Adding slave BIND server
Build dns2 server
Add dns2 (ns2) NS, A and PTR records to dns1 server zones.
$ttl 86400
@ IN SOA ns.example.local. admin.example.local. (
2010091300 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day
IN NS ns.example.local.
IN NS ns2.example.local.
ns IN A 192.168.1.103
ns2 IN A 192.168.1.104
dns1 IN CNAME ns.example.local.
dns2 IN CNAME ns2.example.local.
103 IN PTR ns.example.local.
104 IN PTR ns2.example.local.
Modify dbs1 server name.conf as follows:
include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow {127.0.0.1; } keys { "rndckey"; };
inet 192.168.1.103 allow { 192.168.1.0/24; } keys { "rndckey"; };
};
server 192.168.1.103 {
keys { rndckey; };
};
acl DC-mydomain.local {
192.168.1.110;
192.168.1.111;
};
options {
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
pid-file "/var/run/named/named.pid";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
recursion yes;
allow-recursion {
127.0.0.1;
192.168.1.0/24;
};
listen-on {
127.0.0.1;
192.168.1.103;
};
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
query-source address * port 53;
version "REFUSED";
allow-query {
127.0.0.1;
192.168.1.0/24;
};
};
zone "." IN {
type hint;
file "named.root";
};
zone "example.local" IN {
type master;
file "slaves/example.local.zone.db";
allow-update { none; };
allow-transfer { 192.168.1.104; };
};
// put slave zones in the slaves/ directory so named can update them
// put dynamically updateable zones in the slaves/ directory so named can update them
zone "1.168.192.in-addr.arpa" IN {
type master;
file "slaves/mydomain.local.rev.zone.db";
allow-update {DC-mydomain.local; key rndckey; };
allow-transfer { 192.168.1.104; };
};
zone "mydomain.local" IN {
type master;
file "slaves/mydomain.local.zone.db";
allow-update { DC-mydomain.local; key rndckey; };
allow-transfer { 192.168.1.104; };
check-names ignore;
};
zone "_msdcs.mydomain.local" IN {
type master;
file "slaves/_msdcs.mydomain.local.zone.db";
allow-update { DC-mydomain.local; key rndckey; };
allow-transfer { 192.168.1.104; };
check-names ignore;
};
zone "_sites.mydomain.local" IN {
type master;
file "slaves/_sites.mydomain.local.zone.db";
allow-update { DC-mydomain.local; key rndckey; };
allow-transfer { 192.168.1.104; };
check-names ignore;
};
zone "_tcp.mydomain.local" IN {
type master;
file "slaves/_tcp.mydomain.local.zone.db";
allow-update { DC-mydomain.local; key rndckey; };
allow-transfer { 192.168.1.104; };
check-names ignore;
};
zone "_udp.mydomain.local" IN {
type master;
file "slaves/_udp.mydomain.local.zone.db";
allow-update { DC-mydomain.local; key rndckey; };
allow-transfer { 192.168.1.104; };
check-names ignore;
};
zone "ForestDnsZones.mydomain.local" IN {
type master;
file "slaves/ForestDnsZones.mydomain.local.zone.db";
allow-update { DC-mydomain.local; key rndckey; };
allow-transfer { 192.168.1.104; };
check-names ignore;
};
zone "DomainDnsZones.mydomain.local" IN {
type master;
file "slaves/DomainDnsZones.mydomain.local.zone.db";
allow-update { DC-mydomain.local; key rndckey; };
allow-transfer { 192.168.1.104; };
check-names ignore;
};
On dns2, create named.conf as follows:
include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow {127.0.0.1; } keys { "rndckey"; };
inet 192.168.1.103 allow { 192.168.1.0/24; } keys { "rndckey"; };
};
server 192.168.1.103 {
keys { rndckey; };
};
acl DC-mydomain.local {
192.168.1.110;
192.168.1.111;
};
options {
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
pid-file "/var/run/named/named.pid";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
recursion yes;
allow-recursion {
127.0.0.1;
192.168.1.0/24;
};
listen-on {
127.0.0.1;
192.168.1.103;
};
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
query-source address * port 53;
version "REFUSED";
allow-query {
127.0.0.1;
192.168.1.0/24;
};
};
zone "." IN {
type hint;
file "named.root";
};
zone "example.local" IN {
type slave;
file "slaves/example.local.zone.db";
masters { 192.168.1.103; };
};
// put slave zones in the slaves/ directory so named can update them
// put dynamically updateable zones in the slaves/ directory so named can update them
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/mydomain.local.rev.zone.db";
masters { 192.168.1.103; };
};
zone "mydomain.local" IN {
type slave;
file "slaves/mydomain.local.zone.db";
masters { 192.168.1.103; };
check-names ignore;
};
zone "_msdcs.mydomain.local" IN {
type slave;
file "slaves/_msdcs.mydomain.local.zone.db";
masters { 192.168.1.103; };
check-names ignore;
};
zone "_sites.mydomain.local" IN {
type slave;
file "slaves/_sites.mydomain.local.zone.db";
masters { 192.168.1.103; };
check-names ignore;
};
zone "_tcp.mydomain.local" IN {
type slave;
file "slaves/_tcp.mydomain.local.zone.db";
masters { 192.168.1.103; };
check-names ignore;
};
zone "_udp.mydomain.local" IN {
type slave;
file "slaves/_udp.mydomain.local.zone.db";
masters { 192.168.1.103; };
check-names ignore;
};
zone "ForestDnsZones.mydomain.local" IN {
type slave;
file "slaves/ForestDnsZones.mydomain.local.zone.db";
masters { 192.168.1.103; };
check-names ignore;
};
zone "DomainDnsZones.mydomain.local" IN {
type slave;
file "slaves/DomainDnsZones.mydomain.local.zone.db";
masters { 192.168.1.103; };
check-names ignore;
};
Copy rndc.key from dns1 server to dns2 server (must use the same key)
No need to create zone files in dns2 server, they will be copied down when starting named daemon on dns2 server.
Make sure two put zone files to be transferred on slaves folder on dns1 server.
Restart named on dns1 and dns2 servers. Check syslog for zone transfers.
No comments:
Post a Comment