Solved

setup  DNS server and zone transfer issue

Posted on 2002-03-28
8
247 Views
Last Modified: 2010-08-05
Dear all,

Recently, I am building DNS server under Linux 7.2 with Bind 8.x

We already have DNS server running as a Primary
I would like to build a Secondary DNS , and then obtain all the domains, zone etc from Primary DNS,then act the secondary DNS as primary.

Please advise with details steps
Edmund
0
Comment
Question by:edmundli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 6903395
Okay the steps are:

1) Edit each of the zone files on the primary to list your secondary as a nameserver for your domain(s).

2) Obtain a copy of the primary's named.conf and change each of the zone definitions from sonewthing like:

zone "." {
        type hint;
        file "named.root";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        notify no;
        file "localhost.rev";
};

zone "domain.tld"  {
        type master;
        allow transfer { 1.1.1.2; }
        file "domain.tld.zone";
};

to something like:

zone "." {
        type hint;
        file "named.root";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        notify no;
        file "localhost.rev";
};

zone "domain.tld" {
        type slave;
        masters { 1.1.1.1; };
        allow transfer {
1.1.1.1; };
        file "domain.tld.zone";
}

Note that the hint (root nameservers) and localhost zones are the same on the master and secondary. The other zones on the secondary are defined as 'slave'. You'll need to copy and edit as appropriate the localhost zone file from the master and copy the hint zone file also.

3) Adjust the configuration of the master to allow the secondary to transfer the zones by adding the 'allow transfer to each zone, as above, except the hint and localhost zones.

4) Restart Bind on the master and check /var/log/messages for any named startup problems.

5) Start Bind on the secondary and check for any named startup problems. When you see all of the zones have been transfered configure some client to use the secondary as its nameserver and make sure that you can resolve names and IP's.

6) Edit named.conf and the  zone files on the secondary as appropriate to make the secondary a master.That will mean changing "type" from slave to master, removing the "masters" aqnd "allow transfer" definition from named.conf. Each of the zone files will need adjustment of the SOA and the nameserver definitions. You may also need to change the data in the central registry that defines the nameservers for your domain.

7) Restart named on the secondary and it should then be your new master.

Of course, if your existing master is a Unix or Linux box it would be easier to just copy named.conf and the zone files to the new server, edit as required, and start the new box up as a master.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6906263
Cheers, Jim!  Long time no see...

I concur whoheatedly with your last sentence.

-Jon
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6906293
Cheers back to you, Jon.

Yeah the last option is the best, but if the primary DNS server is currently an NT or 2000 system copying files isn't an option.
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 

Author Comment

by:edmundli
ID: 6907129
The product name of our DNS is "Borderware" which is not either NT or unix base, but I believe this is running under linux (with no prompt login).

Please advise.

0
 
LVL 3

Expert Comment

by:DVB
ID: 6907194
Just create the secondary files as jlevie advised.
I would recommend the 4th edition of the DNS and Bind book from O'Reilly.
0
 

Author Comment

by:edmundli
ID: 6909933
I try to install the latest 9.2.1rc2. It seems that there is no problem on both redhat 7.2 and solars 8, however I try to find any named.conf etc, but with no luck.

my steps
1) configure
2) make

even try
configure --prefix=/usr/local/dns
make
make install

please advise
0
 
LVL 40

Accepted Solution

by:
jlevie earned 100 total points
ID: 6910439
I'm not sure I understand what you mean by not being able to find any named.conf.

If you use an unadorned 'configure', Bind will be built using /usr/local as the prefix. This means that user executables will be in /usr/local/bin and system executables will be in /usr/local/sbin. Bind's configuration files (named.conf & rndc.key) will be in /usr/local/etc once they've been created (you have to create them post-install).


If you are replacing the RedHat distribution of bind, it's important to remove the installed packages before installing a locally built copy. Or you can install the locally built copy such that it doesn't conflict with the RedHat version. If you don't take precautions to de-conflict the two there'll be problems later when you apply updates/errata to the system. My recommendation is to remove the RedHat packages before installing bind so that there is no question as to what version of bind is in use.

A very terse set of notes as to how I build Bind on a RedHat box follows:

1. Using the bind 9.2 distribution build with:
   > cd bind-9.2.0
   > ./configure --prefix=/usr --localstatedir=/var
   > make
   # make install

   Generate an rndc config file with:
   # rndc-confgen -a

2. Create a 'named' user:
   # useradd -u 25 -s /bin/false -d /var/named named
   # chmod 755 /var/named
   # rm /var/named/.??*

3. Get a current hints file:
   # cd /var/named
   # ncftpget ftp://ftp.rs.internic.net/domain/named.root

4. Create /etc/named.conf and zone files in /var/named to suit local
   requirments.

5. Use what follows as an init script for named. Place it in /etc/init.d, make
   it executable (chmod 755 /etc/init.d/named), and enable it with 'chkconfig
   named on'.

#!/bin/bash
#
# named - Manage the operation of Bind (named)
#
# chkconfig: - 55 45
# description: named (BIND) is a Domain Name Server (DNS)
# processname: named
# pidfile: /var/named/named.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

[ -f /usr/sbin/named ] || exit 0

[ -f /etc/named.conf ] || exit 0

RETVAL=0

start() {
  # Start daemons.
  echo -n "Starting named: "
  daemon named -u named
  RETVAL=$?
  [ $RETVAL -eq 0 ] && touch /var/lock/subsys/named
  echo
  return $RETVAL
}
stop() {
  # Stop daemons.
  echo -n "Shutting down named: "
  killproc named
  RETVAL=$?
  [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/named
  echo
  return $RETVAL
}
status() {
  /usr/sbin/rndc status
  return $?
}      
restart() {
  stop
  start
}      
reload() {
  /usr/sbin/rndc reload
  return $?
}

# See how we were called.
case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  status)
    status
    ;;
  restart)
    restart
    ;;
  reload)
    reload
    ;;
  *)
    echo "Usage: named {start|stop|status|restart|reload}"
    exit 1
esac

exit $?


0
 

Author Comment

by:edmundli
ID: 6957498

Thanks for the answer

Edmund
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question