Configure BIND Slave DNS Server on Debian 11 | Debian 10
source link: https://computingforgeeks.com/configure-slave-bind-dns-server-on-debian/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
DNS servers can be set to perform master or slave functions. In our previous guide, we chewed over how to configure a BIND primary DNS server on Debian 11 | Debian 10. In this guide, we will be walking through how to configure Slave BIND DNS Server on Debian 11 | Debian 10. A slave DNS server receives a copy of data from the master/primary DNS server using the zone transfer method. In this method, zone data is kept in a cache for a given time and is used to serve DNS queries.
Our Environment Setup
In this guide, I will be using a master DNS server whose IP is 192.168.1.12 with the domain name ns1.computingforgeeks.local.
We will set up a secondary server with IP 192.168.1.10. and ns2.computingforgeeks.local as the domain name.
Step 1: Configure BIND Master DNS Server
For this setup (Master-slave) we need to configure the master DNS server and enable zone transfer to the secondary server (ns2.computingforgeeks.local). We first need to edit the /etc/named.conf.local on the primary server (ns1.computingforgeeks.local)
We have a dedicated guide on Master Bind DNS Setup: Configure Master BIND DNS Server on Debian
Install vim or nano editor on Debian 10/Debian 11 with the command:
sudo apt install nano vim Then use it to edit the files:
sudo vim /etc/bind/named.conf.localIn the file, we need to add allow transfer and also-notify parameters as shown below.
##On the Forward zone
zone "computingforgeeks.local" IN { // Domain name
type master; // Primary DNS
file "/etc/bind/forward.computingforgeeks.local.db"; // Forward lookup file
allow-update { none; }; // Since this is the primary DNS, it should be none.
allow-transfer { 192.168.1.10; }; //Allow Transfer of zone from the master server
also-notify { 192.168.1.10; }; //Notify slave for zone changes
};
##On the Reverse zone
zone "10.16.172.in-addr.arpa" IN { //Reverse lookup name, should match your network in reverse order
type master; // Primary DNS
file "/etc/bind/reverse.computingforgeeks.local.db"; //Reverse lookup file
allow-update { none; }; //Since this is the primary DNS, it should be none.
allow-transfer { 192.168.1.10; }; //Allow Transfer of zone from the master server
also-notify { 192.168.1.10; }; //Notify slave for zone changes
};The added parameters:
- allow-tranfer-allows the transfer of zone files from the master slave DNS server.
- also-notify-notifies the slave DNS server when there is any update on the zone files.
With these changes made, restart the DNS service on the Primary server.
sudo systemctl restart bind9Step 2: Configure the Slave BIND DNS on Debian 11 | Debian 10
We will first install the bind9 package on Debian 11 | Debian 10 as below.
sudo apt-get update
sudo apt-get install -y bind9 bind9utils bind9-doc dnsutilsThen proceed and edit the slave server configuration file in /etc/bind/ directory. Install vim editor sudo apt install vim
sudo vim /etc/bind/named.conf.localIn the file, add the following lines in the forward zone.
zone "computingforgeeks.local" IN { //Domain name
type slave; //Secondary Slave DNS
file "/var/cache/bind/forward.computingforgeeks.local.db"; //Forward Zone Cache file
masters { 192.168.1.12; }; //Master Server IP
};In the reverse zone:
zone "1.168.192.in-addr.arpa" IN { //Reverse lookup name. Should match your network in reverse order
type slave; // Secondary/Slave DNS
file "/var/cache/bind/reverse.computingforgeeks.local.db"; //Reverse Zone Cache file
masters { 192.168.1.12; }; //Master Server IP
};With the changes made, restart the server on ns2.computingforgeeks.local
sudo systemctl restart bind9Step 3: Test the Slave DNS server on on Debian 11 | Debian 10
Now we test if the zone transfer was successful and the DNS server is working correctly. We need to set the client machine to use the slave as its DNS server.
$ sudo vim /etc/resolv.conf
nameserver 192.168.1.10Now use the dig command to verify if the DNS is working.
dig www.computingforgeeks.localSample Output:
; <<>> DiG 9.16.1-Ubuntu <<>> www.computingforgeeks.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9873
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: cca3340ee2f80f2b111d4e316120c5877d9c4c467fc68ef0 (good)
;; QUESTION SECTION:
;www.computingforgeeks.local. IN A
;; ANSWER SECTION:
www.computingforgeeks.local. 604800 IN A 192.168.1.13
;; AUTHORITY SECTION:
computingforgeeks.local. 604800 IN NS ns1.computingforgeeks.local.
;; ADDITIONAL SECTION:
ns1.computingforgeeks.local. 604800 IN A 192.168.1.12
;; Query time: 0 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Sat Aug 21 12:21:11 EAT 2021
;; MSG SIZE rcvd: 134
You can use the below syntax to direct the query to the specific slave DNS and the output should be similar to the one above.
dig www.computingforgeeks.local @192.168.1.10Sample Output.
From the output, it shows that the Master-slave setup is working correctly.
Conclusion
That is it! We have suce=cessfully configured a Slave BIND DNS Server on Debian 11 | Debian 10. I hope this was of significance.
See more articles on our page:
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK