Add new comment

Traditional DNS Howto - Page 8

Submitted by taft (Contact Author) (Forums) on Sun, 2006-03-12 11:00. ::

Our Secondary Name Server

Next let's set up our secondary name server ns0.centralsoft.org. It will act as a backup name server in case the primary (server1.centralsoft.org) fails so that people can still look up ccentralsoft.org and its subdomains.

ns0.centralsoft.org's named.conf resembles that of the primary name server very much, with a few differences:

options {
     pid-file "/var/run/bind/run/named.pid";
     directory "/etc/bind";
     // query-source address * port 53;
};


zone "." {
     type hint;
     file "db.root";
};

zone "0.0.127.in-addr.arpa" {
     type master;
     file "db.local";
};

zone "centralsoft.org" {
     type slave;
     file "sec.centralsoft.org";
     masters { 70.253.158.42; };
};

The most important part is this one:

zone "centralsoft.org" {
     type slave;
     file "sec.centralsoft.org";
     masters { 70.253.158.42; };
};

By writing type slave, we define that this is a slave zone, and in the masters line we specify the IP address of the primary name server. In the file line we specify the file name where the slave zone should be stored.

That's all we have to do. Restart named, and soon afterwards you should find the file /etc/bind/sec.centralsoft.org on your secondary name server. What has happened? The secondary has contacted the primary name server, and the primary name server has transferred the zone to the secondary.

Now whenever you update the zone on the primary name server, make sure you increase the serial number, otherwise the updated zone will not be transferred to the secondary!

Please make sure you have no firewall on the primary and the secondary name server that blocks port 53 (TCP and UDP) because otherwise zone transfers will fail!

A Word On Security

In our current configuration every name server is allowed to transfer our centralsoft.org zone from our primary name server. Since we want only our secondary name server (70.253.158.45) to be allowed to transfer the zone, we add the following line to the centralsoft.org zone in named.conf on our primary name server server1.centralsoft.org:

     allow-transfer { 70.253.158.45; };

So the zone should look like this:

zone "centralsoft.org" {
     type master;
     file "pri.centralsoft.org";
     allow-transfer { 70.253.158.45; };
};

Congratulations! You have just set up your first zone!

up

Copyright © 2006 Tom Adelstein & Falko Timme
All Rights Reserved.
9 comments | view as pdf view as pdf | print: this | all page(s) |
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.

Reply

*
*
The content of this field is kept private and will not be shown publicly.


*

  • Images can be added to this post.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <div>
  • Lines and paragraphs break automatically.
More information about formatting options