Local DNS resolver

local dns resolverA DNS server or DNS Resolver is a server which contains a database of IP addresses and their associated hostnames, and in most cases, serves to resolve, or translate, those common names to IP addresses as requested.

DNS servers run a special software (ex. BIND) and communicate (Listen TCP/UDP port 53) with each other using special protocols.

Simple: a DNS server on the Internet is the server that translates that FQDN to the IP address.

Local DNS resolver

To use, the local DNS resolver or centralized DNS server you have needs e.g. BIND installed on the server. Then you need to check that the clients have configured /etc/resolv.conf file on that nameserver first:


If you do not see a line (nameserver in the first position, then you need to add it, if you wanna use a local DNS resolver or a centralized DNS server, which depends on your network configuration and have you more than one client which needs to make queries.

The file resolv.conf contains the information your system uses to resolve domain and host names. It will query these servers in order, and if it doesn’t get a response from the first DNS server, it will move on to the next, and to the next one.

Configure BIND as a Caching Local DNS Server

First you need to configure Bind to act as a caching DNS server. This configuration will force the server to recursively seek for answers from other ROOT DNS servers when a client issues a query. This means that it is doing the work of querying each related DNS server in turn until it finds the response.

As a DNS server it will be used to resolve recursive queries. We do not want the DNS server to be abused by malicious users and open queries to the Internet.


Here we are adding ACL NETWORKS in which allows DNS Queries to do:

acl networks {;

options {
    allow-recursion { networks; };
    allow-query { networks; };

Restart bind9

When you have made the modifications to your configuration files and you do not have any syntax errors, restart the Bind9 daemon:

service bind9 restart


After that you can test queries (e.g. dig) that return the correct response to the local DNS server. You should see a SERVER line like:


Then it resolving local DNS server.

root@malware.expert:~$dig malware.expert

;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 26101
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;malware.expert.			IN	A

malware.expert.		119	IN	A

;; Query time: 67 msec
;; WHEN: Fri Sep  8 07:02:20 2017
;; MSG SIZE  rcvd: 48

Caching RBL Database

For this Local DNS configuration you can cache DNS queries and speed up your Webserver’s response time, if you use Malware.Expert – RBL Database for malware in ModSecurity rules.