Bind Server

Mar 25, 2018 18:37 · 529 words · 3 minute read

Bind Server Setup with Slave

Source

Install bind

yum update -y; yum install bind bind-utils -y

First we’ll have to modify our named.conf file. In the example below I have placed ‘##’ to indicate lines that should change. 2.2.2.2 is the IP address of the second droplet. Open up /etc/named.conf

options {
    ##listen-on port 53 { 127.0.0.1; };
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    ##allow-query { any; };
    ##allow-transfer     { localhost; 2.2.2.2; };
    ##recursion no;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
    managed-keys-directory "/var/named/dynamic";
};

Add the following to named.conf below the existing zones:

zone "mydomain.com" IN {
    type master;
    file "mydomain.com.zone";
    allow-update { none; };
};

Now we can create our first zone file. Use the following as a template for /var/named/mydomain.com.zone:

$TTL 300
@   IN  SOA     ns1.mydomain.com. root.mydomain.com. (
    2013042201  ;Serial
    3600        ;Refresh
    1800        ;Retry
    604800      ;Expire
    86400       ;Minimum TTL
)


; Specify our two nameservers
    IN  NS      ns1.mydomain.com.
    IN  NS      ns2.mydomain.com.


; Resolve nameserver hostnames to IP, replace with your two droplet IP addresses.

ns1     IN  A       1.1.1.1
ns2     IN  A       2.2.2.2

; Define hostname -> IP pairs which you wish to resolve

@      IN  A       3.3.3.3
www     IN  A       3.3.3.3

Make sure that you actually change the IP addresses to the your IP Addresses. Now you can start the service as well as make sure that it is enabled as a startup service

service named restart; chkconfig named on

That will take a bit of time to complete while bind generates the rndc.key file After it is done you can confirm that everything is working by issuing the following command from your local computer

dig @1.1.1.1 mydomain.com

Secondary Nameserver Setup

Start off by updating and installing bind

$ yum update -y; yum -y install bind bind-utils

Now we need to configure our /etc/named.conf, again I use ‘##’ to indicate lines that will need to change. The only difference from the primary name server is we omit the “Allow transfer”:

options {
    ##listen-on port 53 { 127.0.0.1; };
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    ##allow-query { any; };
    ##recursion no;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";
};

We will also add our zone to /etc/named.conf below the existing zones except it will be set up as a slave. Make sure that you point it to the correct IP address.

zone "mydomain.com" IN {
    type slave;
    masters { 104.236.41.201; };
    file "mydomain.com.zone";
};

Now we start the server as well as make sure that the service is set to run on startup

service named start; chkconfig named on

After any changes you make to the master zone files, you will need to instruct Bind to reload. Remember, you must also increment the “serial” directive to ensure synchronicity between the master and slave. Serial can be any number but a common theme is to use current date followed by 2 digit placeholder for the day. For example, 2014110504 would mean Nov 5, 2014 and it’s the 4th time it’s been edited.

rndc reload