How to setup Master Slave DNS with Bind and CentOS 6.x

In this how to we will look into setting up two name DNS servers master and slave using Bind and CentOS 6.5. We will setup primary zone labzone.local on dns1.local server and slave zone labzone.local on dns2.local server. We assume our DNS information is public and will not setup chrooted environment although for additional security it is recommended.

Installation
Lets first run updates to make sure we get all updated packages.

yum update -y

Install named with yum package manager

yum install bind* -y

Add it to runlevel

chkconfig named on

Configuration of Primary DNS

1. First we will need to edit bind configuration file and specify all our options and zone files. Below is a sample configuration files that will only allow lookups for specific domains and will allow zone transfers to any server on the internet.

Lets edit configuration file with vi

vi /etc/named.conf

options {
listen-on port 53 { 127.0.0.1;192.168.0.1; };
listen-on-v6 port 53 { ::1; };
directory     "/var/named/";
dump-file     "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { any; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "labzone.local" IN {
type master;
file "labzone.local.zone";
allow-update{none;};
};
zone "0.168.192.in-addr.arpa" IN {
type master;
allow-update{none;};
file "0.168.192.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key"; 

2. Now we will need to create zone file itself which will hold all our zone records. There will be sample files available in /var/named directory. Lets create one by simply copying this file and modifying it.

cp /var/named/local.empty /var/named/labzone.local.zone

Edit this file with vi or text editor of your choice and make changes.

$ORIGIN labzone.local.
@  1D  IN  SOA ns.ola.org. labzone.local. (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
IN  NS     ns.labzone.local. ; in the domain
IN  NS     ns2.labzone.local. ; external to domain
IN  MX  10 mail.ola.org. ; external mail provider
; server host definitions
ns     3600     IN       A        192.75.172.100
ns2    3600    IN        A       192.75.172.101
www    3600 IN  CNAME    labzone.local.
ftp    3600 IN  CNAME    labzone.local.

Configuration of Slave DNS

Installation of slave DNS is very similar to our primary DNS server. Below review example of configuration file /etc/named.conf. As far as zone file we don’t need to worry about it, since it will automatically replicate from primary to location specified under file directive in configuration file.

options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory     "/var/named";
dump-file     "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { any; };
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone    "labzone.local" IN {
type slave;
file "slaves/labzone.local.zone";
masters { 192.75.172.100; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Finalizing

Start services on both servers with

#service named start

add it to runlevel

chkconfig named on

open TCP 53 only between master and slave DNS servers and port UDP for all to query

-A INPUT -p udp -m udp --dport 53 -j ACCEPT

-A INPUT -p tcp -s 192.75.172.100 -m tcp --dport 53 -j ACCEPT   # make sure you change the source IP to 192.75.172.101 on second DNS server.

Testing and troubleshooting
Here are some troubleshooting commands that we may suggest.

dig @192.75.172.100 labzone.local ns  # lookup records
tcpdump -n "src host 192.75.172.100 and dst port 53"  # monitor communication
cat /var/log/messages | grep "192.75.172.100"  # monitor notifications