How to setup Master Slave DNS with Bind and CentOS 6.x
In this how to we will look into setting up two name DNS servers master and slave using Bind and CentOS 6.5. We will setup primary zone labzone.local on dns1.local server and slave zone labzone.local on dns2.local server. We assume our DNS information is public and will not setup chrooted environment although for additional security it is recommended.
Installation
Lets first run updates to make sure we get all updated packages.
yum update -y
Install named with yum package manager
yum install bind* -y
Add it to runlevel
chkconfig named on
Configuration of Primary DNS
1. First we will need to edit bind configuration file and specify all our options and zone files. Below is a sample configuration files that will only allow lookups for specific domains and will allow zone transfers to any server on the internet.
Lets edit configuration file with vi
vi /etc/named.conf
options {
listen-on port 53 { 127.0.0.1;192.168.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named/";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "labzone.local" IN {
type master;
file "labzone.local.zone";
allow-update{none;};
};
zone "0.168.192.in-addr.arpa" IN {
type master;
allow-update{none;};
file "0.168.192.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2. Now we will need to create zone file itself which will hold all our zone records. There will be sample files available in /var/named directory. Lets create one by simply copying this file and modifying it.
cp /var/named/local.empty /var/named/labzone.local.zone
Edit this file with vi or text editor of your choice and make changes.
$ORIGIN labzone.local. @ 1D IN SOA ns.ola.org. labzone.local. ( 2002022401 ; serial 3H ; refresh 15 ; retry 1w ; expire 3h ; minimum ) IN NS ns.labzone.local. ; in the domain IN NS ns2.labzone.local. ; external to domain IN MX 10 mail.ola.org. ; external mail provider ; server host definitions ns 3600 IN A 192.75.172.100 ns2 3600 IN A 192.75.172.101 www 3600 IN CNAME labzone.local. ftp 3600 IN CNAME labzone.local.
Configuration of Slave DNS
Installation of slave DNS is very similar to our primary DNS server. Below review example of configuration file /etc/named.conf. As far as zone file we don’t need to worry about it, since it will automatically replicate from primary to location specified under file directive in configuration file.
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "labzone.local" IN {
type slave;
file "slaves/labzone.local.zone";
masters { 192.75.172.100; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Finalizing
Start services on both servers with
#service named start
add it to runlevel
chkconfig named on
open TCP 53 only between master and slave DNS servers and port UDP for all to query
-A INPUT -p udp -m udp --dport 53 -j ACCEPT -A INPUT -p tcp -s 192.75.172.100 -m tcp --dport 53 -j ACCEPT # make sure you change the source IP to 192.75.172.101 on second DNS server.
Testing and troubleshooting
Here are some troubleshooting commands that we may suggest.
dig @192.75.172.100 labzone.local ns # lookup records tcpdump -n "src host 192.75.172.100 and dst port 53" # monitor communication cat /var/log/messages | grep "192.75.172.100" # monitor notifications