Setting up DNS Master-Slave Server Step-by-Step config Guide

DNS(DOMAIN NAME SYSTEM) SERVER

DNS (Domain Name Server) used for name resolving to any hosts that means it  translates domain names into IP addresses.  Domain names are alphabetic, they’re easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address.

Master DNS servers (or Primary Server) are the original zone data handlers and Slave DNS server (or Secondary Server) are just a backup servers which is used to replicate the same zone information from the master servers.

Master DNS servers translates domain names into IP addresses or vise-versa and slave DNS server acts as a backup in case the Master DNS server fails.

Outline of DNS Server:

Package                      : bind
Configuration File     : /etc/named.conf
Usage                          :  To Resolve IP into hostname and vice-versa
Port number              : 53
Document Root         : /var/named/
Daemon                      : named

My setup:

We use 4 systems, Two machines as server setup(master and slave) and other two machines as a client machines (Linux as well as window). Let look at below details for more understanding.

DNS  server ip address and hostname(Centos7):192.168.1.10 (server1.ittroubleshooter.in)
DNS  slave  ip address and hostname(Centos7):192.168.1.11 (server2.ittroubleshooter.in)
DNS  Client ip address and hostname(RHEL7):  192.168.1.12 (client1.ittroubleshooter.in)
DNS  Client ip address and hostname(Window7): 192.168.1.13 (client2.ittroubleshooter.in)

Step by Step configuration of DNS Master

1) Check and install the package for DNS.

The package which is to be installed for DNS is bind, bind-utils and bind-chroot.

#rpm -qa bind

[root@server1 ~]# rpm -qa bind
[root@server1 ~]#

To install the bind9 package use yum command.  If you are not configured the YUM server, refer the link. (Configure the Yum Server in Centos7/RHEL7/Fedora22)

#yum install bind* -y

[root@server1 ~]# yum install bind*
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Package 32:bind-license-9.9.4-29.el7.noarch already installed and latest version
Package 32:bind-libs-lite-9.9.4-29.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-29.el7 will be installed

. . . .


postgresql-libs        x86_64           9.2.13-1.el7_1          Centos7            230 k

Transaction Summary
=================================================================
Install  13 Packages (+1 Dependent package)

Total download size: 6.2 M
Installed size: 16 M
Is this ok [y/d/N]: y
Downloading packages:

2) Verify the IP address and Hostname of Master DNS server.

Before moving ahead, First verify the IP address and Hostname of Master DNS Server. If you want to see how to configure IP address and hostname  on centos/rhel7, refer below link. (Setting up static IP address on CentOS/RHEL7)

[root@server1 ~]# hostname
server1.ittroubleshooter.in
[root@server1 ~]# ifconfig enp0s3
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.10  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::a00:27ff:fed5:b2a2  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:d5:b2:a2  txqueuelen 1000  (Ethernet)
        RX packets 1620  bytes 145932 (142.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2110  bytes 2512240 (2.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@server1 ~]#

3)Edit the configuration file “/etc/named.conf”.

Before the edit that take the backup of configuration file.

[root@server1 ~]# cp -v /etc/named.conf /tmp/named.conf.backup
 ‘/etc/named.conf’ -> ‘/tmp/named.conf.backup’
[root@server1 ~]#

Now Edit the /etc/named.conf file with our name server’s IP Address, network range for clients and define zone files in master configuration ‘named.conf‘ file.

#vim /etc/named.conf

// See /usr/share/doc/bind*/sample/ for example named configuration files.
 //
 
 options {
listen-on port 53 { 127.0.0.1; 192.168.1.10; }; /* Where 192.168.1.10 is our Name server's IP Adress or Master DNS Server IP.*/ 
listen-on-v6 port 53 { ::1; };
directory       "/var/named";
dump-file       "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.1.0/24; }; /* 192.168.1.0/24 is the network's range from where clients can query the DNS Server.*/
allow-transfer     { localhost; 192.168.1.11; }; /* Here we need to our Slave DNS server IP.*/
recursion no; /* If its set to yes, recursive queries will make the server into DDOS attack. */
 
         dnssec-enable yes;
         . . . . . . . .  .

 
 zone "." IN {
   type hint;
   file "named.ca";
 };
 
 ##### Define forward & reverse Zone file ##############
 zone"ittroubleshooter.in" IN {   /* Where "ittroubleshooter.in" is the name of our domain.*/
 type master;  /* As this system was configured for a master server, for upcoming slave server this will be slave. */
 file "ittroubleshooter.fwd.zone"; /* "ittroubleshooter.fwd.zone" is the name of the forward lookup zone file.*/
 allow-update { none; }; /* If none will set. it won’t use Dynamic DNS */
 };
 
 zone"1.168.192.in-addr.arpa" IN { /* "1.168.192.in-addr.arpa" is the reverse order of our domain network. */
 type master;
 file "ittroubleshooter.rev.zone";
 allow-update { none; };
 };
 ########################################################
 
 include "/etc/named.rfc1912.zones";
 include "/etc/named.root.key";

4) Navigate to /var/named directory and create a master zones files.

Navigate to /var/named/ directory, Copy the named.localhost  and named.loopback files with the same permission as “ittroubleshooter.fwd.zone”   “ittroubleshooter.rev.zone” respectively.

[root@server1 ~]# cd /var/named
 [root@server1 named]# cp -pv named.localhost ittroubleshooter.fwd.zone
 ‘named.localhost’ -> ‘ittroubleshooter.fwd.zone’
 [root@server1 named]# cp -pv named.loopback ittroubleshooter.rev.zone
 ‘named.loopback’ -> ‘ittroubleshooter.rev.zone’
 [root@server1 named]#

Verify the permissions;

[root@server1 named]# ll
 total 24
 drwxr-x---. 7 root  named   56 Oct 26 01:01 chroot
 drwxr-x---. 7 root  named   56 Oct 26 01:01 chroot_sdb
 drwxrwx---. 2 named named    6 Nov 20  2015 data
 drwxrwx---. 2 named named    6 Nov 20  2015 dynamic
 drwxrwx---. 2 root  named    6 Nov 20  2015 dyndb-ldap
 -rw-r-----. 1 root  named  759 Oct 26 01:26 ittroubleshooter.fwd.zone
 -rw-r-----. 1 root  named  909 Oct 26 01:32 ittroubleshooter.rev.zone
 -rw-r-----. 1 root  named 2076 Jan 28  2013 named.ca
 -rw-r-----. 1 root  named  152 Dec 15  2009 named.empty
 -rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost
 -rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback
 drwxrwx---. 2 named named    6 Nov 20  2015 slaves
 [root@server1 named]#

Edit “ittroubleshooter.fwd.zone”(Forward lookup) file as follows.
#vim ittroubleshooter.fwd.zone

$TTL 1D
 @  IN SOA  server1.ittroubleshooter.in.  root.ittroubleshooter.in. (
                                 01      ; serial
                                 1D      ; refresh
                                 1H      ; retry
                                 1W      ; expire
                                 3H )    ; minimum
 ; #### Name servers ###########
 @       IN      NS      server1.ittroubleshooter.in.
 @       IN      NS      server2.ittroubleshooter.in.
 ; #### Resolve Name server hostname to IP Adress #######
 @       IN      A       192.168.1.10
 @       IN      A       192.168.1.11
 ; #####  Hosts in this Domain #######
 @       IN      A       192.168.1.12
 @       IN      A       192.168.1.13
 
 ; #####  Hostname Name maps to IP Adress Using "A" record ######  
 server1       IN      A       192.168.1.10
 server2       IN      A       192.168.1.11
 client1       IN      A       192.168.1.12
 client2       IN      A       192.168.1.13
 
 ~
 ~
 :wq

Details about the fields used above;

A             –  An A record maps a domain name to the IP address (IPv4) of the computer hosting the domain.
PTR        – The PTR record resolves the IP address to a domain/hostname.
CNAME – CNAME stands for Canonical Name. CNAME records can be used to alias one name to another.
MX         – It stands for mail exchange record, an entry in a domain name database that identifies the mail server that is responsible for handling e-mails for that domain name.
NS         – An name server record allows you to delegate a subdomain of your domain to another name server.
SOA      – It stands for start of authority, indicates authority for the domain.
TXT      – Generic text record
SRV      – Service location record
RP         – Responisible person
HINFO – Host information record with CPU type and operting system.

Now create reverse lookup file, we have already made a copy of “named.loopback” file in the name of ittroubleshooter.rev.zone

Edit “ittroubleshooter.rev.zone”(reverse lookup) file as follows.

#vim ittroubleshooter.rev.zone

$TTL 1D
 @   IN SOA  server1.ittroubleshooter.in.  root.ittroubleshooter.in. (
                          01      ; serial
                          1D      ; refresh
                          1H      ; retry
                          1W      ; expire
                          3H )    ; minimum
 ;#### Name servers #####
 @       IN      NS      server1.ittroubleshooter.in.
 @       IN      NS      server2.ittroubleshooter.in.
 @       IN      PTR     ittroubleshooter.in.
 ; #### Resolve Name server hostname to IP Adress #######
 server1       IN      A       192.168.1.10
 server2       IN      A       192.168.1.11
 ; #####  Hosts in this Domain #######
 client1       IN      A       192.168.1.12
 client2       IN      A       192.168.1.13
 
 ; #####  Hostname Name maps to IP Adress Using "PTR" record ######
 10            IN      PTR     server1.ittroubleshooter.in.
 11            IN      PTR     server2.ittroubleshooter.in.
 12            IN      PTR     client1.ittroubleshooter.in.
 13            IN      PTR     client2.ittroubleshooter.in.
 
 ~
 ~
 :wq

 

5) check whether the zones files are consistent or not.

To check the consistency of zones files the command is #named-checkconf <domain name> zone file

[root@server1 named]# named-checkconf /etc/named.conf 
[root@server1 named]# named-checkzone ittroubleshooter.in /var/named/ittroubleshooter.fwd.zone
 zone ittroubleshooter.in/IN: loaded serial 1
 OK
[root@server1 named]# named-checkzone ittroubleshooter.in /var/named/ittroubleshooter.rev.zone
 zone ittroubleshooter.in/IN: loaded serial 1
 OK
[root@server1 named]#

6) Allow DNS service on firewall.

[root@server1 named]# firewall-cmd --add-port=53/udp --permanent
 success
[root@server1 named]# firewall-cmd --add-port=53/tcp --permanent
 success
[root@server1 named]# firewall-cmd --reload
 success
[root@server1 named]#

7) Start and enable the DNS service.

# systemctl start  named.service && systemctl enable  named.service

[root@server1 named]# systemctl start  named.service && systemctl enable  named.service
 Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@server1 named]#

Now we’ve done with DNS Master server configuration, check whether it is resolving IP to hostname and hostname to IP using  various commands.

[root@server1 ~]# dig server1.ittroubleshooter.in
 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> server1.ittroubleshooter.in
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24839
 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
 ;; WARNING: recursion requested but not available
 
 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 4096
 ;; QUESTION SECTION:
 ;server1.ittroubleshooter.in. IN    A
 
 ;; ANSWER SECTION:
 server1.ittroubleshooter.in. 86400 IN     A     192.168.1.10
 
 ;; AUTHORITY SECTION:
 ittroubleshooter.in.    86400 IN    NS    server2.troubleshooter.in.
 ittroubleshooter.in.    86400 IN    NS    server1.troubleshooter.in.
 
 ;; Query time: 0 msec
 ;; SERVER: 192.168.1.10#53(192.168.1.10)
 ;; WHEN: Wed Oct 26 02:18:49 EDT 2016
 ;; MSG SIZE  rcvd: 131
 [root@server1 ~]#

check with giving IP of hostname.

#dig -x 192.168.1.10

[root@server1 ~]# dig -x 192.168.1.10

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -x 192.168.1.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16359
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;10.1.168.192.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:
10.1.168.192.in-addr.arpa. 86400 IN    PTR    server1.ittroubleshooter.in.

;; AUTHORITY SECTION:
1.168.192.in-addr.arpa.    86400    IN    NS    server1.ittroubleshooter.in.
1.168.192.in-addr.arpa.    86400    IN    NS    server2.ittroubleshooter.in.

;; ADDITIONAL SECTION:
server1.ittroubleshooter.in. 86400 IN    A    192.168.1.10
server2.ittroubleshooter.in. 86400 IN    A    192.168.1.11

;; Query time: 0 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Wed Oct 26 02:19:30 EDT 2016
;; MSG SIZE  rcvd: 163

[root@server1 ~]#

Add the DNS Master Server details in your network interface config file.

#nmtui

dnsnmtui_ittroubleshooter-in_new

Or Edit file /etc/resolv.conf;

#vi /etc/resolv.conf

# Generated by NetworkManager
 search ittroubleshooter.in
 nameserver 192.168.1.10
 
 ~
 ~
 :wq

Restart network service;

[root@server1 ~]# systemctl restart network

Step by Step configuration of DNS Slave Server

1) Check and install the package for DNS.

The package which is to be installed for DNS is bind, bind-utils and bind-chroot.

#rpm -qa bind

[root@server2 ~]# rpm -qa bind
[root@server2 ~]#

To install the bind9 package use yum command.

#yum install bind bind-utils

[root@server2 ~]# yum install bind bind-utils 
 Loaded plugins: fastestmirror
 Loading mirror speeds from cached hostfile
 Resolving Dependencies
 --> Running transaction check
 ---> Package bind.x86_64 32:9.9.4-29.el7 will be installed
 
 
 . . . .
 
 Transaction Summary
 ===============================================
 Install  2 Packages (+1 Dependent package)


Total download size: 3.0 M
 Installed size: 7.3 M
 Is this ok [y/d/N]: y
 Downloading packages:

2) Verify the IP address and Hostname of Slave DNS server.

Check the hostname and IP Address using below commands.

[root@server2 ~]# hostname
 server2.ittroubleshooter.in
[root@server2 ~]# ifconfig enp0s3
 enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
         inet 192.168.1.11  netmask 255.255.255.0  broadcast 192.168.1.255
         inet6 fe80::a00:27ff:fe9d:5e61  prefixlen 64  scopeid 0x20<link>
         ether 08:00:27:9d:5e:61  txqueuelen 1000  (Ethernet)
         RX packets 6914  bytes 9293165 (8.8 MiB)
         RX errors 0  dropped 0  overruns 0  frame 0
         TX packets 1770  bytes 2374822 (2.2 MiB)
         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
 [root@server2 ~]#

3) Edit the configuration file “/etc/named.conf”.

#vim /etc/named.conf

// See /usr/share/doc/bind*/sample/ for example named configuration files.
 //
 
 options {
 listen-on port 53 { 127.0.0.1; 192.168.1.11; }; /*"Where 192.168.1.11 is our Slave DNS Server IP." */
 listen-on-v6 port 53 { ::1; };
 directory       "/var/named";
 dump-file       "/var/named/data/cache_dump.db";
 statistics-file "/var/named/data/named_stats.txt";
 memstatistics-file "/var/named/data/named_mem_stats.txt";
 allow-query     { localhost; 192.168.1.0/24;}; /* 192.168.1.0/24 is the network's range from where clients can query the DNS Server.*/
 recursion no;
 
 dnssec-enable yes;
         
 
      . . . . .
 
 zone "." IN {
  type hint;
  file "named.ca";
 };
 
 ##### Define Slave forward & reverse Zone file ##############
 zone"ittroubleshooter.in" IN {
 type slave;
 file "slaves/ittroubleshooter.fwd.zone";
 masters { 192.168.1.10; };
 };
 zone"1.168.192.in-addr.arpa" IN {
 type slave;
 file "slaves/ittroubleshooter.rev.zone";  
masters { 192.168.1.10; };  }; 
########################################################### 
include "/etc/named.rfc1912.zones"; 
include "/etc/named.root.key";

4) Start and enable the DNS service.

# systemctl start  named.service && systemctl enable  named.service

[root@server2 ~]#  systemctl restart  named.service && systemctl enable  named.service
 Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@server2 ~]#

Now the forward and reverse zones are automatically replicated from Master DNS server to Secondary DNS server (/var/named/slaves directory).

[root@server2 ~]# ll /var/named/slaves/
 total 8
 -rw-r--r--. 1 named named 522 Oct 26 02:56 ittroubleshooter.fwd.zone
 -rw-r--r--. 1 named named 858 Oct 26 02:56 ittroubleshooter.rev.zone
[root@server2 ~]#

5) Allow DNS service on firewall.

[root@server2 ~]# firewall-cmd --add-port=53/udp --permanent
 success
[root@server2 ~]#firewall-cmd --reload
 success
[root@server2 ~]#

Add the DNS Master and Slave details in your network interface config file.

#nmtui

slave_ittroubleshooter-in_new

Or Edit file /etc/resolv.conf;

#vim /etc/resolv.conf

nameserver 192.168.1.10
nameserver  192.168.1.11
 
 ~
 ~
 :wq

Restart network service;

[root@server2 ~]# systemctl restart network

Now we’ve done with DNS Slave server configuration.

Configure DNS Server on Client (Linux) Side

1) Edit the /etc/resolv.conf file.

Add the DNS server details in “resolv.conf” file in all Client systems.

#vim /etc/resolv.conf

# Generated by NetworkManager
 search ittroubleshooter.in
 nameserver 192.168.1.10
 nameserver 192.168.1.11
 
 ~
 ~
 :wq

 2) Restart network service.

[root@client1 ~]# systemctl restart network

3) Verify DNS server.

Using dig & nslookup command you can verify the DNS queries.

[root@client1 ~]# nslookup client1
 Server:           192.168.1.10
 Address:    192.168.1.10#53
 
 Name: client1.ittroubleshooter.in
 Address: 192.168.1.12
 
 [root@client1 ~]# nslookup 192.168.1.12
 Server:           192.168.1.10
 Address:    192.168.1.10#53
 
 12.1.168.192.in-addr.arpa     name = client1.ittroubleshooter.in.
 
 [root@client1 ~]#

Configure DNS Server on Client (Window) Side

In our case we are using window 7 machine.First go to start–> run–> type “ncpa.cpl”. Select the network adapter and go to  properties.It will popup the new window,Select the “Internet Protocol Version 4” option and click on properties, refer below screen shot.

window_ittroubleshooter-in_new

Fill the entries on preferred DNS server and Alternate DNS server option, refer below screen shot.

window2_ittroubleshooter-in_new

Verify DNS server.

Use nslookup command you can verify the DNS queries, refer below screen shot;

window3_ittroubleshooter-in

Hope this post will help Linux/Unix beginners. Please share you feedback and Comments.!!!

Leave a Reply

Be the First to Comment!

Notify of
avatar
wpDiscuz