Setting up DNS Master & Slave on Centos 6.5

Awhile ago I have setup a DNS server in my home network. However I also wanted to explore the possibilities for a “backup” DNS server. Thus I found BIND slave. This guide will take you through alle the aspects of the Master and Slave DNS server. But also the IPtables rules! I had some troubles getting the zone transfer to work and updating..

**** I am not explaining all DNS details. If you want to learn more about DNS use google 😉 or http://www.zytrax.com ****

Some important data:

I have 2 locations: (connected via vpn)
locationA (10.0.0.0) / gateway/router = 10.0.0.1
locationB (10.0.1.0) / gateway/router = 10.0.1.1

ns1 = 10.0.0.102
ns2 = 10.0.1.116

I have a domain internally: domain.com this can be found in the file /var/named/domain.com.hosts
Besides that I have a reverse lookup file 168.192.in-addr.arpa.hosts.

!!!! Please remember that you have to perform everything as root, since bind will be running in a chroot jail !!!!

Handy commands:
service iptables restart ; restarting the firewall
service named restart ; restarting the DNS server
rndc reload ; graceful restart of the DNS server
service network restart ; restart networking
vim ; text editor
dig ; querying tool DNS
nslookup ; tool to obtain DNS record information

Step 1: setting up the master server

Edit the named.conf file:

As you can see I have 2 “zones”, one for my domain and one for reverse lookup.

Step 2: Let’s create the zone files
First my domain zone:

File 2: Reverse lookup (This goes via 2 local networks!)
I named it 168 rather 1.168 for this particular reason.

As you can see there are records for 0.* and 1.*. This way I can reverse lookup from both locations.

You can easily create these files by:

and

Step 3: Setting up iptables on the master
This has take me some time to figure out. But I wanted to do it as secure as possible. My DNS will only be used by the two internal networks. I came up with the following rules. (You can also apply these on the slave server)

**** MAKE SURE! you put these before the REJECT rules 😉 ****

—-> start the MASTER DNS <----

Make sure the DNS server starts at boot:

Step 4: Setting up the slave server
This is even more easy than setting up master. The slave server will retrieve the zone files from the master. We just have to make sure the correct settings are placed.

So first we install bind:

After that we have to create a named.conf:

Please refer to my config file underneath for an example:

These are the most important settings here:

These rules allow the slave DNS server to retrieve the zone files periodically from the master DNS server. Fill in the correct master DNS ip address. So your transfer will be more secure.

Step 5: Setting up iptables on the slave
This has take me some time to figure out. But I wanted to do it as secure as possible. My DNS will only be used by the two internal networks. I came up with the following rules. (You can also apply these on the master server)

You can check if the secondary server receives the files by going to /var/named/slaves on the DNS Slave server. And performing an “ls” command. If the zone files you configured in /etc/named.conf are there. It’s working!

**** MAKE SURE! you put these before the REJECT rules 😉 ***

—-> Restart the SLAVE DNS server <----

Make sure the DNS server starts at boot:

Step 6: Configuring the DNS servers on your workstations and servers
You can also apply these settings on the DNS Master and Slave server.
On centos 5 & 6:

Example:

Your resolv.conf should also look like this:

Step 7: Testing the setup
Primarily you have two tools for testing:
1: dig
2: nslookup

Usage is as follows:

But we can also test if our slave / secondary DNS server works.
Simply put the ip address of the DNS slave behind the hostname of the desired machine.

Leave a Reply

Your email address will not be published. Required fields are marked *