FreeKB - Bind Named DNS Configure Bind DNS server on Docker
Bind Named DNS - Configure Bind DNS server on Docker

This assumes you have installed Bind on Docker and that Bind is up and running.


If you have a firewall between your Bind DNS server and your systems that will be using the Bind DNS server, configure the firewall to allow traffic on port 53. For example, here is how you would allow traffic on port 53 in firewalld.

firewall-cmd --add-port=53/tcp --permanent
firewall-cmd --reload


DNSStubListener and resolved.conf

Use the lsof command to determine if systemd is listening on port 53.

lsof -i tcp:53
lsof -i udp:53


Set the DNSStubListener directive in /etc/systemd/resolved.conf to "no".



Restart the systemd-resolved service for this change to take effect.

systemctl deamon-reload
systemctl restart systemd-resolved



With the following in your named.conf.options file, bind should be able to resolve entries listed in your forward and reverse lookup, and then use Googles name servers and for external lookup, storing successful resolutions in cache for quick, future lookups.

options {
  directory "/var/cache/bind";
  dnssec-validation auto;
  listen-on { any; };
  allow-query { any; };

  forwarders {;;


Forward and Reverse lookups files

Create a forward and reverse lookup files. The forward lookup file resolves a hostname to an IP address. The reverse lookup file resolvs an IP address to a hostname.

The forward and reverse lookup files will be placed in the directory on your Docker server that will be mounted when the container is started, such as /usr/local/docker/bind/zones.

The file could look something like this.

@ IN SOA (
                                0  ; serial
                                1D ; refresh
                                1H ; retry
                                1W ; expire
                                3H ; minimum
; name servers
      IN   NS
      IN   NS

; hostname to IP address resolution
ns1   IN   A 
ns2   IN   A 
fs1   IN   A 
fs2   IN   A 


And the file something like this.

@ IN SOA (
                                0  ; serial
                                1D ; refresh
                                1H ; retry
                                1W ; expire
                                3H ; minimum
)  IN  NS  IN  NS

@     IN   NS
@     IN   NS
ns1   IN   A 
ns2   IN   A 
6     IN   PTR
7     IN   PTR
8     IN   PTR
9     IN   PTR


Red Hat 7 and below (network scripts)

On systems using a Red Hat 7 or below distribution (CentOS, Fedora, Red Hat), the /etc/sysconfig/network-scripts/ifcfg-xxxxxxxxx file (or the /etc/network/interface file on a Debian distribution) is used to define the name servers the system will use.



Red Hat 8 and above (Network Manager)

The nmcli connection show (Network Manager CLI) command can be used to display the DNS servers being used.

~]# nmcli connection show ens192


If needed, the nmcli connection modify command can be used to change the DNS servers being used. This change will be persistent, meaning the change will remain in place even if the system is rebooted.

nmcli connection modify eth0 ipv4.dns ","
nmcli device reapply eth0



The /etc/resolv.conf file should now contains your name servers.

~]# cat /etc/resolv.conf


And the resolvectl command should also display your name servers.

~]# resolvectl
Link 2 (eth0)
Current Scopes: DNS LLMNR/IPv4
     Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
   DNS Servers:


Restart Bind

Restart the bind container, and ensure the container is up and running.

docker restart bind
docker container ls


The docker logs bind command should return something like this.

~]# docker logs bind
09-Oct-2021 11:24:55.730 all zones loaded
09-Oct-2021 11:24:55.731 running


Validate forward and reverse lookup zones

Ensure the forward and reverse zones return "OK".

~]# docker exec bind named-checkzone /data/bind/zones/
zone loaded serial 2016032200

~]# docker exec bind named-checkzone /data/bind/zones/
zone loaded serial 0


Flush cache

Flush the DNS cache to ensure Bind is not using the cache for lookups.

docker exec bind rndc flush
docker exec bind rndc reload



Use nslookup to see if the name server is able to resolve one of the hostnames in the forward lookup file to its IP address.

~]$ nslookup

Non-authoritative answer:


And also reverse lookup.

~]# nslookup       name =


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 6e4bb in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |