Wednesday, December 25, 2024
Google search engine
HomeGuest BlogsConfigure Slave BIND DNS Server on Ubuntu 22.04|20.04

Configure Slave BIND DNS Server on Ubuntu 22.04|20.04

.tdi_3.td-a-rec{text-align:center}.tdi_3 .td-element-style{z-index:-1}.tdi_3.td-a-rec-img{text-align:left}.tdi_3.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_3.td-a-rec-img{text-align:center}}

In the previous post we covered how to setup a primary DNS server using BIND9. We shall be exploring how to setup a secondary DNS server. A slave DNS server gets a copy of data from the primary DNS using the zone transfer method. This method keeps the zone data in a cache for a particular time and uses it to serve DNS queries.

Master slave DNS ubuntu 20 04

In our setup, we have a primary DNS server whose IP is 172.16.10.2 and domain name is ns1.neveropen.local.

We are setting up a secondary server with 172.16.10.10 and ns2.neveropen.local.

.tdi_2.td-a-rec{text-align:center}.tdi_2 .td-element-style{z-index:-1}.tdi_2.td-a-rec-img{text-align:left}.tdi_2.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_2.td-a-rec-img{text-align:center}}

Step 1 – Configuration on the Bind Master DNS

For the Master-Slave setup, we need to configure the master DNS server and enable zone transfer to the secondary Name Server.

We will edit the /etc/named.conf.local file on the primary server (ns1.neveropen.local) and add the allow-transfer and also-notify parameters.

sudo vim /etc/bind/named.conf.local

This will be done for both the forward and reverse entries.

##Forward zone
zone "neveropen.local" IN { // Domain name
    
      type master; // Primary DNS

     file "/etc/bind/forward.neveropen.local.db"; // Forward lookup file

     allow-update { none; }; // Since this is the primary DNS, it should be none.
     allow-transfer  { 172.16.10.10; }; //Allow Transfer of zone from the master server

     also-notify { 172.16.10.10; }; //Notify slave for zone changes

};

##Reverse zone
zone "10.16.172.in-addr.arpa" IN { //Reverse lookup name, should match your network in reverse order

     type master; // Primary DNS

     file "/etc/bind/reverse.neveropen.local.db"; //Reverse lookup file

     allow-update { none; }; //Since this is the primary DNS, it should be none.

     allow-transfer  { 172.16.10.10; }; //Allow Transfer of zone from the master server

     also-notify { 172.16.10.10; }; //Notify slave for zone changes

};

The allow-transfer parameter allows transfer of zone files from the master to the slave DNS while the also-notify helps notify the slave whenever there is an update on the zone files from the master.

We have to restart DNS service on ns1.neveropen.local:

sudo systemctl restart bind9

Step 2 – Configure Slave DNS

Install the necessary packages:

sudo apt-get install -y bind9 bind9utils bind9-doc dnsutils

Edit the file at /etc/bind/named.conf.local and add both the forward and reverse zone parameters:

sudo vi /etc/bind/named.conf.local

Add and modify configurations.

###Forward Zone

zone "neveropen.local" IN { //Domain name

     type slave; //Secondary Slave DNS

     file "/var/cache/bind/forward.neveropen.local.db"; //Forward Zone Cache file

     masters { 172.16.10.2; }; //Master Server IP

};

####Reverse zone

zone "10.16.172.in-addr.arpa" IN { //Reverse lookup name. Should match your network in reverse order

     type slave; // Secondary/Slave DNS

     file "/var/cache/bind/reverse.neveropen.local.db"; //Reverse Zone Cache file

     masters { 172.16.10.2; }; //Master Server IP

};

Restart DNS service:

sudo systemctl restart bind9

Step 3 – Test Slave DNS Setup

To test if the zone transfer was successful and DNS is working on the slave server, we’ll need to configure a client host and use the slave as its DNS server.

In Ubuntu:

$ sudo vim /etc/resolv.conf
nameserver 172.16.10.10

We can then use the dig command to verify the DNS.

root@ubuntu:~# dig www.neveropen.local

; <<>> DiG 9.16.1-Ubuntu <<>> www.neveropen.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24401
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: b1e287dd1d118ad6010000005f8c88233ef562a7063e7a15 (good)
;; QUESTION SECTION:
;www.neveropen.local.	IN	A

;; ANSWER SECTION:
www.neveropen.local. 604800 IN	A	172.16.10.3

;; Query time: 0 msec
;; SERVER: 172.16.10.10#53(172.16.10.10)
;; WHEN: Sun Oct 18 18:23:31 UTC 2020
;; MSG SIZE  rcvd: 100

You can use the dig domain-name @<nameserver> if you wish to explicitly direct the query to the slave DNS.

dig www.neveropen.local @172.16.10.10

The result shows that you the slave DNS is able to handle queries. This is an implication that the Master-slave DNS setup is working as desired.

Conclusion

You have successfully setup a slave DNS server on Ubuntu 22.04|20.04 using BIND9. Please share your feedback in the comments section.

Other guides:

.tdi_4.td-a-rec{text-align:center}.tdi_4 .td-element-style{z-index:-1}.tdi_4.td-a-rec-img{text-align:left}.tdi_4.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_4.td-a-rec-img{text-align:center}}

Dominic Rubhabha-Wardslaus
Dominic Rubhabha-Wardslaushttp://wardslaus.com
infosec,malicious & dos attacks generator, boot rom exploit philanthropist , wild hacker , game developer,
RELATED ARTICLES

Most Popular

Recent Comments