Administering DNS from the Command Line — My Linux Journey (Part 2)

After completing the DNS module in my journey toward mastering Linux system administration, especially in WHM/cPanel environments, I’ve gathered hands-on knowledge of how domain resolution works at a deeper level—both from a configuration and troubleshooting standpoint

Here’s everything I learned in this leg of my training:

---

🔧 DNS Server Types in cPanel

cPanel/WHM supports multiple DNS servers. Here’s what I explored:

🔹 BIND/named

• Most widely used, supports all record types, highly configurable.

• Memory-intensive and slower with large zone counts due to full reloads on every change.

• Default DNS server in most cPanel systems.

🔹 MyDNS (Deprecated since v106)

• Uses MySQL backend. Faster zone changes as it loads zones live.

• Limited support for advanced record types like DNSSEC.

• No longer available in new versions unless previously installed.

🔹 NSD (Deprecated since v106)

• Lightweight and fast, great for minimal setups.

• Lacks recursion support and flexibility.

• Deprecated and removed from modern versions.

🔹 PowerDNS

• Fast and memory-efficient.

• Only cPanel-supported server with DNSSEC support.

• Uses BIND-style zone files and a SQLite backend for DNSSEC.

• Compatible with DNS clustering.

---

📂 Key DNS File Locations

📁 /etc Directory

System-wide DNS configuration files:

• /etc/hosts: Local domain-to-IP resolution.

• /etc/resolv.conf: DNS forwarder config (used when local server isn’t authoritative).

• /etc/nsswitch.conf: Determines order of name resolution (e.g., hosts: files dns).

📁 /var Directory (BIND-specific)

• /var/named: Where DNS zone files reside.

• /var/run/named: Holds BIND’s PID and session keys.

• /var/log/messages: Kernel and default BIND logs.

• /var/log/named/named.log: Additional logs, if configured.

---

🧾 BIND Log Severity Levels

Understanding BIND's logging levels helps pinpoint issues effectively. Here’s a snapshot:

(Image Reference: Your uploaded chart was used to describe severity levels.)

---

📌 DNS Record Types Covered

• A / AAAA Records – Point domains to IPv4 or IPv6 addresses

• CNAME – Alias of another domain

• MX – Mail servers

• NS – Nameservers

• SOA (Start of Authority) – Contains admin info, serial, etc.

• TXT – Often used for SPF, DKIM, DMARC

• PTR – Reverse DNS

---

🛠️ Troubleshooting DNS from CLI

Tools used during this module:

• ping – Check host reachability

• dig – Powerful DNS lookup tool

• host – Quick DNS query tool

• nslookup – Interactive DNS testing

• cat, less, grep – Inspect logs (/var/log/messages, /var/log/named/named.log)

---

📚 DNS Terms to Know (From Flashcards)

Understanding core DNS terms helped me navigate through the more technical parts of this module without getting overwhelmed. Here are some key definitions I learned and reviewed:

Here’s one of the terms I found especially important:

🔒 ACL (Access Control List) — A list of IPs allowed or denied from querying the DNS server, based on specific security rules. It plays a vital role in securing your DNS infrastructure.

---

🎯 Final Thoughts

The DNS module wasn’t just theory—it brought me closer to real-world sysadmin duties like:

• Identifying misconfigured records

• Navigating config files with confidence

• Understanding DNSSEC and clustering

• Reading logs efficiently for issue tracing

Next, I’ll be diving deeper into mail flow, security, and DNS-based authentication (SPF, DKIM, DMARC). This journey has already begun to transform how I understand servers—not just as a user but as a backend administrator.
In meanwhile you can follow me on LinkedIn to be a part of my journey in learning Linux

---

✅ Stay Tuned: Linux Admin Journey — Part 3 Coming Soon...