Configure BIND as Slave DNS Server on Ubuntu 18.04

2
5921

Our previous guide demonstrated how to configure BIND as a Master DNS server on Ubuntu 18.04 (See the link below). This guide will demonstrate how to configure BIND as Slave DNS Server on Ubuntu 18.04. The Slave DNS servers, also known as Secondary DNS servers act a backup of the Master DNS servers.

How to configure BIND as a Master DNS server on Ubuntu 18.04

The master DNS server stored the zone files. Any changes on the Zone files are made on the master DNS server. The slave DNS on the other hand receive zone definitions from the primary name servers using a zone transfer operation. Both primary and secondary name servers are authoritative for the zone and look the same to clients. 

Configure BIND as Slave DNS Server on Ubuntu 18.04

In this Demo, our environment setup is;

Master DNS server:

  • ns1.kifarunix-demo.com, 192.168.2.5/24

Slave DNS server:

  • ns2.kifarunix-demo.com, 192.168.2.6/24

Update your system

apt update
apt upgrade

Install BIND and BIND Utilities

apt install bind9 bind9-utils

Configure Master Zone Transfer

Login to the master DNS server and configure it allow zone transfer to slave DNS server. This can be done by the use the allow-transfer option. This option specifies the slave servers that are allowed to request a transfer of the zone’s information from the master.

The configuration can be done globally using the option statement or from a specific zone. To configure zone transfer globally;

(Note the line; allow-transfer { 192.168.2.6; };)

vim /etc/bind/named.conf.options
...
options {
  directory "/var/cache/bind";

        recursion yes;
        allow-recursion { localhost; allowed; };
        listen-on port 53 { localhost; 192.168.2.5; };
        allow-query { localhost; allowed; };
        allow-transfer { 192.168.2.6; };  # Slave IP address

        forwarders {
                192.168.2.1;
                8.8.8.8;
        };

...

Run the configuration check and restart BIND.

named-checkconf /etc/bind/named.conf.options

Next, edit the Master Forward and Reverse zone files to include the slave DNS server.

vim /var/cache/bind/kifarunix-demo.com
...
;
; Primary Nameserver
        IN      NS      ns1.kifarunix-demo.com.
        IN      NS      ns2.kifarunix-demo.com.
;
; Define A records (forward lookups)
ns1     IN      A       192.168.2.5
ns2     IN      A       192.168.2.6
server01        IN      A       192.168.2.100
...
vim /var/cache/bind/rev-kifarunix-demo.com
...
;
; Primary nameserver
@       IN      NS      ns1.kifarunix-demo.com.
        IN      NS      ns2.kifarunix-demo.com.
; PTR records for reverse lookup
5       IN      PTR     ns1.kifarunix-demo.com.
6       IN      PTR     ns2.kifarunix-demo.com.
100     IN      PTR     server01.kifarunix-demo.com.

Verify Zone configuration Syntax.

named-checkzone kifarunix-demo.com /var/cache/bind/kifarunix-demo.com
named-checkzone 2.168.192.in-addr.arpa /var/cache/bind/rev-kifarunix-demo.com

Reload configuration file and zones

rndc reload
server reload successful

Configure Slave DNS server

Next, configure Slave DNS server ACL and options such that your configuration looks like in below. Note the line, allow-transfer { none; };. The file should however look similar to the Master server configuration.

vim /etc/bind/named.conf.options
acl "allowed" {
        192.168.2.0/24;
};

options {
  directory "/var/cache/bind";

        recursion yes;
        allow-recursion { localhost; allowed; };
        listen-on port 53 { localhost; 192.168.2.6; };
        allow-query { localhost; allowed; };
        allow-transfer { none; };

        forwarders {
                192.168.2.1;
                8.8.8.8;
        };

        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { none; };
};

Run the configuration syntax verification.

named-checkconf /etc/bind/named.conf.options

Create Slave Forward and Reverse Zone Files

vim /etc/bind/named.conf.local
# Slave zone statement for forward DNS lookup
zone "kifarunix-demo.com" IN {
        type slave;
        file "kifarunix-demo.com";
        masters { 192.168.2.5; };
};
# Slave zone statement for reverse DNS lookup
zone "2.168.192.in-addr.arpa" IN {
        type slave;
        file "rev-kifarunix-demo.com";
        masters { 192.168.2.5; };
};

Run zone configuration syntax verification.

named-checkconf /etc/bind/named.conf.local

Reload Zone files and configurations.

rndc reload

One that is done, the master Zone files will be transferred to the slave server BIND working directory.

ls /var/cache/bind/ | grep kifarunix
kifarunix-demo.com
rev-kifarunix-demo.com

Verify Resolution on the Client

dig server01.kifarunix-demo.com @192.168.2.6
; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> server01.kifarunix-demo.com @192.168.2.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65474
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: fa331bbdb978978e5ae1c9bc5d05085d6ec710f6f606b114 (good)
;; QUESTION SECTION:
;server01.kifarunix-demo.com.	IN	A

;; ANSWER SECTION:
server01.kifarunix-demo.com. 86400 IN	A	192.168.2.100

;; AUTHORITY SECTION:
kifarunix-demo.com.	86400	IN	NS	ns1.kifarunix-demo.com.

;; ADDITIONAL SECTION:
ns1.kifarunix-demo.com.	86400	IN	A	192.168.2.5

;; Query time: 1 msec
;; SERVER: 192.168.2.6#53(192.168.2.6)
;; WHEN: Sat Jun 15 15:01:49 EAT 2019
;; MSG SIZE  rcvd: 134

Configure the Client interface to include the Slave DNS server.

less /etc/netplan/01-netcfg.yaml
network:
  version: 2
  renderer: networkd
  ethernets:
    enp0s3:
      dhcp4: no
      addresses: [192.168.2.100/24]
      nameservers:
              addresses:
                      - 192.168.2.5
                      - 192.168.2.6
              search: [ kifarunix-demo.com ]

Run reverse lookup.

nslookup 192.168.2.100
100.2.168.192.in-addr.arpa	name = server01.kifarunix-demo.com.

Authoritative answers can be found from:
dig -x 192.168.2.100

; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> -x 192.168.2.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53827
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;100.2.168.192.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
100.2.168.192.in-addr.arpa. 86400 IN	PTR	server01.kifarunix-demo.com.

;; Query time: 3 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Jun 15 15:12:25 EAT 2019
;; MSG SIZE  rcvd: 96

Great. That is all on to simply configure BIND as Slave DNS server on Ubuntu 18.04.

BIND Master-Slave DNS configuration is demonstrated on a guide in the link below;

How to Setup Master-Slave DNS Server using BIND on CentOS 7

2 COMMENTS

  1. Hello, i added the following lines (with different ip addresses) to “/etc/bind/named.conf.options”:
    recursion yes;
    allow-recursion { localhost; allowed; };
    listen-on port 53 { localhost; 192.168.2.5; };
    allow-query { localhost; allowed; };
    allow-transfer { 192.168.2.6; }; # Slave IP address

    forwarders {
    192.168.2.1;
    8.8.8.8;
    };
    When I run named-checkconf /etc/bind/named.conf.options I get this error:
    /etc/bind/named.conf.options:14: undefined ACL ‘allowed’

    Any idea what is wrong?
    Thank you,
    Bryan

LEAVE A REPLY

Please enter your comment!
Please enter your name here