Solved

Solution for DNS scenario

Posted on 2011-03-08
4
363 Views
Last Modified: 2012-05-11
I want to configure multiple  DNS servers for domain abc.com with master slave relationshaip.
Here is the required  scenario
Server 1 (Master) -> Server 2 (Slave of Server 1 and master of Server 3 ) -> Server 3 (Slave of Server 2)

This has to be configured in linux using bind (flat file dns server) , Also any change in zone file should propogate to slave zone.So kindly help in providing named.conf for each zone with dynamic update feature.
0
Comment
Question by:oppofwar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 40

Accepted Solution

by:
noci earned 500 total points
ID: 35081823
In that case why should Server 3 be a slave of Server 2?  A zone is either a master or a slave, so you need server 1 to be a master and server 2 & server 3 be a slave of server 1.

In your setup there is no improvement on the situation I just scetched. You also have to decide if server 1 is to answer public queries or not.
For dynamic updates you need to update the master (allways) and do that from DHCPD or so if the master is told who are the slaves.
For queries you have to add   "NS"  rr's for the servers that provide ansers (in your case AT least server2 & 3, but also server 1 if it should resolve names).

For below I assumed that the master is 192.168.1.200 and that 192.168.1.201 & 192.168.1.202 are the slaves.
Updating of slaves is done by polling (interval & version number of a zone is specified in the SOA record) by the slaves
or by notifications by the master. The notification scheme can be turned of by including "notification no;" in a zone specification.


zone "1.168.192.in-addr.arpa" IN {
       type slave;
       file "sec/db.example.com.rev";
       masters { 192.168.1.200; };
       allow-query { 0.0.0.0/0; };
       allow-transfer {
               192.168.1.200;
       };
};

zone "example.com" IN {
       type slave;
       file "sec/db.example.com";
       masters { 192.168.1.200; };
       allow-query { 0.0.0.0/0; };
       allow-transfer {
               192.168.1.200;
       };
};


zone "1.168.192.in-addr.arpa" IN {
       type slave;
       file "sec/db.example.com.rev";
       masters { 192.168.1.200; };
       allow-query { 0.0.0.0/0; };
       allow-transfer {
               192.168.1.200;
       };
};


zone "example.com" {
        type master;
        file "pri/db.example.com";
        allow-transfer { ::1/128; 127/8; 192.168.1.201; 192.168.1.202;};
        allow-query { ::1/128; 127/8; 192.168.1/24; };
        forwarders { };
        allow-update { key DHCP_UPDATER; };
};


zone "1.168.192.IN-ADDR.ARPA" {
        type master;
        file "pri/db.example.com.rev";
        allow-transfer { ::1/128; 127/8; };
        allow-query { ::1/128; 127/8; 192.168.1/24; };
        forwarders  { };
        allow-update { key DHCP_UPDATER; };
};



key DHCP_UPDATER {
        algorithm HMAC-MD5.SIG-ALG.REG.INT;  # or some other mechanism...
        secret "A hash of a Secret Key, see bind-tools"
};

0
 
LVL 3

Author Comment

by:oppofwar
ID: 35107049
Noci in larger enterprise configuration we need this kind of solution , where the DNS load is evenly distributed.laso please help how changes in zone file will be replicated automatically to slaves instantly without rsync.
0
 
LVL 40

Assisted Solution

by:noci
noci earned 500 total points
ID: 35107653
You need to setup SOA rr's with the right timeout.

On a slave: the "master { ... };" declares where a slave should get it's zone from
On a Master: the "allow transfer { ... }; " declares where the notifies should go to.

In the preveious example: 192.168.1.200 is master & ...201 & ...202 are slaves.
0
 
LVL 3

Author Closing Comment

by:oppofwar
ID: 35115693
Thanks Mate its working now.
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
WebSite Direction 1 62
Domain Controller - Upgrade DNS Delegation 2 33
domian network access 5 31
(Same as parent Folder) Host (A) IP: x.x.x.x 7 39
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question