Solved

Solution for DNS scenario

Posted on 2011-03-08
4
361 Views
Last Modified: 2012-05-11
I want to configure multiple  DNS servers for domain abc.com with master slave relationshaip.
Here is the required  scenario
Server 1 (Master) -> Server 2 (Slave of Server 1 and master of Server 3 ) -> Server 3 (Slave of Server 2)

This has to be configured in linux using bind (flat file dns server) , Also any change in zone file should propogate to slave zone.So kindly help in providing named.conf for each zone with dynamic update feature.
0
Comment
Question by:oppofwar
  • 2
  • 2
4 Comments
 
LVL 40

Accepted Solution

by:
noci earned 500 total points
ID: 35081823
In that case why should Server 3 be a slave of Server 2?  A zone is either a master or a slave, so you need server 1 to be a master and server 2 & server 3 be a slave of server 1.

In your setup there is no improvement on the situation I just scetched. You also have to decide if server 1 is to answer public queries or not.
For dynamic updates you need to update the master (allways) and do that from DHCPD or so if the master is told who are the slaves.
For queries you have to add   "NS"  rr's for the servers that provide ansers (in your case AT least server2 & 3, but also server 1 if it should resolve names).

For below I assumed that the master is 192.168.1.200 and that 192.168.1.201 & 192.168.1.202 are the slaves.
Updating of slaves is done by polling (interval & version number of a zone is specified in the SOA record) by the slaves
or by notifications by the master. The notification scheme can be turned of by including "notification no;" in a zone specification.


zone "1.168.192.in-addr.arpa" IN {
       type slave;
       file "sec/db.example.com.rev";
       masters { 192.168.1.200; };
       allow-query { 0.0.0.0/0; };
       allow-transfer {
               192.168.1.200;
       };
};

zone "example.com" IN {
       type slave;
       file "sec/db.example.com";
       masters { 192.168.1.200; };
       allow-query { 0.0.0.0/0; };
       allow-transfer {
               192.168.1.200;
       };
};


zone "1.168.192.in-addr.arpa" IN {
       type slave;
       file "sec/db.example.com.rev";
       masters { 192.168.1.200; };
       allow-query { 0.0.0.0/0; };
       allow-transfer {
               192.168.1.200;
       };
};


zone "example.com" {
        type master;
        file "pri/db.example.com";
        allow-transfer { ::1/128; 127/8; 192.168.1.201; 192.168.1.202;};
        allow-query { ::1/128; 127/8; 192.168.1/24; };
        forwarders { };
        allow-update { key DHCP_UPDATER; };
};


zone "1.168.192.IN-ADDR.ARPA" {
        type master;
        file "pri/db.example.com.rev";
        allow-transfer { ::1/128; 127/8; };
        allow-query { ::1/128; 127/8; 192.168.1/24; };
        forwarders  { };
        allow-update { key DHCP_UPDATER; };
};



key DHCP_UPDATER {
        algorithm HMAC-MD5.SIG-ALG.REG.INT;  # or some other mechanism...
        secret "A hash of a Secret Key, see bind-tools"
};

0
 
LVL 3

Author Comment

by:oppofwar
ID: 35107049
Noci in larger enterprise configuration we need this kind of solution , where the DNS load is evenly distributed.laso please help how changes in zone file will be replicated automatically to slaves instantly without rsync.
0
 
LVL 40

Assisted Solution

by:noci
noci earned 500 total points
ID: 35107653
You need to setup SOA rr's with the right timeout.

On a slave: the "master { ... };" declares where a slave should get it's zone from
On a Master: the "allow transfer { ... }; " declares where the notifies should go to.

In the preveious example: 192.168.1.200 is master & ...201 & ...202 are slaves.
0
 
LVL 3

Author Closing Comment

by:oppofwar
ID: 35115693
Thanks Mate its working now.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Macbook Sierra OS OpenVPN issue 13 79
Creating a reverse DNS record 3 61
Setting up two Raspberry Pi gateways/routers 3 60
DNS issues after a power outage 3 22
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now