How to set up a DNS server master and slave.
DNS stands for Domain Name Services which means to translate computer names to IP Address. On this post, I’ll explain step by step how to set a Primary DNS and a Secondary DNS replicated by the first one. Both of them have an interactively of syncronizing theirs bases. I’m sure how easy it can be, I hope that to be useful for you.
For this example, I used CentOS-5 as base. So, let’s get started!
PRIMARY DNS SERVER SIDE (WEBSERVER01) (192.168.1.6)
1- Install these following packages
[root@webserver01 ~]# yum install bind bind-utils bind-chroot caching-nameserver
2- Configuring bind as cache name server.
Brief summary of the majors options.
listen-on port 53 – This wanna mean that the service will be running at port 53.
directory – it appoints where it will be stored. Remember, when we install bind-chroot, this isolate BIND in a so-called “chroot jail”, which limits access if DNS is compromissed.
allow-query – it allows machines execute queries on this server
So, based on a bind chrooted, let’s create the symbols links to /var/named/* everytime we touch or create a file or any link needed by other file path.
[root@webserver01 ~]# cd /var/named/chroot/etc/
[root@webserver01 etc]# mv named.caching-nameserver.conf named.conf
[root@webserver01 etc]# ln -s /var/named/chroot/etc/named.conf /etc/named.conf
Let’s check out if it’s been created sucessfully.
[root@webserver01 etc]# ls -la /etc/named.conf
lrwxrwxrwx 1 root root 32 Mar 12 22:30 /etc/named.conf -> /var/named/chroot/etc/
named.conf
[root@webserver01 etc]#
– To warm up our engines, there’s no better way to begin editing it. It must be looked like this.
[root@webserver01 etc]# vi /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; 192.168.1.6; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;allow-query { localhost; 192.168.1.0/24; };
allow-query-cache { localhost; 192.168.1.0/24; };logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};view localhost_resolver {
match-clients { localhost; 192.168.1.0/24; };
match-destinations { localhost; 192.168.1.0/24; };
recursion yes;
include “/etc/named.rfc1912.zones”;
};
So, in both allow-query and allow-query-cache, we’re allowing all network source coming from 192.168.1.0 to make searching and
their searching being stored to the next request time.
Over vier localhost_resolver, is being included a file called named.rfc1912.zones which’s linked to
/var/named/chroot/var/named.rfc1912.zones. into this files are configured others files for example (the most important of them)
“named.ca”. Through this file “named.ca”, the server can be able to connecto to others DNS around the world just to get in touch for resolving names replicated by them.
We need to generate rndc.key, throughout rndc command you can manage your DNS database. It’s something looked like apachectl command.
[root@webserver01 etc]# rndc-confgen -a -b 512
Edit /etc/named.conf and put this entry in.
[root@webserver01 etc]# vi /etc/named.conf
include “/etc/rndc.key”;
Watch out! /etc/rndc.key has to be linked by /var/named/chroot/etc/rndc.key
Configure your server to user this dns server.
[root@webserver01 etc]# vi /etc/resolv.conf
nameserver 192.168.1.6
Start the named service and make sure that it will be startup during the boot time.
[root@webserver01 etc]# service named start
Starting named: [ OK ]
[root@webserver01 etc]# chkconfig named on
[root@webserver01 etc]#
*****************************************************
Configuring a simple domain on Primary Domain Server (Webserver01-192.168.1.6)
Edit /etc/named.rfc1912.zones
[root@webserver01 ~]# vi /etc/named.rfc1912.zones
zone “queirozpacheco.com” IN {
type master;
file “queirozpacheco.com.zone”;
allow-transfer{192.168.1.2;};
};
So, I wanna talk about allow-transfer option. This option allows the slave server to synchonize queirozpacheco.com domain to
the master server. So, assuming that 192.168.1.2 would be the slave domain server.
Let’s create queirozpacheco.com.zone file.
[root@webserver01 etc]# vi /var/named/chroot/var/named/queirozpacheco.com.zone
$TTL 86400
@ IN SOA ns.queirozpacheco.com. root.queirozpacheco.com. (2010031200 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; MinimumIN NS ns
IN MX 10 mail
ns IN A 192.168.1.6
mail IN A 192.168.1.6
webserver IN A ns
server01 IN A 192.168.1.2
www IN CNAME ns
As everytime we create some file, we need to appoint to /var/named.
[root@webserver01 ~]# ln -s /var/named/chroot/var/named/queirozpacheco.com.zone /var/named/queirozpacheco.com.zone
As it’s been talked before, We know that DNS is a service which helps you to translate domain name such as http://www.queirozpacheco.com to Ip address such as 192.168.1.6. Now, we’ll do the opposite. We need setting a reverse DNS.
Edit /etc/named.rfc1912.zones again.
[root@webserver01 ~]# vi /etc/named.rfc1912.zones
zone “1.168.192.in-addr.arpa” {
type master;
file “1.168.192.in-addr.arpa”;
allow-transfer{192.168.1.2;};
};
[root@webserver01 ~]# vi /var/named/chroot/var/named/1.168.192.in-addr.arpa
$TTL 86400
@ IN SOA ns.queirozpacheco.com. root.queirozpacheco.com. (
2010031200 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; MinimumIN NS ns.queirozpacheco.com.
2 IN PTR server01.queirozpacheco.com.
6 IN PTR ns.queirozpacheco.com.
2 IN PTR webserver01.queirozpacheco.com.
Restart the named service or apply the reload option.
[root@webserver01 /]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@webserver01 /]#
[root@webserver01 /]# ping ns.queirozpacheco.com
PING ns.queirozpacheco.com (192.168.1.6) 56(84) bytes of data.
64 bytes from ns.queirozpacheco.com (192.168.1.6): icmp_seq=1 ttl=64 time=0.185
ms
64 bytes from ns.queirozpacheco.com (192.168.1.6): icmp_seq=2 ttl=64 time=0.244
ms
64 bytes from ns.queirozpacheco.com (192.168.1.6): icmp_seq=3 ttl=64 time=0.045
ms— ns.queirozpacheco.com ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.045/0.158/0.244/0.083 ms
[root@webserver01 /]#[root@webserver01 /]# ping mail.queirozpacheco.com
PING mail.queirozpacheco.com (192.168.1.6) 56(84) bytes of data.
64 bytes from ns.queirozpacheco.com (192.168.1.6): icmp_seq=1 ttl=64 time=0.024
ms
64 bytes from ns.queirozpacheco.com (192.168.1.6): icmp_seq=2 ttl=64 time=0.041
ms
64 bytes from ns.queirozpacheco.com (192.168.1.6): icmp_seq=3 ttl=64 time=0.044
ms— mail.queirozpacheco.com ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.024/0.036/0.044/0.010 ms
[root@webserver01 /]#
——
[root@webserver01 /]# dig -x 192.168.1.6
; <> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <> -x 192.168.1.6
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61808
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:
;6.1.168.192.in-addr.arpa. IN PTR;; ANSWER SECTION:
6.1.168.192.in-addr.arpa. 86400 IN PTR ns.queirozpacheco.com.;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS ns.queirozpacheco.com.;; ADDITIONAL SECTION:
ns.queirozpacheco.com. 86400 IN A 192.168.1.6;; Query time: 4 msec
;; SERVER: 192.168.1.6#53(192.168.1.6)
;; WHEN: Fri Mar 12 23:39:39 2010
;; MSG SIZE rcvd: 107[root@webserver01 /]#
*********************
Setting a DNS Slave Server.
[root@server01 ~]# yum install bind bind-utils bind-chroot caching-nameserver
[root@server01 ~]# cd /var/named/chroot/etc/
[root@server01 etc]# mv named.caching-nameserver.conf named.conf
[root@server01 etc]# ln -s /var/named/chroot/etc/named.conf /etc/named.conf
[root@server01 etc]#
Edit /etc/named.conf file.
[root@server01 etc]# vi /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; 192.168.1.2; };
listen-on-v6 port 53 { ::1; };.
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;allow-query { localhost; 192.168.1.0/24;};
allow-query-cache { localhost; 192.168.1.0/24;};
};logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; 192.168.1.0/24; };
match-destinations { localhost; 192.168.1.0/24; };
recursion yes;
include “/etc/named.rfc1912.zones”;
};include “/etc/rndc.conf”;
[root@server01 etc]# rndc-confgen -a -b 512
[root@server01 etc]# vi /etc/named.rfc1912.zones
zone “queirozpacheco.com” IN {
type slave;
file “slaves/queirozpacheco.com.zone”;
masters {
192.168.1.6;
};
};zone “1.168.192.in-addr.arpa” {
type slave;
file “slaves/queirozpacheco.com.zone”;
masters {
192.168.1.6;
};
};[root@server01 etc]# vi /var/named/chroot/var/named/slaves/queirozpacheco.com.zone
T$TL 86400
@ IN SOA ns.queirozpacheco.com. root.queirozpacheco.com. (2010031200 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
Run ln -s to generate the symbolic link and give the permissions to the file.
[root@server01 etc]# ln -s /var/named/chroot/var/named/slaves/queirozpacheco.com.zone /var/named/slaves/queirozpacheco.com.zone
[root@server01 etc]# chown named.named /var/named/chroot/var/named/slaves/queirozpacheco.com.zone
Create the reverse zone for that one, and give permissions again.
[root@server01 etc]# vi /var/named/chroot/var/named/slaves/1.168.192.in-addr.arpa
$TTL 86400
@ IN SOA ns.queirozpacheco.com. root.queirozpacheco.com. (
2010031200 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
[root@server01 etc]# chown named.named /var/named/chroot/var/named/slaves/1.168.192.in-addr.arpa
Start named service and make sure it will be started up on the boot time.
[root@server01 etc]# service named start
Starting named: [ OK ]
[root@server01 etc]# chkconfig named on
[root@server01 etc]#
Configure the DNS client. appointed to himself. (DNS slave server)
[root@server01 etc]# vi /etc/resolv.conf
nameserver 192.168.1.2
Make sure if the bases were syncronized.
[root@server01 etc]# tail -15 /var/log/messages
Mar 13 00:37:10 server01 named[2041]: transfer of ‘queirozpacheco.com/IN’ from 1
92.168.1.6#53: connected using 192.168.1.2#58936
Mar 13 00:37:10 server01 named[2041]: zone queirozpacheco.com/IN/localhost_resol
ver: transferred serial 2010031200
Mar 13 00:37:10 server01 named[2041]: transfer of ‘queirozpacheco.com/IN’ from 1
92.168.1.6#53: end of transfer
Mar 13 00:37:11 server01 named[2041]: zone 1.168.192.in-addr.arpa/IN/localhost_r
esolver: Transfer started.
Mar 13 00:37:11 server01 named[2041]: transfer of ‘1.168.192.in-addr.arpa/IN’ fr
om 192.168.1.6#53: connected using 192.168.1.2#40767
Mar 13 00:37:11 server01 named[2041]: zone 1.168.192.in-addr.arpa/IN/localhost_r
esolver: transferred serial 2010031200
Mar 13 00:37:11 server01 named[2041]: transfer of ‘1.168.192.in-addr.arpa/IN’ fr
om 192.168.1.6#53: end of transfer
Now, launch a ping for testing.
[root@server01 etc]# ping ns.queirozpacheco.com
PING ns.queirozpacheco.com (192.168.1.6) 56(84) bytes of data.
64 bytes from ns.queirozpacheco.com (192.168.1.6): icmp_seq=1 ttl=64 time=0.949
ms
64 bytes from ns.queirozpacheco.com (192.168.1.6): icmp_seq=2 ttl=64 time=0.265[root@server01 etc]# ping webserver.queirozpacheco.com
PING ns.queirozpacheco.com (192.168.1.6) 56(84) bytes of data.
64 bytes from webserver01.queirozpacheco.com (192.168.1.6): icmp_seq=1 ttl=64 ti
me=0.199 ms
64 bytes from webserver01.queirozpacheco.com (192.168.1.6): icmp_seq=2 ttl=64 ti
me=0.224 ms— ns.queirozpacheco.com ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.199/0.211/0.224/0.019 ms
[root@server01 etc]#
Make sure if the reverze domain will response your request.
[root@server01 etc]# dig -x 192.168.1.2
; <> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <> -x 192.168.1.2
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9711
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:
;2.1.168.192.in-addr.arpa. IN PTR;; ANSWER SECTION:
2.1.168.192.in-addr.arpa. 86400 IN PTR server01.queirozpacheco.com.;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS ns.queirozpacheco.com.;; ADDITIONAL SECTION:
ns.queirozpacheco.com. 86400 IN A 192.168.1.6;; Query time: 4 msec
;; SERVER: 192.168.1.2#53(192.168.1.2)
;; WHEN: Sat Mar 13 00:44:04 2010
;; MSG SIZE rcvd: 116[root@server01 etc]# dig -x 192.168.1.6
; <> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <> -x 192.168.1.6
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1395
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:
;6.1.168.192.in-addr.arpa. IN PTR;; ANSWER SECTION:
6.1.168.192.in-addr.arpa. 86400 IN PTR ns.queirozpacheco.com.
6.1.168.192.in-addr.arpa. 86400 IN PTR webserver01.queirozpacheco.com.;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS ns.queirozpacheco.com.;; ADDITIONAL SECTION:
ns.queirozpacheco.com. 86400 IN A 192.168.1.6
That’s all people.. Until the next.
Carlos.
Carlos Queiroz's blog. 
Very good article. I absolutely love this website. Keep
writing!
thank you for reading!! I hope it had useful for you