Setup Master-Slave DNS Server using BIND on CentOS 7

By
koromicha
-
0
8163

Last updated on June 23rd, 2021 at 11:02 pm

Welcome gurus to this very tutorial on how to setup Master-Slave DNS Server using BIND on CentOS 7. BIND, Berkeley Internet Name Domain, can be configured to function as both Master and Slave DNS server.

There are different open-source packages that can be used to configure DNS nameservers. Some of these packages include BIND, dnsmasq, and unbound. In this tutorial, we are going to use BIND package to configure our local DNS server. BIND is an open-source software that is used to implement DNS protocols that defines how networked devices can locate one another based on their hostnames.

Setup Master-Slave DNS Server using BIND on CentOS 7

Follow through this guide to setup master-slave DNS server using BIND on CentOS 7.

In this tutorial, we will be using three CentOS 7 servers configured as follows:

  • Server1
    • Hostname: server1.example.com
    • Ip Address: 192.168.122.10
    • Role: Master DNS server
  • Server2
    • Hostname: server2.example.com
    • Ip Address: 192.168.122.11
    • Role: Slave DNS server
  • Server3
    • Hostname: server3.example.com
    • Ip Address: 192.168.122.20
    • Role: client server

In all the servers, we have to install BIND packages before we proceed with configurations;

yum install -y bind bind-utils

Once the package is installed, let us get to work.

Configuring Master DNS Server using BIND on CentOS 7

Let’s begin by editing BIND main configuration file /etc/named.conf and make the adjustments as shown below.

We would want to allow specific hosts to access the master DNS server. Therefore, we will create an Access Control List called allowed containing IP addresses of the hosts to be allowed before the options sections in the configuration file;

vim /etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

# Create an access control list called allowed 
acl "allowed" {
        192.168.122.10;
        192.168.122.11;
        192.168.122.20;
};
options {
        listen-on port 53 { 127.0.0.1; 192.168.122.10; }; # IP Address of the Master
        listen-on-v6 port 53 { ::1; };
        directory   "/var/named";
        dump-file   "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; allowed; }; # Enable 'allowed' hosts to query Master DNS
        allow-transfer  { localhost; 192.168.122.11; }; #IP Address of secondary nameserver

Create zone statements for both forward and reverse DNS lookups.

# Zone statement for forward DNS lookup
zone "example.com" IN {
        type master;                           # type of zone
        file "/var/named/forward.example.com"; # location of forward zone file
        allow-update { none; };
};
# Zone statement for reverse DNS lookup
zone    "122.168.192.in-addr.arpa" IN {
        type master;                    
        file "/var/named/reverse.example.com"; # location of reverse zone file
        allow-update { none; };
};

After that, save the configuration file and exit.

Create Zone files for both the forward and reverse zone statements created in the /etc/named.conf

Creating a Forward zone file.

As specified in the zone statement in the /etc/named.conf file, forward zone file is located /var/named/forward.example.com. Open the file and edit it as follows;

cat > /var/named/forward.example.com << 'EOL
$ORIGIN example.com.
$TTL 86400
@   IN  SOA server1.example.com. root.example.com. (
        2017020401   ; serial
        3600         ; refresh
        1800         ; retry
        604800       ; expire
        86400 )      ; minimum TTL
;
; define nameservers
    IN  NS  server1.example.com.
    IN  NS  server2.example.com.
;
; IP address and hostname
server1 IN  A   192.168.122.10
server2 IN  A   192.168.122.11
;
;client records
server3 IN  A   192.168.122.20
EOL

Save the file and exit the editor.

Creating a reverse zone file.

cat > /var/named/reverse.example.com << 'EOL
$ORIGIN 122.168.192.in-addr.arpa.
$TTL    86400
@   IN  SOA server1.example.com.    root.example.com. (
        2017020402  ; serial
        3600        ; refresh
        1800        ; retry
        604800      ; expire
        86400 )     ; minimum TTL
;
;nameservers
    IN  NS  server1.example.com.
    IN  NS  server2.example.com.
;
;nameserver IP addresses
    IN  A   192.168.122.10
    IN  A   192.168.122.11
;
; client IP Address
    IN  A   192.168.122.20
; nameserver PTR records
10  IN  PTR server1.example.com.
11  IN  PTR server2.example.com.
;
; client PTR records
20  IN  PTR server3.example.com.
EOL

Save the file and exit the editor.

Before starting BIND i.e named service, check that there are no syntactic errors in your configuration files using the following command;

named-checkconf

If the configuration file has no error, the command will return nothing.

  • To verify the syntax of the forward zone file run the following command; 
named-checkzone example.com /var/named/forward.example.com 
zone example.com/IN: loaded serial 2017020401
OK
  • To verify the syntax of the reverse zone file, run the command. 
named-checkzone 122.168.192.in-addr.arpa /var/named/reverse.example.com
zone 122.168.192.in-addr.arpa/IN: loaded serial 2017012001
OK

Since there are no errors, we can start BIND and enable it to start on boot.

systemctl enable --now named

If firewall is running, enable dns service through it and reload the firewall.

firewall-cmd --add-service=dns --permanent;firewall-cmd --reload

Change DNS server of the master to that of its own by editing the /etc/resolv.conf file and adding the nameserver IP address

vim /etc/resolv.conf

Add the line: nameserver 192.168.122.10

Change the dns server details on the network interface. My network interface is eth0.

nmcli con mod eth0 ipv4.dns 192.168.122.10
nmcli con down eth0; nmcli con up eth0

After that, test to check if the hostnames or addresses are being resolved.

To check name resolution:
dig server1.example.com

To check hostname resolution;
dig -x 192.168.122.10`

Configuring Slave DNS server Using BIND on CentOS 7

Install BIND package.

yum install bind bind-utils -y

Edit the /etc/named.conf file and make the adjustments as shown below.

vim /etc/named.conf

## Create an ACL
acl "allowed" {
        192.168.122.10;
        192.168.122.11;
        192.168.122.20;
};
options {
        listen-on port 53 { 127.0.0.1; 192.168.122.11; }; ## Slave server IP address
        listen-on-v6 port 53 { ::1; };
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query { localhost; allowed; }; ## Allows 'allowed ' hosts to query Slave DNS
        allow-transfer { none; }; ## Disable zone transfer
  • Create zone statements for both forward and reverse dns lookups. 
# zone statement for forward dns lookup
zone "example.com" IN {
        type slave;
        file "slaves/forward.example.com";
        masters { 192.168.122.10; };
};
# zone statement for reverse dns lookup
zone  "122.168.192.in-addr.arpa" IN {
        type slave;
        file "slaves/reverse.example.com";
        masters { 192.168.122.10; };
};

Save the file and exit.

Change the DNS server details on your network interface. In this case, we will add both DNS servers and restart the interface.

nmcli con mod eth0 +ipv4.dns "192.168.122.10 192.168.122.11"
nmcli con down eth0;nmcli con up eth0

Edit the /etc/resolv.conf file by adding the following lines.

nameserver 192.168.122.10
nameserver 192.168.122.11

Allow DNS service through firewall and reload firewall.

firewall-cmd --add-service=dns --permanent;firewall-cmd --reload

Test the Server, if everything goes well, proceed to configure the client.

Configuring the client

Log into the client and edit the /etc/resolv.conf file. Add the IP addresses of both the primary and secondary nameserver.

nameserver 192.168.122.10
nameserver 192.168.122.11

Test for forward lookup;

nslookup server3.example.com
Server:     192.168.122.10
Address:    192.168.122.10#53

Name:   server3.example.com
Address: 192.168.122.20

Test the reverse lookup;

nslookup 192.168.122.20
Server:     192.168.122.10
Address:    192.168.122.10#53

20.122.168.192.in-addr.arpa name = server3.example.com.

Magnificent, your local DNS server is now set up and operational. And that is marks the end of our guide on how to Setup Master-Slave DNS Server using BIND on CentOS 7.

Related Tutorials

Configure Local DNS Server using Dnsmasq on Ubuntu 20.04

Setup Caching-Only DNS Server using BIND9 on Ubuntu 20.04

Configure BIND DNS Server using Webmin on CentOS 8

Setup Bind DNS Using Webmin on Debian 10

Configure BIND as Slave DNS Server on Ubuntu 18.04

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here