In the previous post we learnt configuring a DNS server. But what if your DNS server goes down for some reason or you want to take it down for maintainance... Your users cant access your sites with FQDN's right ? for that reason we need a backup DNS server which is known as slave DNS server. Let's see how to do it.
Before we start this thing we have to install & configure a DNS / BIND server and configure it as Master DNS for your domain. See how to install & configure DNS Server.
Note : Master IP 192.168.85.8, Slave IP 192.168.85.9
Now it's time to edit /etc/named.rfc1912.zones file to make it Master DNS.
,
Before we start this thing we have to install & configure a DNS / BIND server and configure it as Master DNS for your domain. See how to install & configure DNS Server.
Note : Master IP 192.168.85.8, Slave IP 192.168.85.9
Now it's time to edit /etc/named.rfc1912.zones file to make it Master DNS.
,
[root@master ~]# vim /etc/named.rfc1912.zones
zone "gil.net" IN {
type master;
file "for.zone";
allow-update { none; };
allow-transfer {192.168.85.9;};
notify yes ;
zone "gil.net" IN {
type master;
file "for.zone";
allow-update { none; };
allow-transfer {192.168.85.9;};
notify yes ;
zone "gil.net" IN {
type master;
file "for.zone";
allow-update { none; };
allow-transfer {192.168.85.9;};
notify yes ;
type master;
file "for.zone";
allow-update { none; };
allow-transfer {192.168.85.9;};
notify yes ;
Let's go ahead configuring Slave DNS.
First of all install bind and disable iptables & selinux for Salve
[root@slave ~]# yum install bind*
[root@slave ~]# /etc/init.d/iptables stop
[root@slave ~]# chkconfig iptables off
[root@slave ~]# vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@slave ~]# /etc/init.d/iptables stop
[root@slave ~]# chkconfig iptables off
[root@slave ~]# vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Change SELINUX=enforcing to disabled
add slave DNS ip in /etc/resolv.conf, dont add Master DNS ip in it.. only Salve IP
[root@slave ~]# vim /etc/resolv.conf
search gil.net
nameserver 192.168.85.8
search gil.net
nameserver 192.168.85.8
Edit /etc/named.conf and /etc/named.rfc1912.zones, /etc/named.conf is just like shown in previous post configuring DNS server change the ip to slave DNS IP. Edit /etc/named.rfc1912.zones.
[root@slave ~]# vim /etc/named.rfc1912.zones
zone "gil.net" IN {
type slave;
file "slaves/for";
masters {192.168.85.8;};
};
zone "gil.net" IN {
type slave;
file "slaves/for";
masters {192.168.85.8;};
};
zone "gil.net" IN {
type slave;
file "slaves/for";
masters {192.168.85.8;};
};
zone "gil.net" IN {
type slave;
file "slaves/for";
masters {192.168.85.8;};
};
Change as shown below
type slave
file "slave/for" slave/for is forward zone file in slave DNS server.
masters (<master DNS IP>}
Do the same for reverse zone as-well.
Once you restart the named service on slave , both forward and reverse zones will automatically replicated from Master DNS and created under /var/named/slaves dir.
That's it you are done, try adding any record in zone files of Mater DNS server and the changes will be replcated to your slave server. See how to add DNS records on Master DNS.
Dont forget to increase serial ; number by one, every time you edit / Add a DNS record on Master DNS. If serial there is no increase in serial, slaves thinks there that there is no update in Master and doesnt update slaves zone files.
Second thing is setting refresh interval on master DNS zone file, if you set it to 1 day, it tells slave to check for update every day. If you want you can change it to 1 hour or 1 week , its up to you.
[root@master ~]# vim /var/named/forward.zone
$TTL 1D
@ IN SOA server1.gil.net. root.server1.gil.net. (
1012 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS master.gil.net.
IN NS slave.gil.net.
$TTL 1D
@ IN SOA server1.gil.net. root.server1.gil.net. (
1012 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS master.gil.net.
IN NS slave.gil.net.
master IN A 192.168.85.8
slave IN A 192.168.85.9
web IN A 192.168.85.10
slave IN A 192.168.85.9
web IN A 192.168.85.10
Your are done, try digging
,
[root@client ~]# dig web.gil.net
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> web.gil.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28896
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;web.gil.net. IN A
;; ANSWER SECTION:
web.gil.net. 86400 IN A 192.168.85.10
;; AUTHORITY SECTION:
gil.net. 86400 IN NS master.gil.net.
gil.net. 86400 IN NS slave.gil.net.
;; ADDITIONAL SECTION:
master.gil.net. 86400 IN A 192.168.85.8
slave.gil.net. 86400 IN A 192.168.85.9
;; Query time: 0 msec
;; SERVER: 192.168.85.8#53(192.168.85.8)
;; WHEN: Sun May 27 23:35:09 2012
;; MSG SIZE rcvd: 12
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> web.gil.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28896
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;web.gil.net. IN A
;; ANSWER SECTION:
web.gil.net. 86400 IN A 192.168.85.10
;; AUTHORITY SECTION:
gil.net. 86400 IN NS master.gil.net.
gil.net. 86400 IN NS slave.gil.net.
;; ADDITIONAL SECTION:
master.gil.net. 86400 IN A 192.168.85.8
slave.gil.net. 86400 IN A 192.168.85.9
;; Query time: 0 msec
;; SERVER: 192.168.85.8#53(192.168.85.8)
;; WHEN: Sun May 27 23:35:09 2012
;; MSG SIZE rcvd: 12
Now it's time to check High avilablilty, bring the Master server down by stopping named service and try digging to know if Slave can resolve in the absense of Master.
[root@master ~]# /etc/init.d/named stop
###### on client ########
[root@client ~]# dig web.gil.net
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> web.gil.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28896
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;web.gil.net. IN A
;; ANSWER SECTION:
web.gil.net. 86400 IN A 192.168.85.10
;; AUTHORITY SECTION:
gil.net. 86400 IN NS master.gil.net.
gil.net. 86400 IN NS slave.gil.net.
;; ADDITIONAL SECTION:
master.gil.net. 86400 IN A 192.168.85.8
slave.gil.net. 86400 IN A 192.168.85.9
;; Query time: 0 msec
;; SERVER: 192.168.85.9#53(192.168.85.8)
;; WHEN: Sun May 27 23:35:09 2012
;; MSG SIZE rcvd: 12
###### on client ########
[root@client ~]# dig web.gil.net
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> web.gil.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28896
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;web.gil.net. IN A
;; ANSWER SECTION:
web.gil.net. 86400 IN A 192.168.85.10
;; AUTHORITY SECTION:
gil.net. 86400 IN NS master.gil.net.
gil.net. 86400 IN NS slave.gil.net.
;; ADDITIONAL SECTION:
master.gil.net. 86400 IN A 192.168.85.8
slave.gil.net. 86400 IN A 192.168.85.9
;; Query time: 0 msec
;; SERVER: 192.168.85.9#53(192.168.85.8)
;; WHEN: Sun May 27 23:35:09 2012
;; MSG SIZE rcvd: 12
Have you observed the change, no ??? SERVER IP is changed in ADDITIONAL SECTION this time it is 192.168.85.9 it's slave DNS server ip, which means your slave DNS is handling client request and resolving them.
Hu hu hu , you done it.... enjoy.
2 Comments
Hi Gil.
ReplyDeleteHow can I transfer to slave server the named.conf file, or update zones in named.conf on slave server?
Regards
Alexandre de Moraes
hi Alexandre ,
ReplyDeletei guess u mean to say, that you want the newly added dns zone records on master dns server to be replicated to slave dns server isn't it?
If my guess is right, simply run " rndc reload " at terminal with out quotes, you also can try restarting the named service. If you check /var/log/named you'll see logs, that shows dns records have been replicated from master to slave.
automatically they'll be replicated at the default intervals, unless until you feel the replication is needed immediately.
gil...