Configure slave DNS (BIND) on CentOS 7 / RHEL 7

ADVERTISEMENT

dns

BIND can be configured as master or slave to serve the DNS request for each zone, when the BIND is configured as a slave, it obtains the copy of zone data from master server by using zone transfer method. In the previous post, we had configured master dns server on CentOS 7, master server will act as a source for the slave. If you do not have master dns setup on your environment, take a look at configuring DNS server on CentOS 7.

ADVERTISEMENT
Article will continue after the ad

Before going further, we will take some scenario like below.

Scenario:

Domain Name: itzgeek.local

DNS servers:

NS1: primary.itzgeek.local

IP: 192.168.12.8

NS2: secondary.itzgeek.local

IP: 192.168.12.6

In this we have two servers named primary and secondary, in which primary is already been configured as a master for itzgeek.local domain. Now we are to configure secondary as a slave DNS server for itzgeek.local, the following are the steps to be performed to achieve our goal.

On Master Server:

Configure BIND on master server to allow zone transfer to secondary server, edit the /etc/named.conf file in primary.itzgeek.local.

[root@primary ~]# vi /etc/named.conf

Add the following entry in the file, the servers that are mentioned in the allow-transfer will able to transfer zones from master server. This can be applied to all zones or particular zone. If you mention allow-transfer in particular zone, only mentioned server will be able to transfer zone from master.

allow-transfer { localhost;192.168.12.6;};

Add your secondary dns server information in forward lookup file at primary.itzgeek.local.

[root@primary ~]# vi /var/named/fwd.itzgeek.local.db
 
$TTL 86400
@   IN  SOA     primary.itzgeek.local. root.itzgeek.local. (
2014112512  ;Serial
3600        ;Refresh
1800        ;Retry
604800      ;Expire
86400       ;Minimum TTL
)
;Name Server Information
@      IN  NS      primary.itzgeek.local.
;Secondary Name server
@      IN  NS      secondary.itzgeek.local.
;IP address of Name Server
primary IN  A       192.168.12.8
;IP address of secondary server
secondary IN A      192.168.12.6
;Mail exchanger
itzgeek.local. IN  MX 10   mail.itzgeek.local.
;A - Record HostName To Ip Address
www     IN  A       192.168.12.100
mail    IN    A       192.168.12.150
;CNAME record
ftp     IN CNAME        www.itgeek.local.

Restart BIND service at primary.itzgeek.local

# systemctl restart named.service

On Slave Server:

It is the time to add a slave zone declaration on secondary server, make sure you to install the following packages on secondary server.

# yum -y install bind bind-utils

Edit /etc/named.conf file. Comment out the following line, this will enable BIND to listen on all interfaces.

#listen-on port 53 { 127.0.0.1; };
#listen-on-v6 port 53 { :!! };

Add your network in the following line, I’ve added 192.168.12.0/24, this will allow the clients from mentioned network can query the DNS for name to ip translation.

allow-query     { localhost;192.168.12.0/24; };

Add the slave zone like below.

zone "itzgeek.local" IN {
type slave;
masters { 192.168.12.8; };
file "slaves/fwd.itzgeek.local.db";
};

itzgeek.local – Domain name
slave – Secondary DNS
fwd.itzgeek.local.db – Slave forward lookup file
Restart BIND service at secondary.itzgeek.local

# systemctl restart named.service

Verify lookup for www.itzgeek.local using secondary.itzgeek.local (192.168.12.6)

[root@client ~]# dig @192.168.12.6 www.itzgeek.local
 
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> @192.168.12.6 www.itzgeek.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25873
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.itzgeek.local.             IN      A
 
;; ANSWER SECTION:
www.itzgeek.local.      86400   IN      A       192.168.12.100
 
;; AUTHORITY SECTION:
itzgeek.local.          86400   IN      NS      primary.itzgeek.local.
itzgeek.local.          86400   IN      NS      secondary.itzgeek.local.
 
;; ADDITIONAL SECTION:
primary.itzgeek.local.  86400   IN      A       192.168.12.8
secondary.itzgeek.local. 86400  IN      A       192.168.12.6
 
;; Query time: 1 msec
;; SERVER: 192.168.12.6#53(192.168.12.6)
;; WHEN: Tue Nov 25 16:43:55 EST 2014
;; MSG SIZE  rcvd: 140

Auto Slave DNS update:

When ever there is a change in zones at a master server, that has to be updated in all slave servers. In two ways we can control the updates to slave servers.

1. At a regular interval.

2. Configure master server to notify the slave zones when there has a change in zones.

second option is best to set, it can be achieved by adding the following notify and also-notify entry at master named.conf file.

zone "itzgeek.local" IN {
type master;
file "fwd.itzgeek.local.db";
allow-update { none; };
notify yes;
also-notify { 192.168.12.6; };
};

While modifying zones, do not forget to change the serial number in the lookup file.

That’s All.

ADVERTISEMENT

POSTS YOU MAY LIKE -:)

Share This Post

Shares