acl "trusted" {;

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        pid-file "/run/named/";
        session-keyfile "/run/named/session.key";

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        dnssec-enable yes;
        dnssec-lookaside auto;

        listen-on-v6 { none; };
        listen-on { any; };

         * Accept queries from "trusted" ACL.  
        allow-query {

        /* Use the cache for the "trusted" ACL. */
        allow-query-cache {

        /* Only trusted addresses are allowed to use recursion. */
        allow-recursion {

        /* Zone tranfers are denied by default. */
        allow-transfer {

        /* Don't allow updates, e.g. via nsupdate. */
        allow-update {

        /* if you have problems and are behind a firewall: */
        //query-source address * port 53;

        dnssec-validation auto;
        auth-nxdomain no; # conform to RFC1035

        /* forward to ISP's DNS */
        // forwarders {
        // };

include "/etc/named.zones";

Save and close the file. Since I’m running BIND (named) in a “chrooted” environment, I need to set-up things within “/var/named/chroot“directory, so first create the directory:

mkdir -p /var/named/chroot/etc/

edit the file:

nano /var/named/chroot/etc/named.zones

and add:

zone "" {
    type master;
    file "/var/named/";
    allow-query { any; };
    allow-transfer { xfer; };

Save and close the file:

Next, create the zone file for “” in “/var/named/chroot/var/named/“:

nano /var/named/chroot/var/named/

and add:

@ 14400 IN SOA (
2014011501 ; serial, todays date+todays
28800 ; refresh, seconds
7200 ; retry, seconds
360000 ; expire, seconds
86400 ) ; minimum, seconds 14400 IN A MASTER_IP_ADDRESS; 14400 IN A SLAVE_IP_ADDRESS; 14400 IN NS 14400 IN NS 14400 IN A MASTER_IP_ADDRESS; 14400 IN A SLAVE_IP_ADDRESS; 14400 IN MX 0

www 14400 IN CNAME
imap 14400 IN CNAME
smtp 14400 IN CNAME 14400 IN TXT "v=spf1 a mx ~all" 14400 IN SPF "v=spf1 a mx ~all"

Close and ave the file, and check if the zone file is valid for the domain in question with:

named-checkzone /var/named/chroot/var/named/

Next set-up te directories under the chroot with:

mkdir /var/named/chroot/var/named/{dynamic,data}

set the correct permisions:

chown named: -R /var/named/

And start the DNS server with:

systemctl start named-chroot

You can also add it to system’s start-up using “systemctl“. To do that type:

systemctl enable named-chroot

To test the set-up you can queryi the DNS server for the domain’s zone that has been set-up previously:


If you’re one of our Linux VPS Hosting customers we can install and set-up Master Named (BIND) DNS server on your virtual server for you free of charge. Just contact us and some of our experts will complete your request immediately.

Leave a Reply

Your email address will not be published. Required fields are marked *