In this tutorial, we will configure and install secondary slave name server using Bind dns.The purpose of a slave name server is to share the load with the master server, or handle the entire load if the master server is down. A slave name server loads its data over the network from another name server usually the master name server, but it can load from another slave name server too. This process is called a zone transfer. This tutorial can also be used to install secondary slave name sever on CentOS, Rhel, etc.
1.Caching Only DNS server
Setting up a caching only server for client local machines will reduce the load on the site’s primary server. A caching only name server will find the answer to name queries and remember the answer the next time we need it. This will shorten the waiting time the next time significantly. For security reasons, it is very important that DNS doesn’t exist between hosts on the corporate network and external hosts; it is far safer to simply use IP addresses to connect to external machines from the corporate network and vice-versa.
2. Primary Master DNS server
A primary master name server for a zone reads the data for the zone from a file on it’s host and are authoritative for that zone
3. Slave DNS server
The purpose of a slave name server is to share the load with the master server, or handle the entire load if the master server is down. A slave name server loads its data over the network from another name server usually the master name server, but it can load from another slave name server too. This process is called a zone transfer.
Install secondary slave name server
We will first install the bind packages required for dns
#yum install bind-chroot -yTo configure the /etc/named.conf file for a slave name server, use this configuration for the server on your network that acts as a slave name server. You must modify the named.conf file on the slave name server host. Change every occurrence of primary to secondary except for 0.0.127.in-addr.arpa and add a masters line with the IP address of the master server as shown below
# vi /var/named/chroot/etc/named.confoptions {
directory "/var/named";
fetch-glue no;
recursion no;
allow-query { 208.164.186/24; 127.0.0/8; };
allow-transfer { 208.164.186.1; };
transfer-format many-answers;
};
// These files are not specific to any zone
zone "." in {
type hint;
file "db.cache";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "db.127.0.0";
};
// These are our slave zone files
zone "makeuseoflinux.com" in {
type slave;
file "makeuseoflinux.com.db";
masters { 208.164.186.1; }; // IP of your master dns server
};
zone "186.164.208.in-addr.arpa" in {
type slave;
file "db.208.164.186";
masters { 208.164.186.1; };
};
This tells the name server that it is a slave for the zone makeuseoflinux.com and should track the version of this zone that is being kept on the host 208.164.186.1.
A slave name server doesn’t need to retrieve all of its database (db) files over the network because these db files db.127.0.0 and db.cache are the same as on a primary master, so you can keep a local copy of these files on the slave name server.
- Copy the db.127.0.0 file from master name server to slave name server.
- Copy the db.cache file from master name server to slave name server.
Starting dns server
Since we have done all the configuration required for slave name server, we will start and enable the bind dns server.
#systemctl enable bind
#systemctl start bindBIND/DNS in a chroot jail
The main benefit of a chroot jail is that the jail will limit the portion of the file system the DNS daemon program can see to the root directory of the jail. Additionally, since the jail only needs to support DNS, the programs related to ISC BIND/DNS available in the jail can be extremely limited. Most importantly, there is no need for setuid-root programs, which can be used to gain root access and break out of the jail.
Import Tips if you have Master/Slave DNS setup
- If zone transfer is not taking place on slave then check allow-transfer on master and masters ip on slave.
- If still not working then check the match-clients and match-destination options.
Conclusion
We have configure and install secondary slave name server. The slave dns server will pull the zone information and configuration changes from the Primary master name server whenever there is change.
