To reduce load to our very old legacy primary DNS server, I decided to use CoreDNS as DNS cache server.
Select the right arch and download it to /usr/sbin/coredns
Add coredns user
# useradd coredns -s /sbin/nologin -c 'coredns running account'Add systemd service
# cat /etc/systemd/system/coredns.service[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io
After=network.target[Service]Restart=always
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=4096
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
WorkingDirectory=/home/coredns
ExecStart=/bin/bash -c '/usr/sbin/coredns -conf=/etc/coredns/Corefile &>/var/log/coredns.log'
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure[Install]
WantedBy=multi-user.target
Add CoreDNS configuration file: /etc/coredns/Corefile
# cat /etc/coredns/Corefile.:53 {
bind 0.0.0.0
cache 3600
rewrite stop type AAAA A
loadbalance
reload 30s
log . "{type} {name} {class} {rcode} {duration}"
forward . 192.168.1.101 192.168.100.102 192.168.100.102 {
policy round_robin
max_fails 1
health_check 30s
}
}
Enable and start coredns systemd service
# systemctl enable coredns# systemctl start coredns
