• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 369
  • Last Modified:

Solution for DNS scenario

I want to configure multiple  DNS servers for domain abc.com with master slave relationshaip.
Here is the required  scenario
Server 1 (Master) -> Server 2 (Slave of Server 1 and master of Server 3 ) -> Server 3 (Slave of Server 2)

This has to be configured in linux using bind (flat file dns server) , Also any change in zone file should propogate to slave zone.So kindly help in providing named.conf for each zone with dynamic update feature.
0
oppofwar
Asked:
oppofwar
  • 2
  • 2
2 Solutions
 
nociSoftware EngineerCommented:
In that case why should Server 3 be a slave of Server 2?  A zone is either a master or a slave, so you need server 1 to be a master and server 2 & server 3 be a slave of server 1.

In your setup there is no improvement on the situation I just scetched. You also have to decide if server 1 is to answer public queries or not.
For dynamic updates you need to update the master (allways) and do that from DHCPD or so if the master is told who are the slaves.
For queries you have to add   "NS"  rr's for the servers that provide ansers (in your case AT least server2 & 3, but also server 1 if it should resolve names).

For below I assumed that the master is 192.168.1.200 and that 192.168.1.201 & 192.168.1.202 are the slaves.
Updating of slaves is done by polling (interval & version number of a zone is specified in the SOA record) by the slaves
or by notifications by the master. The notification scheme can be turned of by including "notification no;" in a zone specification.


zone "1.168.192.in-addr.arpa" IN {
       type slave;
       file "sec/db.example.com.rev";
       masters { 192.168.1.200; };
       allow-query { 0.0.0.0/0; };
       allow-transfer {
               192.168.1.200;
       };
};

zone "example.com" IN {
       type slave;
       file "sec/db.example.com";
       masters { 192.168.1.200; };
       allow-query { 0.0.0.0/0; };
       allow-transfer {
               192.168.1.200;
       };
};


zone "1.168.192.in-addr.arpa" IN {
       type slave;
       file "sec/db.example.com.rev";
       masters { 192.168.1.200; };
       allow-query { 0.0.0.0/0; };
       allow-transfer {
               192.168.1.200;
       };
};


zone "example.com" {
        type master;
        file "pri/db.example.com";
        allow-transfer { ::1/128; 127/8; 192.168.1.201; 192.168.1.202;};
        allow-query { ::1/128; 127/8; 192.168.1/24; };
        forwarders { };
        allow-update { key DHCP_UPDATER; };
};


zone "1.168.192.IN-ADDR.ARPA" {
        type master;
        file "pri/db.example.com.rev";
        allow-transfer { ::1/128; 127/8; };
        allow-query { ::1/128; 127/8; 192.168.1/24; };
        forwarders  { };
        allow-update { key DHCP_UPDATER; };
};



key DHCP_UPDATER {
        algorithm HMAC-MD5.SIG-ALG.REG.INT;  # or some other mechanism...
        secret "A hash of a Secret Key, see bind-tools"
};

0
 
oppofwarAuthor Commented:
Noci in larger enterprise configuration we need this kind of solution , where the DNS load is evenly distributed.laso please help how changes in zone file will be replicated automatically to slaves instantly without rsync.
0
 
nociSoftware EngineerCommented:
You need to setup SOA rr's with the right timeout.

On a slave: the "master { ... };" declares where a slave should get it's zone from
On a Master: the "allow transfer { ... }; " declares where the notifies should go to.

In the preveious example: 192.168.1.200 is master & ...201 & ...202 are slaves.
0
 
oppofwarAuthor Commented:
Thanks Mate its working now.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now