Traditional DNS Howto - Page 8
Our Secondary Name Server
Next let's set up our secondary name server ns0.centralsoft.org. It will act as a backup name server in case the primary (server1.centralsoft.org) fails so that people can still look up ccentralsoft.org and its subdomains.
ns0.centralsoft.org's named.conf resembles that of the primary name server very much, with a few differences:
options {
|
The most important part is this one:
zone "centralsoft.org" {
|
By writing type slave, we define that this is a slave zone, and in the masters line we specify the IP address of the primary name server. In the file line we specify the file name where the slave zone should be stored.
That's all we have to do. Restart named, and soon afterwards you should find the file /etc/bind/sec.centralsoft.org on your secondary name server. What has happened? The secondary has contacted the primary name server, and the primary name server has transferred the zone to the secondary.
Now whenever you update the zone on the primary name server, make sure you increase the serial number, otherwise the updated zone will not be transferred to the secondary!
Please make sure you have no firewall on the primary and the secondary name server that blocks port 53 (TCP and UDP) because otherwise zone transfers will fail!
A Word On Security
In our current configuration every name server is allowed to transfer our centralsoft.org zone from our primary name server. Since we want only our secondary name server (70.253.158.45) to be allowed to transfer the zone, we add the following line to the centralsoft.org zone in named.conf on our primary name server server1.centralsoft.org:
allow-transfer { 70.253.158.45; };
|
So the zone should look like this:
zone "centralsoft.org" {
|
Congratulations! You have just set up your first zone!
