Setup Master Slave DNS in CentOS 6 or Red Hat 6
In this tutorial we will learn about how to setup Master Slave DNS in CentOS 6 or Red Hat 6.
DNS is a big concept and the Internet World run on it.In this post I tried to write the how to as simple as I can.
Because we are configuring server in chroot, the all configuration file are in /var/named/chroot
Details:
Package Name : BIND Version 9.8.2
[root@localhost ~]# rpm -qa|grep bind bind-libs-9.8.2-0.17.rc1.el6_4.4.i686 bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686 bind-9.8.2-0.17.rc1.el6_4.4.i686 [root@localhost ~]#
Operating System : Red Hat 6.4 and CentOS 6.4
Master DNS Server = 192.168.122.9 ns1.example.com
Slave DNS Server = 192.168.122.10 ns2.example.com
IPTABLES = Disabled
SELINUX = Disabled
Setup Master DNS server
Follow the given below steps in Master DNS Server (ns1.example.com 192.168.122.9):
Step 1: Install bind-chroot by using yum command, there are some other dependency will also install bydefault. See in below content
[root@localhost ~]# yum install bind-chroot . . . . . . . Dependencies Resolved ======================================================================================================================= Package Arch Version Repository Size ======================================================================================================================= Installing: bind-chroot i686 32:9.8.2-0.17.rc1.el6_4.4 updates 71 k Installing for dependencies: bind i686 32:9.8.2-0.17.rc1.el6_4.4 updates 4.0 M bind-libs i686 32:9.8.2-0.17.rc1.el6_4.4 updates 889 k portreserve i686 0.0.4-9.el6 base 22 k Transaction Summary ======================================================================================================================= Install 4 Package(s) Total download size: 4.9 M Installed size: 9.6 M Is this ok [y/N]: y
Step 2: After installing bind-chroot package we will get some bind docs in our system.Which we will use it in our setup .
ls -l /usr/share/doc/bind-9.8.2/
Step 3: Set the FQDN of Master DNS server
Edit the /etc/hosts file and replace the ip address and domain name with yours ipaddress and domain name
vi /etc/hosts 192.168.122.9 ns1.example.com ns1
Edit the /etc/sysconfig/network and replace HOSTNAME value
vi /etc/sysconfig/network HOSTNAME=ns1
Restart the network service
/etc/init.d/network restart
Now check Hostname and FQDN you are getting properly.
Once logout and re-login or Restart the server
[root@ns1 named]# hostname ns1 [root@ns1 named]# hostname -f ns1.example.com
Edit /etc/resolv.conf file
[root@ns1 named]# vi /etc/resolv.conf domain example.com search example.com nameserver 192.168.122.9 [root@ns1 named]#
Step 3: Create a named.conf file in chroot directory
[root@ns1 named]# cp -prvf /usr/share/doc/bind-9.8.2/sample/etc/named.rfc1912.zones /var/named/chroot/etc/named.conf
`/usr/share/doc/bind-9.8.2/sample/etc/named.rfc1912.zones' -> `/var/named/chroot/etc/named.conf'
[root@ns1 named]#
[root@ns1 named]# vi /var/named/chroot/etc/named.conf
#######remove old contents and paste the below given contents ########
include "/etc/rndc.key";
options {
directory "/var/named"; // Zone files path i.e /var/named/chroot/var/named .
forwarders {192.168.122.10; }; // In case the DNS query fails,request will go to next available DNS server i.e 192.168.122.10
};
//Forward zone section for example.com
zone "example.com" IN {
type master;
file "example.com.forward-zone"; //forward zone files in /var/named
allow-update { none; };
};
// Reverse Zone Section for example.com
zone "122.168.192.in-addr.arpa" IN {
type master; // Declaring as DNS Master Server
file "example.com.reverse-zone"; // reverse zone files in /var/named
allow-update { none; };
};
Step 4: Create Forward Zone and Reverse zone file.
Forward Zone File:
[root@ns1 ~]# cd /var/named/chroot/var/named [root@localhost named]# cp -prvf /usr/share/doc/bind-9.8.2/sample/var/named/named.localhost . `/usr/share/doc/bind-9.8.2/sample/var/named/named.localhost' -> `./named.localhost' [root@localhost named]# ls -l total 4 -rw-r--r-- 1 named named 152 Mar 29 04:18 named.localhost [root@ns1 named]# [root@ns1 named]# mv named.localhost example.com.forward-zone [root@ns1 named]# vi example.com.forward-zone ;comment is given by symbol ; ,hence this line is commented ; IN SOA we give Start Of Authority email id in this pattern, username.domainname.tld eg. admin.example.com ; FQDN must have period (.) sign at trailing end,see given below "IN NS ns1.example.com." $TTL 1D @ IN SOA ns1.example.com sharadchhetri.example.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns1.example.com. IN A 192.168.122.9 NS1 IN A 192.168.122.9 www IN A 192.168.122.11
Reverse Zone File:
[root@ns1 ~]# cd /var/named/chroot/var/named
[root@ns1 named]# vi example.com.reverse-zone
;Reverse Zone File for example.com
; do not forget to use period (.) at trailing end of FQDN
$TTL 1D
@ IN SOA ns1.example.com sharadchhetri.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.example.com.
9 IN PTR ns1.example.com.
11 IN PTR www.example.com.
Step 5: Changing ownership and group of files.
cd /var/named/chroot/var/named chown named:named example.com.*
Step 6: Restart the named service. When you first time restart the named service,new rndc.key file will be generated and named service will take time to restart
[root@ns1 named]# /etc/init.d/named restart
Now Run the test
Use dig or host command to check if DNS server resolving the query
Note: For dig and host command , you have to install bind-utils package
yum install bind-utils
[root@ns1 named]# host -l example.com example.com name server ns1.example.com. example.com has address 192.168.122.9 NS1.example.com has address 192.168.122.9 www.example.com has address 192.168.122.11 [root@ns1 named]# [root@ns1 named]# dig example.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 642 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;example.com. IN A ;; ANSWER SECTION: example.com. 86400 IN A 192.168.122.9 ;; AUTHORITY SECTION: example.com. 86400 IN NS ns1.example.com. ;; ADDITIONAL SECTION: ns1.example.com. 86400 IN A 192.168.122.9 ;; Query time: 0 msec ;; SERVER: 192.168.56.101#53(192.168.122.9) ;; WHEN: Fri Jul 19 21:18:07 2013 ;; MSG SIZE rcvd: 79 [root@ns1 named]#
Setup Slave DNS Server
Follow the given below steps in slave DNS server (192.168.122.10 ns2.example.com)
Step 7: Install bind-chroot and bind-utils package
yum install bind-chroot bind-utils
Step 8: Configure FQDN or hostname
Edit the /etc/hosts file and replace the ip address and domain name with yours ipaddress and domain name
vi /etc/hosts 192.168.122.10 ns2.example.com ns2
Edit the /etc/sysconfig/network and replace HOSTNAME value
vi /etc/sysconfig/network HOSTNAME=ns2
Restart the network service
/etc/init.d/network restart
Now check Hostname and FQDN you are getting properly.
Once logout and relogin or Restart the server
[root@localhost named]# hostname ns2 [root@localhost named]# hostname -f ns2.example.com
Edit /etc/resolv.conf file
[root@localhost named]# vi /etc/resolv.conf domain example.com search example.com nameserver 192.168.122.9 nameserver 192.168.122.10
Step 9: Create named.conf file in /var/named/chroot/etc
[root@ns2 ~]# vi /var/named/chroot/etc/named.conf
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
####### New line Addition ########
include "/etc/rndc.key";
options {
directory "/var/named"; // Zone files path i.e /var/named/chroot/var/named .
forwarders {192.168.122.9; }; // In case the DNS query fails,request will go to next available DNS server i.e 192.168.56.122.9
};
//Forward zone section for example.com
zone "example.com" IN {
type slave;
file "example.com.forward-zone"; //forward zone files
allow-transfer {192.168.122.9/32; };
masters {192.168.122.9; };
};
// Reverse Zone Section for example.com
zone "122.168.192.in-addr.arpa" IN {
type slave; // Declaring as DNS Slave Server
file "example.com.reverse-zone"; // reverse zone file
allow-transfer {192.168.122.9/32; };
masters {192.168.122.9; };
};
Step 9: Change the permission of /var/named/chroot/var/named directory.
So that when we restart the named service in ns2, bydefault all zone file will be transfer.
[root@ns2 ~]# chmod 770 /var/named/chroot/var/named
Step 10: Restart the named service
/etc/init.d/named restart
Note 1: Now check all zone files are bydefault transfered to slave DNS server
[root@ns2 ~]# ls -l /var/named/chroot/var/named/ total 40 drwxr-x--- 6 root named 4096 Jul 18 23:23 chroot drwxrwx--- 2 named named 4096 Mar 29 04:18 data drwxrwx--- 2 named named 4096 Mar 29 04:18 dynamic -rw-r--r-- 1 named named 378 Jul 20 16:58 example.com.forward-zone -rw-r--r-- 1 named named 452 Jul 20 17:01 example.com.reverse-zone -rw-r----- 1 root named 1892 Feb 18 2008 named.ca -rw-r----- 1 root named 152 Dec 15 2009 named.empty -rw-r----- 1 root named 152 Jun 21 2007 named.localhost -rw-r----- 1 root named 168 Dec 15 2009 named.loopback drwxrwx--- 2 named named 4096 Mar 29 04:18 slaves [root@ns2 ~]#
Note 2: Whenever you do any update in master DNS server in zone files increase the serial otherwise slave will not get update from master.
After this ,restart the named service by using command /etc/init.d/named restart
For eg. see reverse zone file at serial tag .
[root@ns1 ~]# cat /var/named/chroot/var/named/example.com.reverse-zone $ORIGIN . $TTL 86400 ; 1 day 122.168.192.in-addr.arpa IN SOA ns1.example.com.122.168.192.in-addr.arpa. sharadchhetri.example.com. ( 2 ; serial 86400 ; refresh (1 day) 3600 ; retry (1 hour) 604800 ; expire (1 week) 10800 ; minimum (3 hours) ) NS ns1.example.com. NS ns2.example.com. $ORIGIN 122.168.192.in-addr.arpa. 10 PTR ns2.example.com. 11 PTR www.example.com. 9 PTR ns1.example.com. [root@ns1 ~]#
Very good article, appreciated..
Actually I am facing one issue .. my slave dns is not replicating with master zone files.. Please help
Hi Vipin,
Thank you for appreciation.
If configuration is correct then check DNS and selinux once.
Regards
Sharad
Since you disabled seliux and iptables, can you just post a root account to your server? I don’t want to waste 5 minutes to get it opened.
IPTABLES = Disabled
SELINUX = Disabled
Please spread the word, that is exactly what you should do once linux installed. Disable anything you could.
Thanks for this link.
I’m very big confuse in the setup of DNS server w/chroot. I look so many tutorials online and I see different of ways of configuring named.conf file.
still the forward and reverse zone are the same.
hope you can inlighten up or explain details what is named.conf on each line.
thanks for your toturials.
Hello Anthony,
Appreciate that you raised your doubts.
BIND DNS server can be configured in Linux box with or without chroot.
In Linux BIND service is known as named (that is why we run command,
/etc/init.d/named restart)By default, most of the important application/service configuration files are located in /etc and they have extension .conf.
Lets take example of BIND DNS.
Without chroot, the configuration file i.e named.conf file exist in /etc
First you have to understand what is chroot ?
chroot is an environment (normally not accessible) from where we run the programs rather than designated directory(here, designated directory is /etc). It is good way to secure the program/service by running from chroot environment. The directory which is used for chroot is called chroot jail. I suggest you to read Wikipedia link
named.conf file is main important file for named service. It has all the information related to named service.
Read this pdf file from ISC, we follow the ISC standards . download bind pdf
Let me know if still you have doubt and any specific term you need some clarification.
Recommend you to read the pdf first.
Very good article, appreciated 🙂
Thankyou Hitesh ,keep reading our blog, more technical updates are coming
Thank you very much – I went through 5 url sites till I found yours DNS configuration example.
You have save me hours of work – I do appreciate the other lack luster sites , because the more information that was missing the more I read.
Nice Job Sharad on these notes!!
Welcome John,
Glad to know,the tutorial helped you.