In this article I will share the steps to configure Master Slave DNS Server using bind in chroot environment. This article was written while using CentOS 7, so it is safe to say that it also fully covers RHEL 7, Fedora and generally the whole Red Hat family of operating systems and possibly Novell’s SLES and OpenSUSE. Earlier I had already written an article with detailed steps to configure DNS server with bind chroot on RHEL/CentOS 7 Linux, so in this article I will be very brief while configuring my master DNS server as the steps are almost same.
Why do you need to configure Master Slave DNS Server?
In production environment we are always concerned about uptime and redundancy so with Master Slave DNS server configuration our master server data is automatically replicated to the slave server hence anytime if the master server goes down for some reason then your slave server can act as the primary DNS server by them time you fix the master server.
So you can again ask, why not have two or more than two DNS server in the network and if one goes down then other one will any how act as primary?
This is correct but in such case you will have to manually perform the same changes on all your DNS servers in the network but if you configure master slave DNS server, any change you do on master DNS server is automatically replicated on the slave DNS server so there is little chance of human error and no re-work needed hence it is recommended to configure Master Slave DNS Server.
Since I had already configured a DNS server within chroot environment. Here I will use the same configuration with relevant changes required to configure Master Slave DNS Server.
My Setup Detail
Master DNS Server - 10.0.2.32 (master.example.com)
Slave DNS Server - 10.0.2.31 (slave.example.com)
Configure Master DNS Server
The first step to configure Master Slave DNS Server we need a Master server. Let me share the brief configuration steps to be followed on Master Server:
(M) Install bind-chroot rpm
To start with first of all we need to install the bind chroot rpm on the master dns server
[root@master ~]# yum install -y bind-chroot
(M) Sample named.conf
Our sample named configuration file with custom changes are highlighted.
/etc/named.conf
to configure master slave DNS server but we will do that once the named-chroot service is UP and running on the master.[root@master ~]# cat /etc/named.conf options { listen-on port 53 { 127.0.0.1; 10.0.2.32; }; # listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost; any; }; allow-query-cache { localhost; any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
(M) Sample zone configuration
Below is my zone configuration from named.rfc1912.zones
files. No special changes required here to configure Master Slave DNS Server:
[root@master ~]# cat "/etc/named.rfc1912.zones" zone "example.com" IN { type master; file "example.com.zone"; allow-update { none; }; }; zone "2.0.10.in-addr.arpa" IN { type master; file "example.com.rzone"; allow-update { none; }; };
(M) Sample forward zone file
Below is my forward zone file. No special changes required here to configure Master Slave DNS Server:
[root@master ~]# cat /var/named/example.com.zone $TTL 1D @ IN SOA example.com root ( 6 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS master master IN A 10.0.2.32 localhost IN A 127.0.0.1 client IN A 10.0.2.30 slave IN A 10.0.2.31
(M) Sample reverse zone file
Below is my reverse zone file. No special changes required here to configure Master Slave DNS Server:
[root@master ~]# cat /var/named/example.com.rzone $TTL 1D @ IN SOA example.com. root ( 2 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS master. 30 IN PTR client.example.com. 31 IN PTR slave.example.com. 32 IN PTR master.example.com.
(M) Enable chroot environment
Next mount all the DNS configuration files on the chroot environment
[root@master ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
(M) Verify DNS configuration
Next verify your configuration
[root@master ~]# named-checkconf -t /var/named/chroot/ /etc/named.conf [root@master ~]# named-checkzone master.example.com /var/named/example.com.zone zone master.example.com/IN: loaded serial 6 OK [root@master ~]# named-checkzone master.example.com /var/named/example.com.rzone zone master.example.com/IN: loaded serial 2 OK
firewalld
and selinux
on my RHEL 7 setup.
(M) Update resolv.conf file
[root@master ~]# cat /etc/resolv.conf # Generated by NetworkManager search example.com nameserver 10.0.2.32 #master
(M) Start named-chroot service
But before, make sure to stop and disable any named service which is available and running on your RHEL 7 Linux host since we plan to use named-chroot
:
[root@master named]# systemctl stop named [root@master named]# systemctl disable named
Now we can start the named chroot service
[root@master ~]# systemctl start named-chroot [root@master ~]# systemctl is-active named-chroot active
(M) Verify DNS Server
Next verify the DNS server configuration:
[root@master ~]# nslookup master.example.com
Server: 10.0.2.32
Address: 10.0.2.32#53
Name: master.example.com
Address: 10.0.2.32
So our basic DNS server is up and running, let us configure our slave DNS server.
Configure Slave Server
Next let us proceed with the configuration of our slave server to configure the Master Slave DNS Server in Linux
(S) Install bind-chroot rpm
Similar to master DNS server we need to install bind-chroot
rpm here
[root@slave ~]# yum install -y bind-chroot
(S) Configure named.conf
Next modify your /etc/named.conf
file with the slave DNS server IP as highlighted below. Remaining all the entries will be left untouched.
[root@slave ~]# cat /etc/named.conf options { listen-on port 53 { 127.0.0.1; 10.0.2.31; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost; any; };
(M) Configure named.conf
Now at this stage we must do some additional configuration changes on our Master DNS server's /etc/named.conf
. Add below content:
allow-transfer { 10.0.2.31; }; notify yes; also-notify { 10.0.2.31; };
Here 10.0.2.31 is my Slave DNS server. With these changes the Master DNS Server will automatically notify the Slave DNS Server for any changes and will also transfer the changed content.
(S) Update zone configuration
Next we need to configure /etc/named.rfc1912.zones
file to add the zone record for our forward and reverse zone file for the Slave DNS Server. Append the below content to your named.rfs1912.zones
file
[root@slave ~]# cat /etc/named.rfc1912.zones
Here,
- Provide your master DNS server IP with masters.
- Add the file location for forward and reverse zone file. The location should be the same as given here.
- The type of the zone will be "slave"
(S) Enable chroot environment
Mount the bind configuration files on chroot environment
[root@slave ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
(S) Verify DNS configuration
Next verify the configuration file using named-checkconf
[root@slave ~]# named-checkconf -t /var/named/chroot/ /etc/named.conf
Since there was no output on screen so it means there were no syntax errors found in our bind configuration files.
(M & S) Update resolv.conf file
[root@slave ~]# cat /etc/resolv.conf # Generated by NetworkManager search example.com nameserver 10.0.2.32 #master nameserver 10.0.2.31 #slave
Update the same entries in /etc/resolv.conf
on the master dns server
[root@master ~]# cat /etc/resolv.conf # Generated by NetworkManager search example.com nameserver 10.0.2.32 #master nameserver 10.0.2.31 #slave
(M & S) Start named-chroot service
But before, make sure to stop and disable any named service which is available and running on your RHEL 7 Linux host since we plan to use named-chroot
:
[root@slave named]# systemctl stop named [root@slave named]# systemctl disable named
Next we can start the named-chroot
service on the Slave DNS Server and also restart the named-chroot
service on master since we had done some changes on our Master DNS Server as well.
[root@master ~]# systemctl restart named-chroot [root@master ~]# systemctl is-active named-chroot active [root@slave ~]# systemctl start named-chroot [root@slave ~]# systemctl is-active named-chroot active
So all our services are UP and running.
Now as soon as you start the named chroot service on the slave, you will observe that zone files will be create automatically on the slave server under /var/named/slaves/
[root@slave ~]# ls -l /var/named/slaves/ total 8 -rw-r--r-- 1 named named 386 Jun 22 02:30 example.com.rzone -rw-r--r-- 1 named named 410 Jun 22 02:47 example.com.zone
named-chroot
service is reloaded or restarted on the Master DNS Server.
Verify Master to Slave Data Replication
Now since our named-chroot
service is running on the Slave DNS Server, the zones related data will be instantly transferred from master to slave under /var/named/data/named.run
Below is a sample content from my /var/named/data/named.run
managed-keys-zone: loaded serial 2 zone 0.in-addr.arpa/IN: loaded serial 0 zone 2.0.10.in-addr.arpa/IN: loaded serial 2 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 zone example.com/IN: loaded serial 6 zone localhost.localdomain/IN: loaded serial 0 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 zone localhost/IN: loaded serial 0 all zones loaded running
We can verify this by modifying our forward zone file on the Master DNS Server by adding a new A record
[root@master ~]# vim /var/named/example.com.zone $TTL 1D @ IN SOA example.com root ( 7 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS master master IN A 10.0.2.32 localhost IN A 127.0.0.1 client IN A 10.0.2.30 slave IN A 10.0.2.31 test IN A 10.0.2.33
Here we have added a new A record for "test" and updated the serial number.
Next reload the named-chroot
service and observe the logs under /var/named/data/named.run
on slave server
[root@master ~]# systemctl reload named-chroot
Below logs are seen on slave server under /var/named/data/named.run
. So our transfer was successfully completed:
client 10.0.2.32#25912: received notify for zone 'example.com' zone example.com/IN: Transfer started. transfer of 'example.com/IN' from 10.0.2.32#53: connected using 10.0.2.31#39338 zone example.com/IN: transferred serial 7 transfer of 'example.com/IN' from 10.0.2.32#53: Transfer completed: 1 messages, 8 records, 247 bytes, 0.002 secs (123500 bytes/sec) zone example.com/IN: sending notifies (serial 7)
Next verify the A record resolution on slave server
[root@slave ~]# nslookup test.example.com
Server: 10.0.2.32
Address: 10.0.2.32#53
Name: test.example.com
Address: 10.0.2.33
So the data has been transferred successfully so our master to slave replication is working successfully.
Lastly I hope the steps from the article to configure Master Slave DNS Server on Linux (RHEL/CentOS 7) was helpful. So, let me know your suggestions and feedback using the comment section.
Hi
I just wanted to say thanks for your help. I’m currently setting up a home lab as practice and your guide helped me configure my internal DNS server, so thank you 🙂
I am glad it helped!