Comments on [Debian Sarge] Installing A Bind9 Master/Slave DNS System
[Debian Sarge] Installing A Bind9 Master/Slave DNS System In this howto we will install 2 bind dns servers, one as the master and the other as a slave server. For security reasons we will chroot bind9 in its own jail. Using two servers for a domain is a commonly used setup and in order to host your own domain you are required to have at least 2 domain servers. If one breaks, the other can continue to serve your domain.
7 Comment(s)
Comments
I followed these instructions to set up a master-slave pair on Ubuntu 8.04. It generally worked, except that bind was not allowed to write into /etc/bind/zones. This turns out to be an apparmor issue, and the place bind is allowed to write is in /var/cache/bind. So substitute /var/cache/bind for /etc/bind/zones in the above, and it should work just fine on Hardy.
Hola...estube siguiendo tu trabajo pero al llegar a la parte del dnssec-keygen el interprete se quedaba esperando... buscando en google encontre la siguiente alternativa
#> dnssec-keygen -a hmac-md5 -b 128 -n HOST master-slave.
donde master es el nombre del server master y slave el nombre del server slave y no olvidarse del punto.
Hi all,
I found out under debian 5/ubuntu 8+ u need to use command :
dnssec-keygen -r /dev/urandom -a hmac-md5 -b 128 -n host domain.name
Without the -r /dev/urandom the dnssec-keygen will remain unresponsive. I found that it is waiting for input from the keyboard.
my 0.02$
HooGLaNDeR
In case you're using rsyslogd, as is the case of Debian 5 systems, create a new file named /etc/rsyslog.d/bind-chroot.conf, and insert the line
AddUnixListenSocket /var/lib/named/dev/log
i have trouble with slave dns server. it gives like that:
ns2 named[1399]: dumping master file: /etc/bind/zones/tmp-iH5sOkwtFa: open: permission denied
ns2 named[1399]: transfer of 'yu.net/IN' from 193.255.68.25#53: failed while receiving responses: permission denied
ns2 named[1399]: transfer of 'yu.net/IN' from 193.255.68.25#53: Transfer completed: 0 messages, 9 records, 0 bytes, 0.001 secs (0 bytes/sec)
ns2 kernel: [ 7434.534805] type=1503 audit(1279096384.040:15): operation="mknod" pid=1401 parent=1 profile="/usr/sbin/named" requested_mask="c::" denied_mask="c::" fsuid=102 ouid=102 name="/etc/bind/zones/tmp-iH5sOkwtFa"
forums says that: file permission is possible . but did permission 775 of the named.conf. that doesnt work.
secondly i have a question. in rndc.key there is a hash-key.
key "rndc-key" {
algorithm hmac-md5;
secret "ZRh98eYCCLV16DX4F8WYwQ==";
};
i have to change this with generated linux.private key?
Hi all,
I tried your Howto with no success concerning transfert Zone between Master DNS server and Slave one, until i applied this two modifications, it'll be valuable if you can modify your Howto to take in account:
1 - Your must ensure that in the configuration file of the Master DNS include in the file /etc/bind/named.conf.options to send notification to all slaves like this:
options {
directory "/var/cache/bind";
also-notify { Slave IP Adress; }; // all zones Global Parameter
....
2 - Incorporate an example of logging facility at the end of option config file for someone who dont know howto : for example:
...
logging{
channel simple_log {
file "/var/log/named/bind.log" versions 3 size 5m;
severity debug;
print-time yes;
print-severity yes;
print-category yes;
};
category default{
simple_log;
};
};
Thank you for all Open Source World.
PS: To spend less time to ;)
from the bind9 manual:
allow-notify
Specifies which hosts are allowed to notify this server, a slave, of zone changes in addition to the zone masters. allow-notify may also be specified in the zone statement, in which case it overrides the options allow-notify statement. It is only meaningful for a slave zone. If not specified, the default is to process notify messages only from a zone's master.
i don't think setting allow-notify with the same address of the master is necessary.