In this article I will share the steps to configure Master Slave DNS Server using bind in chroot environment. This article was written while using CentOS 7, so it is safe to say that it also fully covers RHEL 7, Fedora and generally the whole Red Hat family of operating systems and possibly Novell’s SLES and OpenSUSE. Earlier I had already written an article with detailed steps to configure DNS server with bind chroot on RHEL/CentOS 7 Linux, so in this article I will be very brief while configuring my master DNS server as the steps are almost same.

Step-by-Step Tutorial: Configure Master Slave DNS Server (RHEL/CentOS 7)

 

Why do you need to configure Master Slave DNS Server?

In production environment we are always concerned about uptime and redundancy so with Master Slave DNS server configuration our master server data is automatically replicated to the slave server hence anytime if the master server goes down for some reason then your slave server can act as the primary DNS server by them time you fix the master server.

So you can again ask, why not have two or more than two DNS server in the network and if one goes down then other one will any how act as primary?
This is correct but in such case you will have to manually perform the same changes on all your DNS servers in the network but if you configure master slave DNS server, any change you do on master DNS server is automatically replicated on the slave DNS server so there is little chance of human error and no re-work needed hence it is recommended to configure Master Slave DNS Server.

Since I had already configured a DNS server within chroot environment. Here I will use the same configuration with relevant changes required to configure Master Slave DNS Server.

 

My Setup Detail

Master DNS Server – 10.0.2.32 (master.example.com)

Slave DNS Server – 10.0.2.31 (slave.example.com)

 

Configure Master DNS Server

The first step to configure Master Slave DNS Server we need a Master server. Let me share the brief configuration steps to be followed on Master Server:

 

(M) Install bind-chroot rpm

To start with first of all we need to install the bind chroot rpm on the master dns server

[root@master ~]# yum install -y bind-chroot

 

(M) Sample named.conf

Our sample named configuration file with custom changes are highlighted.

[root@master ~]# cat /etc/named.conf

options {
        listen-on port 53 { 127.0.0.1; 10.0.2.32; };
#       listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { localhost; any; };
        allow-query-cache { localhost; any; };

        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

 

(M) Sample zone configuration

Below is my zone configuration from named.rfc1912.zones files. No special changes required here to configure Master Slave DNS Server:

[root@master ~]# cat "/etc/named.rfc1912.zones"
zone "example.com" IN {
        type master;
        file "example.com.zone";
        allow-update { none; };
};

zone "2.0.10.in-addr.arpa" IN {
        type master;
        file "example.com.rzone";
        allow-update { none; };
};

 

(M) Sample forward zone file

Below is my forward zone file. No special changes required here to configure Master Slave DNS Server:

[root@master ~]# cat /var/named/example.com.zone
$TTL 1D
@       IN SOA  example.com       root (
                                        6       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
                IN NS   master
master          IN A    10.0.2.32
localhost       IN A    127.0.0.1
client          IN A    10.0.2.30
slave           IN A    10.0.2.31

 

(M) Sample reverse zone file

Below is my reverse zone file. No special changes required here to configure Master Slave DNS Server:

[root@master ~]# cat /var/named/example.com.rzone
$TTL 1D
@       IN SOA  example.com.    root (
                                        2       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        IN NS   master.
30      IN PTR  client.example.com.
31      IN PTR  slave.example.com.
32      IN PTR  master.example.com.

 

(M) Enable chroot environment

Next mount all the DNS configuration files on the chroot environment

[root@master ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on

 

(M) Verify DNS configuration

Next verify your configuration

[root@master ~]# named-checkconf -t /var/named/chroot/ /etc/named.conf

[root@master ~]# named-checkzone master.example.com /var/named/example.com.zone
zone master.example.com/IN: loaded serial 6
OK

[root@master ~]# named-checkzone master.example.com /var/named/example.com.rzone
zone master.example.com/IN: loaded serial 2
OK
NOTE:
In this article I have disabled firewalld and selinux on my RHEL 7 setup.

 

(M) Update resolv.conf file

NOTE:
If you write the DNS information in the primary network interface file, you need to update the DNS options in the network file also.
[root@master ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 10.0.2.32 #master

 

(M) Start named-chroot service

But before, make sure to stop and disable any named service which is available and running on your RHEL 7 Linux host since we plan to use named-chroot:

[root@master named]# systemctl stop named
[root@master named]# systemctl disable named

Now we can start the named chroot service

[root@master ~]# systemctl start named-chroot
[root@master ~]# systemctl is-active named-chroot
active

 

(M) Verify DNS Server

Next verify the DNS server configuration:

[root@master ~]# nslookup master.example.com
Server:         10.0.2.32
Address:        10.0.2.32#53

Name:   master.example.com
Address: 10.0.2.32

So our basic DNS server is up and running, let us configure our slave DNS server.

 

Configure Slave Server

Next let us proceed with the configuration of our slave server to configure the Master Slave DNS Server in Linux

 

(S) Install bind-chroot rpm

Similar to master DNS server we need to install bind-chroot rpm here

[root@slave ~]# yum install -y bind-chroot

 

(S) Configure named.conf

Next modify your /etc/named.conf file with the slave DNS server IP as highlighted below. Remaining all the entries will be left untouched.

[root@slave ~]# cat /etc/named.conf

options {
        listen-on port 53 { 127.0.0.1; 10.0.2.31; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { localhost; any; };

<Output Trimmed>	
	
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

 

(M) Configure named.conf

Now at this stage we must do some additional configuration changes on our Master DNS server’s /etc/named.conf. Add below content:

allow-transfer  { 10.0.2.31; };
notify  yes;
also-notify { 10.0.2.31; };

Here 10.0.2.31 is my Slave DNS server. With these changes the Master DNS Server will automatically notify the Slave DNS Server for any changes and will also transfer the changed content.

 

(S) Update zone configuration

Next we need to configure /etc/named.rfc1912.zones file to add the zone record for our forward and reverse zone file for the Slave DNS Server. Append the below content to your named.rfs1912.zones file

NOTE:
Adjust the IP address and file name as per your environment here.
[root@slave ~]# cat /etc/named.rfc1912.zones

<Output Trimmed>

zone "example.com" IN {
        type slave;
        masters { 10.0.2.32; };
        file "slaves/example.com.zone";
};

zone "2.0.10.in-addr.arpa" IN {
        type slave;
        masters { 10.0.2.32; };
        file "slaves/example.com.rzone";
};

Here,

  1. Provide your master DNS server IP with masters.
  2. Add the file location for forward and reverse zone file. The location should be the same as given here.
  3. The type of the zone will be “slave”

 

(S) Enable chroot environment

Mount the bind configuration files on chroot environment

[root@slave ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on

 

(S) Verify DNS configuration

Next verify the configuration file using named-checkconf

[root@slave ~]# named-checkconf -t /var/named/chroot/ /etc/named.conf

Since there was no output on screen so it means there were no syntax errors found in our bind configuration files.

 

(M & S) Update resolv.conf file

NOTE:
If you write the DNS information in the primary network interface file, you need to update the DNS options in the network file also.
[root@slave ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 10.0.2.32 #master
nameserver 10.0.2.31 #slave

Update the same entries in /etc/resolv.conf on the master dns server

[root@master ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 10.0.2.32 #master
nameserver 10.0.2.31 #slave

 

(M & S) Start named-chroot service

But before, make sure to stop and disable any named service which is available and running on your RHEL 7 Linux host since we plan to use named-chroot:

[root@slave named]# systemctl stop named
[root@slave named]# systemctl disable named

Next we can start the named-chroot service on the Slave DNS Server and also restart the named-chroot service on master since we had done some changes on our Master DNS Server as well.

[root@master ~]# systemctl restart named-chroot

[root@master ~]# systemctl is-active named-chroot
active

[root@slave ~]# systemctl start named-chroot

[root@slave ~]# systemctl is-active named-chroot
active

So all our services are UP and running.

Now as soon as you start the named chroot service on the slave, you will observe that zone files will be create automatically on the slave server under /var/named/slaves/

[root@slave ~]# ls -l /var/named/slaves/
total 8
-rw-r--r-- 1 named named 386 Jun 22 02:30 example.com.rzone
-rw-r--r-- 1 named named 410 Jun 22 02:47 example.com.zone
NOTE:
These zone files will not be in readable format and should not be modified as they get updated automatically every time the named-chroot service is reloaded or restarted on the Master DNS Server.

 

Verify Master to Slave Data Replication

Now since our named-chroot service is running on the Slave DNS Server, the zones related data will be instantly transferred from master to slave under /var/named/data/named.run

Below is a sample content from my /var/named/data/named.run

managed-keys-zone: loaded serial 2
zone 0.in-addr.arpa/IN: loaded serial 0
zone 2.0.10.in-addr.arpa/IN: loaded serial 2
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone example.com/IN: loaded serial 6
zone localhost.localdomain/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone localhost/IN: loaded serial 0
all zones loaded
running

We can verify this by modifying our forward zone file on the Master DNS Server by adding a new A record

[root@master ~]# vim /var/named/example.com.zone
$TTL 1D
@       IN SOA  example.com       root (
                                        7       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
                IN NS   master
master          IN A    10.0.2.32
localhost       IN A    127.0.0.1
client          IN A    10.0.2.30
slave           IN A    10.0.2.31
test            IN A    10.0.2.33

Here we have added a new A record for “test” and updated the serial number.

IMPORTANT NOTE:
Make sure you update the serial number every time you modify the zone files or else the slave will fail to get an update.

Next reload the named-chroot service and observe the logs under /var/named/data/named.run on slave server

[root@master ~]# systemctl reload named-chroot

Below logs are seen on slave server under /var/named/data/named.run. So our transfer was successfully completed:

client 10.0.2.32#25912: received notify for zone 'example.com'
zone example.com/IN: Transfer started.
transfer of 'example.com/IN' from 10.0.2.32#53: connected using 10.0.2.31#39338
zone example.com/IN: transferred serial 7
transfer of 'example.com/IN' from 10.0.2.32#53: Transfer completed: 1 messages, 8 records, 247 bytes, 0.002 secs (123500 bytes/sec)
zone example.com/IN: sending notifies (serial 7)

Next verify the A record resolution on slave server

[root@slave ~]# nslookup test.example.com
Server:         10.0.2.32
Address:        10.0.2.32#53

Name:   test.example.com
Address: 10.0.2.33

So the data has been transferred successfully so our master to slave replication is working successfully.

 

Lastly I hope the steps from the article to configure Master Slave DNS Server on Linux (RHEL/CentOS 7) was helpful. So, let me know your suggestions and feedback using the comment section.

 

Leave a Reply

Your email address will not be published. Required fields are marked *