How To Configure Slave DNS (BIND) Server On Ubuntu 18.04 / 16.04 & Debian 10 / 9

0

ADVERTISEMENT

Configure Slave DNS (BIND) Server On Ubuntu 18.04
Configure Slave DNS (BIND) Server On Ubuntu 18.04

DNS servers can be configured to act as a master or a slave to serve the DNS request. When the DNS is configured as a slave, it gets the copy of zone data from the master by using a zone transfer method and keeps that in a cache for a particular period for serving DNS queries.

Environment

itzgeek.local
ns1.itzgeek.local 192.168.0.10 Master DNS Server
ns2.itzgeek.local 192.168.0.20 Slave DNS Server. Takes care of DNS requests when the master server goes down

ns1.itzgeek.local is already configured as the master for the itzgeek.local domain.

READ: Configure DNS Server On Ubuntu 18.04 / Ubuntu 16.04

READ: Configure DNS Server On Debian 10 / Debian 9

We will now configure ns2.itzgeek.local as a slave DNS server for the itzgeek.local domain.

Configure Master Server

We need to configure BIND on the master server (ns1.itzgeek.local) to enable zone transfer to our secondary server (ns2.itzgeek.local).

Edit the /etc/named.conf.local file in ns1.itzgeek.local.

sudo nano /etc/bind/named.conf.local

You would need to update the existing zones we created for itzgeek.local with the allow-transfer and also-notify parameter.

The allow-transfer will let you transfer zones from the master to a slave server and also-notify help us to notify a slave server when there has a change in zones at the master server.

Forward Zone

zone "itzgeek.local" IN { // Domain name

     type master; // Primary DNS

     file "/etc/bind/forward.itzgeek.local.db"; // Forward lookup file

     allow-transfer  { 192.168.0.20; }; //Allow Transfer of zone from the master server

     also-notify { 192.168.0.20; }; //Notify slave for zone changes

};

Reverse Zone

zone "0.168.192.in-addr.arpa" IN { //Reverse lookup name, should match your network in reverse order

     type master; // Primary DNS

     file "/etc/bind/reverse.itzgeek.local.db"; //Reverse lookup file

     allow-transfer  { 192.168.0.20; }; //Allow Transfer of zone from the master server

     also-notify { 192.168.0.20; }; //Notify slave for zone changes

};

Restart the DNS service at ns1.itzgeek.local.

sudo systemctl restart bind9

Configure Slave Server

Make sure you install the following packages on the slave server.

sudo apt-get install -y bind9 bind9utils bind9-doc dnsutils

It is the time to add a slave zone declaration on the slave server (ns2.itzgeek.local). Edit /etc/bind/named.conf.local file.

sudo nano /etc/bind/named.conf.local

Forward Zone

Add the slave zone like below.

zone "itzgeek.local" IN { //Domain name 

     type slave; //Secondary Slave DNS

     file "/var/cache/bind/forward.itzgeek.local.db"; //Forward Zone Cache file

     masters { 192.168.0.10; }; //Master Server IP

};

Reverse Zone

Add the slave zone like below.

zone "0.168.192.in-addr.arpa" IN { //Reverse lookup name. Should match your network in reverse order

     type slave; // Secondary/Slave DNS

     file "/var/cache/bind/reverse.itzgeek.local.db"; //Reverse Zone Cache file

     masters { 192.168.0.10; }; //Master Server IP

};

Restart DNS service at ns2.itzgeek.local

ADVERTISEMENT

sudo systemctl restart bind9

Wait for a few minutes, and you would start to see something like below in /var/log/syslog file.

Jan  4 23:18:49 ns2 named[2637]: zone itzgeek.local/IN: Transfer started.
Jan  4 23:18:49 ns2 named[2637]: transfer of 'itzgeek.local/IN' from 192.168.0.10#53: connected using 192.168.0.20#54333
Jan  4 23:18:49 ns2 named[2637]: zone itzgeek.local/IN: transferred serial 3
Jan  4 23:18:49 ns2 named[2637]: transfer of 'itzgeek.local/IN' from 192.168.0.10#53: Transfer status: success
Jan  4 23:18:49 ns2 named[2637]: transfer of 'itzgeek.local/IN' from 192.168.0.10#53: Transfer completed: 1 messages, 8 records, 228 bytes, 0.004 secs (57000 bytes/sec)
Jan  4 23:18:49 ns2 named[2637]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Jan  4 23:18:49 ns2 named[2637]: resolver priming query complete
Jan  4 23:18:49 ns2 named[2637]: zone 0.168.192.in-addr.arpa/IN: Transfer started.
Jan  4 23:18:49 ns2 named[2637]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.0.10#53: connected using 192.168.0.20#55105
Jan  4 23:18:49 ns2 named[2637]: zone 0.168.192.in-addr.arpa/IN: transferred serial 3
Jan  4 23:18:49 ns2 named[2637]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.0.10#53: Transfer status: success
Jan  4 23:18:49 ns2 named[2637]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.0.10#53: Transfer completed: 1 messages, 6 records, 210 bytes, 0.007 secs (30000 bytes/sec)
Jan  4 23:18:49 ns2 named[2637]: zone 0.168.192.in-addr.arpa/IN: sending notifies (serial 3)

DNS Record Update

While modifying records of any zone on the master server, make sure you update the serial number to some random number, higher than current. Also, run the following command on the master server to reload the zone so that the slave zone gets the updated records.

Change itzgeek.local & 0.168.192.in-addr.arpa with your zone names.

### Forward Zone ###

sudo rndc reload itzgeek.local 

### Reverse Zone ###

sudo rndc reload 0.168.192.in-addr.arpa

Verify Slave DNS Server

On the client machine, add a slave DNS server IP Address in /etc/resolv.conf file.

sudo nano /etc/resolv.conf

Add an additional DNS entry like below along with existing entries.

nameserver 192.168.0.20

OR

Read the below tutorial to set DNS server IP in Linux.

READ: How to Set DNS IP address in CentOS / Fedora

READ: How to Set DNS IP address in Ubuntu / Debian – ifupdown

READ: How To Set DNS IP Address in Ubuntu 18.04 – Netplan

You can either use nslookup or dig command to verify the DNS server.

Use the dig command to verify the forward lookup along with @<dnsserver> in case you are unable to make an entry in /etc/resolv.conf.

Verify lookup for www.itzgeek.local using ns2.itzgeek.local (192.168.0.20)

dig www.itzgeek.local @192.168.0.20

Output:

; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> www.itzgeek.local @192.168.0.20
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29076
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 0ff4fbeabbfe6d45cf28f0e85e11725b14943fb073203e78 (good)
;; QUESTION SECTION:
;www.itzgeek.local.             IN      A

;; ANSWER SECTION:
www.itzgeek.local.      604800  IN      A       192.168.0.100

;; AUTHORITY SECTION:
itzgeek.local.          604800  IN      NS      ns1.itzgeek.local.

;; ADDITIONAL SECTION:
ns1.itzgeek.local.      604800  IN      A       192.168.0.10

;; Query time: 0 msec
;; SERVER: 192.168.0.20#53(192.168.0.20)
;; WHEN: Sun Jan 05 10:51:26 IST 2020
;; MSG SIZE  rcvd: 124

Now, you can see that the slave server answers DNS queries.

Conclusion

That’s All. You have successfully configured Slave DNS Server On Ubuntu 18.04 / Ubuntu 16.04 & Debian 10 / Debian 9. Please share your feedback in the comments section.

You might also like