How To Configure Slave DNS (BIND) on CentOS 7 / RHEL 7
BIND can be configured as master or slave to serve the DNS request for each zone. When the BIND is configured as a slave, it obtains the copy of zone data from the master server by using the zone transfer method.
In the previous post, we had configured the DNS server on CentOS 7 which will act as a source for the slave server.
Environment
Domain Name: itzgeek.local | ||
---|---|---|
primary.itzgeek.local | 192.168.1.10 | Master DNS Server |
secondary.itzgeek.local | 192.168.1.20 | Slave DNS Server |
In this, we have two servers named primary and secondary. The primary has already been configured as a master for itzgeek.local domain.
Now we will configure secondary as a slave DNS server for itzgeek.local.
On Master Server
Configure BIND on the master server to allow zone transfer to a secondary server, edit the /etc/named.conf file in primary.itzgeek.local.
vi /etc/named.conf
Add the following entry in the file. The servers that are mentioned in the allow-transfer will able to transfer zones from the master server.
options { . . . allow-transfer { 192.168.1.20; }; also-notify { 192.168.1.20; }; . . . }
Add your secondary DNS server information in forward lookup file at primary.itzgeek.local.
vi /var/named/fwd.itzgeek.local.db
Records will look like below.
@ IN SOA primary.itzgeek.local. root.itzgeek.local. ( 1002 ;Serial 3H ;Refresh 15M ;Retry 1W ;Expire 1D ;Minimum TTL ) ;Name Server Information @ IN NS primary.itzgeek.local. ;Secondary Name server @ IN NS secondary.itzgeek.local. ;IP address of Primary Name Server primary IN A 192.168.1.10 ;IP address of Secondary Name Server secondary IN A 192.168.1.20 ;Mail exchanger itzgeek.local. IN MX 10 mail.itzgeek.local. ;A - Record HostName To IP Address www IN A 192.168.1.100 mail IN A 192.168.1.150 ;CNAME record ftp IN CNAME www.itgeek.local.
Restart BIND service.
systemctl restart named
Add a allow rule in the firewall to allow transfer zones from the master server.
firewall-cmd --permanent --add-port=53/tcp firewall-cmd --reload
On Slave Server
It is the time to add a slave zone declaration on the secondary server, make sure you to install the following packages on the secondary server.
yum -y install bind bind-utils
Edit /etc/named.conf file. Comment out the following line to enable BIND to listen on all interfaces.
// listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; };
Add your network in the following line. I’ve added 192.168.1.0/24 to allow the clients from 192.168.1.0/24 network can query the DNS for the name to IP translation.
options { . . . allow-query { localhost; 192.168.1.0/24; }; . . . }
Add the slave zone like below.
zone "itzgeek.local" IN { type slave; masters { 192.168.1.10; }; file "slaves/fwd.itzgeek.local.db"; }; zone "1.168.192.in-addr.arpa" IN { type slave; masters { 192.168.1.10; }; file "slaves/1.168.192.db"; };
itzgeek.local – Domain name
slave – Secondary DNS
fwd.itzgeek.local.db & 1.168.192.db – Slave forward & Reverse lookup file
Restart BIND service at secondary.itzgeek.local
systemctl restart named
Add a allow rule in the firewall to let clients can connect to DNS server for name resolution.
firewall-cmd --permanent --add-port=53/udp firewall-cmd --reload
Verify lookup for www.itzgeek.local using secondary.itzgeek.local (192.168.1.20)
[[email protected] ~]# dig @192.168.1.20 www.itzgeek.local
Output:
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> @192.168.1.20 www.itzgeek.local ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5314 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.itzgeek.local. IN A ;; ANSWER SECTION: www.itzgeek.local. 604800 IN A 192.168.1.100 ;; AUTHORITY SECTION: itzgeek.local. 604800 IN NS secondary.itzgeek.local. itzgeek.local. 604800 IN NS primary.itzgeek.local. ;; ADDITIONAL SECTION: primary.itzgeek.local. 604800 IN A 192.168.1.10 secondary.itzgeek.local. 604800 IN A 192.168.1.20 ;; Query time: 0 msec ;; SERVER: 192.168.1.20#53(192.168.1.20) ;; WHEN: Wed Jul 17 21:53:45 IST 2019 ;; MSG SIZE rcvd: 140
Record Update
Whenever you change a DNS record at the master server, do not forget to change the serial number in the zone file and run the following command on the master server to reload the zone.
Change itzgeek.local & 1.168.192.in-addr.arpa with your zone names.
### Forward Zone ### rndc reload itzgeek.local ### Reverse Zone ### rndc reload 1.168.192.in-addr.arpa
Conclusion
That’s All. I hope you learned how to set up a slave DNS server on CentOS 7 / RHEL 7.