Linux, Windows, Virtualization, OpenSource & Blogging

Configure Slave DNS Server on Debian 9 / Ubuntu 16.04

0

 

Configure Slave DNS Server on Debian 9
Configure Slave DNS Server on Debian 9

DNS server can be configured to act as a master or a slave to serve the DNS request. When the DNS is configured as a slave, it gets the copy of zone data from the master by using zone transfer method and keep that in a cache for a particular period for serving DNS queries.

Environment

itzgeek.local
Master ns1.itzgeek.local 192.168.1.10 Acts a master server
Slave ns2.itzgeek.local 192.168.1.20 Acts a slave server. Takes care of DNS requests when the master server goes down

ns1.itzgeek.local is already configured as the master for the itzgeek.local domain.

READ: Configure DNS Server On Debian 9 / Ubuntu 16.04

We will now configure ns2.itzgeek.local as a slave DNS server for the itzgeek.local domain.

On Master Server

We need to configure BIND on the master server (ns1.itzgeek.local) to enable zone transfer to our secondary server (ns2.itzgeek.local).

Edit the /etc/named.conf.local file in ns1.itzgeek.local.

nano /etc/bind/named.conf.local

You would need to update the existing zones we created for itzgeek.local with the allow-transfer and also-notify parameter.

The allow-transfer will let you transfer zones from the master to a slave server and also-notify help us to notify a slave server when there has a change in zones at master server.

zone "itzgeek.local" IN { //Domain name
     type master; //Primary DNS
     file "/etc/bind/fwd.itzgeek.local.db"; //Forward lookup file
     allow-transfer  { 192.168.1.20; }; //Transfer zones from the master server
     also-notify { 192.168.1.20; }; //Notify slave for zone changes
};

zone "1.168.192.in-addr.arpa" IN { //Reverse lookup name. Should match your network in reverse order
     type master; // Primary DNS
     file "/etc/bind/rev.itzgeek.local.db"; //Reverse lookup file
     allow-transfer  { 192.168.1.20; }; //Transfer zones from the master server
     also-notify { 192.168.1.20; }; //Notify slave for zone changes
};

Restart the DNS service at ns1.itzgeek.local.

systemctl restart bind9

On Slave Server

Make sure you install the following packages on the slave server.

apt-get install -y bind9 bind9utils bind9-doc dnsutils

It is the time to add a slave zone declaration on the slave server (ns2.itzgeek.local). Edit /etc/bind/named.conf.local file.

nano /etc/bind/named.conf.local

Add the slave zone like below.

zone "itzgeek.local" IN { //Domain name
     type slave; //Secondary/Slave DNS
     file "/var/cache/bind/fwd.itzgeek.local.db"; //Forward Zone Cache file
     masters { 192.168.1.10; }; //Master Server IP
};

zone "1.168.192.in-addr.arpa" IN { //Reverse lookup name. Should match your network in reverse order
     type slave; // Secondary/Slave DNS
     file "/var/cache/bind/rev.itzgeek.local.db"; //Reverse Zone Cache file
     masters { 192.168.1.10; }; //Master Server IP
};

Restart DNS service at ns2.itzgeek.local

systemctl restart bind9

Wait for few minutes, and you would start to see something like below in /var/log/syslog file.

Oct 23 12:31:44 ns2 named[1309]: zone itzgeek.local/IN: Transfer started.
Oct 23 12:31:44 ns2 named[1309]: transfer of 'itzgeek.local/IN' from 192.168.1.10#53: connected using 192.168.1.20#47561
Oct 23 12:31:44 ns2 named[1309]: zone itzgeek.local/IN: transferred serial 20
Oct 23 12:31:44 ns2 named[1309]: transfer of 'itzgeek.local/IN' from 192.168.1.10#53: Transfer status: success
Oct 23 12:31:44 ns2 named[1309]: transfer of 'itzgeek.local/IN' from 192.168.1.10#53: Transfer completed: 1 messages, 11 records, 278 bytes, 0.001 secs (278000 bytes/sec)
Oct 23 12:31:44 ns2 named[1309]: zone itzgeek.local/IN: sending notifies (serial 20)
Oct 23 12:31:45 ns2 named[1309]: zone 1.168.192.in-addr.arpa/IN: Transfer started.
Oct 23 12:31:45 ns2 named[1309]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.10#53: connected using 192.168.1.20#43149
Oct 23 12:31:45 ns2 named[1309]: zone 1.168.192.in-addr.arpa/IN: transferred serial 20
Oct 23 12:31:45 ns2 named[1309]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.10#53: Transfer status: success
Oct 23 12:31:45 ns2 named[1309]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.10#53: Transfer completed: 1 messages, 9 records, 263 bytes, 0.008 secs (32875 bytes/sec)

Verify Slave DNS Server

On the client machine add a slave DNS server IP Address in /etc/resolv.conf file.

nano /etc/resolv.conf

Make an entry like below.

nameserver 192.168.1.20

OR

Follow the below tutorial to set DNS server IP in Ubuntu / Debian.

READ: How to add DNS IP address in Debian / Ubuntu / LinuxMint

You can either use nslookup or dig command to verify the DNS server.

Use the dig command to verify the forward lookup along with @<dnsserver> in case you are unable to make an entry in /etc/resolv.conf.

Verify lookup for www.itzgeek.local using ns2.itzgeek.local (192.168.1.20)

[root@client ~]# dig @192.168.1.20 www.itzgeek.local

Output:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @192.168.1.20 www.itzgeek.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35302
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.itzgeek.local.             IN      A

;; ANSWER SECTION:
www.itzgeek.local.      604800  IN      A       192.168.1.100

;; AUTHORITY SECTION:
itzgeek.local.          604800  IN      NS      ns2.itzgeek.local.
itzgeek.local.          604800  IN      NS      ns1.itzgeek.local.

;; ADDITIONAL SECTION:
ns1.itzgeek.local.      604800  IN      A       192.168.1.10
ns2.itzgeek.local.      604800  IN      A       192.168.1.20

;; Query time: 0 msec
;; SERVER: 192.168.1.20#53(192.168.1.20)
;; WHEN: Mon Oct 23 12:32:03 EDT 2017
;; MSG SIZE  rcvd: 130

Now, you can see that the slave server answers for DNS queries.

Zone Modification

While modifying records of any zone on the master server, make sure you update the serial number to some random number, higher than current. Also, run the following command on the master server to reload the zone.

rndc reload itzgeek.local

That’s All. You have successfully configured Slave DNS server on Debian 9 / Ubuntu 16.04.

POSTS YOU MAY LIKE -:)

You might also like

Configure Slave DNS Server on Debian 9 / Ubuntu 16.04

0