Installation Of BIND As A Secondary (Slave) DNS Server On CentOS

Want to support HowtoForge? Become a subscriber!
 
Submitted by rhein.andrea (Contact Author) (Forums) on Thu, 2010-03-18 11:53. :: BIND | CentOS | DNS

Installation Of BIND As A Secondary (Slave) DNS Server On CentOS

After we have installed BIND as a master DNS server (NS1) (as explained in my recent post), we can now try to set up a secondary DNS server (NS2) with BIND on CentOS. NS2 acts as a backup if there are problems with NS1.

Make sure you've successfully set up NS1, as described in my previous post!

NS1 with IP 192.168.0.1
NS2 with IP 192.168.0.2
Our domain: yourdomain.com

Now we can try setting up NS2.

 

1.  Check your Bind package

[root@server ~]# rpm -qa bind*

bind-libs-9.2.4-2

bind-utils-9.2.4-2

bind-9.2.4-2

 

2. Setting file /etc/resolv.conf

[root@server ~]# nano /etc/resolv.conf

nameserver 192.168.0.1

 

3. Setting file /etc/named.conf

[root@server ~]# nano /etc/named.conf

//
// named.conf for Red Hat caching-nameserver
//

options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";

/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/

// query-source address * port 53;
allow-transfer {208.99.198.184/32;};
};

//
// a caching only nameserver config
//

controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "yourdomain.com" IN {
type slave;
file "/var/named/yourdomain.com.zone";
// allow-update { none; };
allow-transfer { 192.168.0.1/32; };
masters { 192.168.0.1; };
};

zone "0.168.192.in-addr.arpa" IN {
type slave;
file "/var/named/0.168.192.rev";
// allow-update { none; };
allow-transfer { 192.168.0.1/32; };
masters { 192.168.0.1; };
};

include "/etc/rndc.key";

 

4. Change permission of the directory /var/named

[root@server ~]# chmod 777 -Rvf /var/named/

mode of `/var/named/’ changed to 0777 (rwxrwxrwx)

mode of `/var/named/named.zero’ changed to 0777 (rwxrwxrwx)

mode of `/var/named/localhost.zone’ changed to 0777 (rwxrwxrwx)

mode of `/var/named/data’ changed to 0777 (rwxrwxrwx)

mode of `/var/named/named.local’ changed to 0777 (rwxrwxrwx)

mode of `/var/named/named.ca’ changed to 0777 (rwxrwxrwx)

mode of `/var/named/named.ip6.local’ changed to 0777 (rwxrwxrwx)

mode of `/var/named/localdomain.zone’ changed to 0777 (rwxrwxrwx)

mode of `/var/named/named.broadcast’ changed to 0777 (rwxrwxrwx)

mode of `/var/named/slaves’ changed to 0777 (rwxrwxrwx)

 

5. The files /var/named/yourdomain.com and /var/named/0.168.192.rev will automatically be copied to NS2.

 

6. Running service named

[root@server ~]# service named restart

Stopping named: [ OK ]

Starting named: [ OK ]

 

7. And check in log file what’s the matter???

[root@server ~]# tail /var/log/messages

Aug 3 04:25:42 server named[9362]: listening on IPv4 interface venet0:0, 192.168.0.2#53
Aug 3 04:25:42 server named[9362]: command channel listening on 127.0.0.1#953
Aug 3 04:25:42 server named[9362]: zone localhost/IN: loaded serial 42
Aug 3 04:25:42 server named[9362]: running
Aug 3 04:25:42 server named[9362]: zone yourdomain.com/IN: transferred serial 100
Aug 3 04:25:42 server named[9362]: transfer of ‘yourdomain.com/IN’ from 192.168.0.1#53: end of transfer
Aug 3 04:25:42 server named[9362]: zone yourdomain.com/IN: sending notifies (serial 100)
Aug 3 04:25:43 server named[9362]: zone 0.168.192.in-addr.arpa/IN: transferred serial 100
Aug 3 04:25:43 server named[9362]: transfer of ‘0.168.192.in-addr.arpa/IN’ from 192.168.0.1#53: end of transfer
Aug 3 04:25:43 server named[9362]: zone 0.168.192.in-addr.arpa/IN: sending notifies (serial 100)


Looking at this log, you can see that the yourdomain.com zone gets transferred. Actually this file is copied to NS2 so, if NS1 is dead or has a problem, NS2 has a backup configuration.

 

8. Result using nslookup

[root@server ~]# nslookup yourdomain.com

Server: 192.168.0.1

Address: 192.168.0.1#53


Name: yourdomain.com

Address: 192.168.0.1

answered from nslookup used server from NS1 with IP 192.168.0.1

Now we can try to deactivate NS1 to see if name resolution is still working.

 

9. First adding nameserver 192.168.0.2

[root@server ~]# cat /etc/resolv.conf

nameserver 192.168.0.1

nameserver 192.168.0.2

This domain is using NS2 because NS1 is not active. We don't need to change any files on NS2 because all zone files are transferred from NS1 to NS2.

 

10. Trying a DNS lookup while NS1 is down

[root@server ~]# nslookup yourdomain.com

Server: 192.168.0.2

Address: 192.168.0.2#53

Name: yourdomain.com

Address: 192.168.0.1

Now if there's any problem with NS1 you can rest calm because NS2 acts as a backup.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Mon, 2013-02-11 09:05.

The Worst Outcome

The worst that can happen as a result of using 777 permissions on a folder or even a file, is that if a malicious cracker or entity is able to upload a devious file or modify a current file to execute code, they will have complete control over your blog, including having your database information and password.

 http://codex.wordpress.org/Changing_File_Permissions#The_dangers_of_777

Submitted by Sarmed Rahman (not registered) on Sat, 2012-05-19 07:19.
Thank you for the post..worked for me..though, I used 770 on /var/named. Thanks again. :)
Submitted by rj3k (registered user) on Wed, 2011-04-06 23:23.

I created another slave DNS & here's the error I've got, I followed the intructions from 1 to 4.

[root@localhost ~]# chmod 777 -Rvf /var/named/
mode of `/var/named/' retained as 0777 (rwxrwxrwx)
mode of `/var/named/nanofibre.zone' retained as 0777 (rwxrwxrwx)
mode of `/var/named/data' retained as 0777 (rwxrwxrwx)
mode of `/var/named/slaves' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot/doamin.zone' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot/var' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot/var/named' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot/var/named/data' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot/var/named/slaves' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot/var/tmp' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot/var/run' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot/var/run/named' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot/var/log' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot/dev' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot/dev/random' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot/dev/zero' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot/dev/null' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot/etc' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot/etc/localtime' retained as 0777 (rwxrwxrwx)
mode of `/var/named/chroot/etc/rndc.key' retained as 0777 (rwxrwxrwx)
[root@localhost ~]# service named restart
Stopping named:                                            [  OK  ]
Locating /var/named/chroot//etc/named.conf failed:
                                                           [FAILED]

Please help.

 

Thank you

Submitted by AnonymousPingeuin (not registered) on Thu, 2011-09-01 18:59.

you are missing the named.conf file in your chroot directory.

 cp /var/named/named.conf /path/to/your/chrooted-named

Submitted by Anonymous (not registered) on Fri, 2011-04-08 15:35.
read this comment! ;-)
http://www.howtoforge.com/bind-installation-on-centos#comment-23477