How To Configure Slave DNS (BIND) on CentOS 7 / RHEL 7

BIND can be configured as master or slave to serve the DNS request for each zone. When the BIND is configured as a slave, it obtains the copy of zone data from the master server by using the zone transfer method.

In the previous post, we had configured the DNS server on CentOS 7 which will act as a source for the slave server.

Environment

Domain Name: itzgeek.local
primary.itzgeek.local	192.168.1.10	Master DNS Server
secondary.itzgeek.local	192.168.1.20	Slave DNS Server

In this, we have two servers named primary and secondary. The primary has already been configured as a master for itzgeek.local domain.

Now we will configure secondary as a slave DNS server for itzgeek.local.

On Master Server

Configure BIND on the master server to allow zone transfer to a secondary server, edit the /etc/named.conf file in primary.itzgeek.local.

vi /etc/named.conf

Add the following entry in the file. The servers that are mentioned in the allow-transfer will able to transfer zones from the master server.

options {

        .    .    .

        allow-transfer { 192.168.1.20; };
        also-notify { 192.168.1.20; };

        .    .    .
}

Add your secondary DNS server information in forward lookup file at primary.itzgeek.local.

vi /var/named/fwd.itzgeek.local.db

Records will look like below.

@   IN  SOA     primary.itzgeek.local. root.itzgeek.local. (
                                                1002    ;Serial
                                                3H      ;Refresh
                                                15M     ;Retry
                                                1W      ;Expire
                                                1D      ;Minimum TTL
                                                )

;Name Server Information
@      IN  NS      primary.itzgeek.local.

;Secondary Name server
@      IN  NS      secondary.itzgeek.local.

;IP address of Primary Name Server
primary IN  A       192.168.1.10

;IP address of Secondary Name Server
secondary IN A      192.168.1.20

;Mail exchanger
itzgeek.local. IN  MX 10   mail.itzgeek.local.

;A - Record HostName To IP Address
www     IN  A       192.168.1.100
mail    IN  A       192.168.1.150

;CNAME record
ftp     IN CNAME        www.itgeek.local.

Restart BIND service.

systemctl restart named

Add a allow rule in the firewall to allow transfer zones from the master server.

firewall-cmd --permanent --add-port=53/tcp

firewall-cmd --reload

On Slave Server

It is the time to add a slave zone declaration on the secondary server, make sure you to install the following packages on the secondary server.

yum -y install bind bind-utils

Edit /etc/named.conf file. Comment out the following line to enable BIND to listen on all interfaces.

// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };

Add your network in the following line. I’ve added 192.168.1.0/24 to allow the clients from 192.168.1.0/24 network can query the DNS for the name to IP translation.

options {

        .    .    .

        allow-query     { localhost; 192.168.1.0/24; };

        .    .    .
}

Add the slave zone like below.

zone "itzgeek.local" IN {
        type slave;
        masters { 192.168.1.10; };
        file "slaves/fwd.itzgeek.local.db";
};


zone "1.168.192.in-addr.arpa" IN {
       type slave;
       masters { 192.168.1.10; };
       file "slaves/1.168.192.db";
};

itzgeek.local – Domain name
slave – Secondary DNS
fwd.itzgeek.local.db & 1.168.192.db – Slave forward & Reverse lookup file

Restart BIND service at secondary.itzgeek.local

systemctl restart named

Add a allow rule in the firewall to let clients can connect to DNS server for name resolution.

firewall-cmd --permanent --add-port=53/udp

firewall-cmd --reload

Verify lookup for www.itzgeek.local using secondary.itzgeek.local (192.168.1.20)

[root@client ~]# dig @192.168.1.20 www.itzgeek.local

Output:

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> @192.168.1.20 www.itzgeek.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5314
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.itzgeek.local.             IN      A

;; ANSWER SECTION:
www.itzgeek.local.      604800  IN      A       192.168.1.100

;; AUTHORITY SECTION:
itzgeek.local.          604800  IN      NS      secondary.itzgeek.local.
itzgeek.local.          604800  IN      NS      primary.itzgeek.local.

;; ADDITIONAL SECTION:
primary.itzgeek.local.  604800  IN      A       192.168.1.10
secondary.itzgeek.local. 604800 IN      A       192.168.1.20

;; Query time: 0 msec
;; SERVER: 192.168.1.20#53(192.168.1.20)
;; WHEN: Wed Jul 17 21:53:45 IST 2019
;; MSG SIZE  rcvd: 140

Record Update

Whenever you change a DNS record at the master server, do not forget to change the serial number in the zone file and run the following command on the master server to reload the zone.

Change itzgeek.local & 1.168.192.in-addr.arpa with your zone names.

### Forward Zone ###

rndc reload itzgeek.local

### Reverse Zone ###

rndc reload 1.168.192.in-addr.arpa

Conclusion

That’s All. I hope you learned how to set up a slave DNS server on CentOS 7 / RHEL 7.