Last updated on June 23rd, 2021 at 11:02 pm
Welcome gurus to this very tutorial on how to setup Master-Slave DNS Server using BIND on CentOS 7. BIND, Berkeley Internet Name Domain, can be configured to function as both Master and Slave DNS server.
There are different open-source packages that can be used to configure DNS nameservers. Some of these packages include BIND, dnsmasq, and unbound. In this tutorial, we are going to use BIND package to configure our local DNS server. BIND is an open-source software that is used to implement DNS protocols that defines how networked devices can locate one another based on their hostnames.
Setup Master-Slave DNS Server using BIND on CentOS 7
Follow through this guide to setup master-slave DNS server using BIND on CentOS 7.
In this tutorial, we will be using three CentOS 7 servers configured as follows:
- Server1
- Hostname:
server1.example.com
- Ip Address:
192.168.122.10
- Role:
Master DNS server
- Hostname:
- Server2
- Hostname:
server2.example.com
- Ip Address:
192.168.122.11
- Role:
Slave DNS server
- Hostname:
- Server3
- Hostname:
server3.example.com
- Ip Address:
192.168.122.20
- Role:
client server
- Hostname:
In all the servers, we have to install BIND packages before we proceed with configurations;
yum install -y bind bind-utils
Once the package is installed, let us get to work.
Configuring Master DNS Server using BIND on CentOS 7
Let’s begin by editing BIND main configuration file /etc/named.conf and make the adjustments as shown below.
We would want to allow specific hosts to access the master DNS server. Therefore, we will create an Access Control List called allowed containing IP addresses of the hosts to be allowed before the options sections in the configuration file;
vim /etc/named.conf
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html # Create an access control list called allowed acl "allowed" { 192.168.122.10; 192.168.122.11; 192.168.122.20; }; options { listen-on port 53 { 127.0.0.1; 192.168.122.10; }; # IP Address of the Master listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; allowed; }; # Enable 'allowed' hosts to query Master DNS allow-transfer { localhost; 192.168.122.11; }; #IP Address of secondary nameserver
Create zone statements for both forward and reverse DNS lookups.
# Zone statement for forward DNS lookup zone "example.com" IN { type master; # type of zone file "/var/named/forward.example.com"; # location of forward zone file allow-update { none; }; }; # Zone statement for reverse DNS lookup zone "122.168.192.in-addr.arpa" IN { type master; file "/var/named/reverse.example.com"; # location of reverse zone file allow-update { none; }; };
After that, save the configuration file and exit.
Create Zone files for both the forward and reverse zone statements created in the /etc/named.conf
Creating a Forward zone file.
As specified in the zone statement in the /etc/named.conf file, forward zone file is located /var/named/forward.example.com. Open the file and edit it as follows;
cat > /var/named/forward.example.com << 'EOL $ORIGIN example.com. $TTL 86400 @ IN SOA server1.example.com. root.example.com. ( 2017020401 ; serial 3600 ; refresh 1800 ; retry 604800 ; expire 86400 ) ; minimum TTL ; ; define nameservers IN NS server1.example.com. IN NS server2.example.com. ; ; IP address and hostname server1 IN A 192.168.122.10 server2 IN A 192.168.122.11 ; ;client records server3 IN A 192.168.122.20 EOL
Save the file and exit the editor.
Creating a reverse zone file.
cat > /var/named/reverse.example.com << 'EOL $ORIGIN 122.168.192.in-addr.arpa. $TTL 86400 @ IN SOA server1.example.com. root.example.com. ( 2017020402 ; serial 3600 ; refresh 1800 ; retry 604800 ; expire 86400 ) ; minimum TTL ; ;nameservers IN NS server1.example.com. IN NS server2.example.com. ; ;nameserver IP addresses IN A 192.168.122.10 IN A 192.168.122.11 ; ; client IP Address IN A 192.168.122.20 ; nameserver PTR records 10 IN PTR server1.example.com. 11 IN PTR server2.example.com. ; ; client PTR records 20 IN PTR server3.example.com. EOL
Save the file and exit the editor.
Before starting BIND i.e named service, check that there are no syntactic errors in your configuration files using the following command;
named-checkconf
If the configuration file has no error, the command will return nothing.
- To verify the syntax of the forward zone file run the following command;
named-checkzone example.com /var/named/forward.example.com
zone example.com/IN: loaded serial 2017020401
OK
- To verify the syntax of the reverse zone file, run the command.
named-checkzone 122.168.192.in-addr.arpa /var/named/reverse.example.com
zone 122.168.192.in-addr.arpa/IN: loaded serial 2017012001
OK
Since there are no errors, we can start BIND and enable it to start on boot.
systemctl enable --now named
If firewall is running, enable dns service through it and reload the firewall.
firewall-cmd --add-service=dns --permanent;firewall-cmd --reload
Change DNS server of the master to that of its own by editing the /etc/resolv.conf file and adding the nameserver IP address
vim /etc/resolv.conf
Add the line: nameserver 192.168.122.10
Change the dns server details on the network interface. My network interface is eth0.
nmcli con mod eth0 ipv4.dns 192.168.122.10
nmcli con down eth0; nmcli con up eth0
After that, test to check if the hostnames or addresses are being resolved.
To check name resolution:
dig server1.example.com
To check hostname resolution;
dig -x 192.168.122.10
`
Configuring Slave DNS server Using BIND on CentOS 7
Install BIND package.
yum install bind bind-utils -y
Edit the /etc/named.conf file and make the adjustments as shown below.
vim /etc/named.conf
## Create an ACL acl "allowed" { 192.168.122.10; 192.168.122.11; 192.168.122.20; }; options { listen-on port 53 { 127.0.0.1; 192.168.122.11; }; ## Slave server IP address listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; allowed; }; ## Allows 'allowed ' hosts to query Slave DNS allow-transfer { none; }; ## Disable zone transfer
- Create zone statements for both forward and reverse dns lookups.
# zone statement for forward dns lookup zone "example.com" IN { type slave; file "slaves/forward.example.com"; masters { 192.168.122.10; }; }; # zone statement for reverse dns lookup zone "122.168.192.in-addr.arpa" IN { type slave; file "slaves/reverse.example.com"; masters { 192.168.122.10; }; };
Save the file and exit.
Change the DNS server details on your network interface. In this case, we will add both DNS servers and restart the interface.
nmcli con mod eth0 +ipv4.dns "192.168.122.10 192.168.122.11"
nmcli con down eth0;nmcli con up eth0
Edit the /etc/resolv.conf file by adding the following lines.
nameserver 192.168.122.10
nameserver 192.168.122.11
Allow DNS service through firewall and reload firewall.
firewall-cmd --add-service=dns --permanent;firewall-cmd --reload
Test the Server, if everything goes well, proceed to configure the client.
Configuring the client
Log into the client and edit the /etc/resolv.conf file. Add the IP addresses of both the primary and secondary nameserver.
nameserver 192.168.122.10
nameserver 192.168.122.11
Test for forward lookup;
nslookup server3.example.com
Server: 192.168.122.10
Address: 192.168.122.10#53
Name: server3.example.com
Address: 192.168.122.20
Test the reverse lookup;
nslookup 192.168.122.20
Server: 192.168.122.10
Address: 192.168.122.10#53
20.122.168.192.in-addr.arpa name = server3.example.com.
Magnificent, your local DNS server is now set up and operational. And that is marks the end of our guide on how to Setup Master-Slave DNS Server using BIND on CentOS 7.
Related Tutorials
Configure Local DNS Server using Dnsmasq on Ubuntu 20.04
Setup Caching-Only DNS Server using BIND9 on Ubuntu 20.04
Configure BIND DNS Server using Webmin on CentOS 8
Setup Bind DNS Using Webmin on Debian 10
Configure BIND as Slave DNS Server on Ubuntu 18.04