How To Configure Slave DNS (BIND) on CentOS 7 / RHEL 7

BIND can be configured as master or slave to serve the DNS request for each zone. When the BIND is configured as a slave, it obtains the copy of zone data from the master server by using the zone transfer method.

In the previous post, we had configured the DNS server on CentOS 7 which will act as a source for the slave server.

Environment

Domain Name: itzgeek.local
primary.itzgeek.local 192.168.1.10 Master DNS Server
secondary.itzgeek.local 192.168.1.20 Slave DNS Server

In this, we have two servers named primary and secondary. The primary has already been configured as a master for itzgeek.local domain.

Now we will configure secondary as a slave DNS server for itzgeek.local.

On Master Server

Configure BIND on the master server to allow zone transfer to a secondary server, edit the /etc/named.conf file in primary.itzgeek.local.

vi /etc/named.conf

Add the following entry in the file. The servers that are mentioned in the allow-transfer will able to transfer zones from the master server.

options { . . . allow-transfer { 192.168.1.20; }; also-notify { 192.168.1.20; }; . . .
}

Add your secondary DNS server information in forward lookup file at primary.itzgeek.local.

vi /var/named/fwd.itzgeek.local.db

Records will look like below.

@ IN SOA primary.itzgeek.local. root.itzgeek.local. ( 1002 ;Serial 3H ;Refresh 15M ;Retry 1W ;Expire 1D ;Minimum TTL ) ;Name Server Information
@ IN NS primary.itzgeek.local. ;Secondary Name server
@ IN NS secondary.itzgeek.local. ;IP address of Primary Name Server
primary IN A 192.168.1.10 ;IP address of Secondary Name Server
secondary IN A 192.168.1.20 ;Mail exchanger
itzgeek.local. IN MX 10 mail.itzgeek.local. ;A - Record HostName To IP Address
www IN A 192.168.1.100
mail IN A 192.168.1.150 ;CNAME record
ftp IN CNAME www.itgeek.local.

Restart BIND service.

systemctl restart named

Add a allow rule in the firewall to allow transfer zones from the master server.

firewall-cmd --permanent --add-port=53/tcp firewall-cmd --reload

On Slave Server

It is the time to add a slave zone declaration on the secondary server, make sure you to install the following packages on the secondary server.

yum -y install bind bind-utils

Edit /etc/named.conf file. Comment out the following line to enable BIND to listen on all interfaces.

// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };

Add your network in the following line. I’ve added 192.168.1.0/24 to allow the clients from 192.168.1.0/24 network can query the DNS for the name to IP translation.

options { . . . allow-query { localhost; 192.168.1.0/24; }; . . .
}

Add the slave zone like below.

zone "itzgeek.local" IN { type slave; masters { 192.168.1.10; }; file "slaves/fwd.itzgeek.local.db";
}; zone "1.168.192.in-addr.arpa" IN { type slave; masters { 192.168.1.10; }; file "slaves/1.168.192.db";
}; 

itzgeek.localDomain name
slaveSecondary DNS
fwd.itzgeek.local.db & 1.168.192.dbSlave forward & Reverse lookup file

ADVERTISEMENT

Restart BIND service at secondary.itzgeek.local

systemctl restart named

Add a allow rule in the firewall to let clients can connect to DNS server for name resolution.

firewall-cmd --permanent --add-port=53/udp firewall-cmd --reload

Verify lookup for www.itzgeek.local using secondary.itzgeek.local (192.168.1.20)

[root@client ~]# dig @192.168.1.20 www.itzgeek.local

Output:

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> @192.168.1.20 www.itzgeek.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5314
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.itzgeek.local. IN A ;; ANSWER SECTION:
www.itzgeek.local. 604800 IN A 192.168.1.100 ;; AUTHORITY SECTION:
itzgeek.local. 604800 IN NS secondary.itzgeek.local.
itzgeek.local. 604800 IN NS primary.itzgeek.local. ;; ADDITIONAL SECTION:
primary.itzgeek.local. 604800 IN A 192.168.1.10
secondary.itzgeek.local. 604800 IN A 192.168.1.20 ;; Query time: 0 msec
;; SERVER: 192.168.1.20#53(192.168.1.20)
;; WHEN: Wed Jul 17 21:53:45 IST 2019
;; MSG SIZE rcvd: 140

Record Update

Whenever you change a DNS record at the master server, do not forget to change the serial number in the zone file and run the following command on the master server to reload the zone.

Change itzgeek.local & 1.168.192.in-addr.arpa with your zone names.

### Forward Zone ### rndc reload itzgeek.local ### Reverse Zone ### rndc reload 1.168.192.in-addr.arpa

Conclusion

That’s All. I hope you learned how to set up a slave DNS server on CentOS 7 / RHEL 7.

Posted by Linux Admin