• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 862
  • Last Modified:

DNS zone data transfer from slave to master

I have configured a test dns server with master and slave for abc.com . For every update in zone file update is working fine from master to slave , But i want slave to have rights to update the zone file so that zone file automatically gets updated.

(Attn : People with "rsync option" kindly abstain from posting soln )

Master (named.conf) :

acl loc { 127.0.0.1; 10.0.0.0/8; };
options {
        listen-on port 53 { 127.0.0.1; 10.1.0.171 ; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";

        // Those options should be used carefully because they disable port
        // randomization
        // query-source    port 53;
        // query-source-v6 port 53;

        allow-query     { loc;  };
        allow-query-cache { loc; };
};


server 10.1.0.172 {
keys { ddns-update ; };
};

include "/etc/ddns-update.dnskey";


logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
view localhost_resolver {
        match-clients      { loc; };
        match-destinations { loc; };
        recursion yes;
//        include "/etc/named.root.hints";
//        include "/etc/named.rfc1912.zones";

zone "abc.com" IN {
        type master;
        file "abc.com.zone";
        notify yes;
        allow-transfer { loc;};
        allow-update {  key "ddns-update" ; };
};

zone "0.1.10.in-addr-arpa" {
      type master;
      file "0.1.10.zone";
      allow-transfer { loc; };
      allow-update { key "ddns-update" ; };
};





};

Slave (named.conf) :

acl loc { 127.0.0.1; 10.0.0.0/8; };
options {
        listen-on port 53 { 127.0.0.1; 10.1.0.172 ; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { loc; };
        allow-notify { loc; };
};

include "/etc/ddns-update.dnskey";

server 10.1.0.171 {
    keys {  ddns-update;
    };
};


logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
view localhost_resolver {
        match-clients      { loc; };
        match-destinations { loc; };
        recursion yes;
//        include "/etc/named.root.hints";
        include "/etc/named.rfc1912.zones";

zone "abc.com" IN {
        type slave;
        file "abc.com.zone";
        notify yes;
        masters { 10.1.0.171; };
        allow-transfer { loc; };
        allow-update { key "ddns-update"; };
};


zone "0.1.10.in-addr-arpa" {
type slave ;
masters { 10.1.0.171; };
file "10.1.0.zone";
};


};





0
oppofwar
Asked:
oppofwar
  • 4
  • 4
1 Solution
 
Duncan RoeSoftware DeveloperCommented:
You cannot do this. A slave is just that - a slave. It can download zones but only the master can update them.
0
 
Duncan RoeSoftware DeveloperCommented:
A DHCP server on the Slave system must send DDNS updates to the master, not the local slave DNS
0
 
oppofwarAuthor Commented:
Is there any other way to achieve it . Also there are  2 masters how to sync records between them.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Duncan RoeSoftware DeveloperCommented:
You are breaking the structure by having 2 masters for the same zone (if that is what you're doing). DNS is supposed to be strictly hierarchical
0
 
oppofwarAuthor Commented:
duncan we need 2 master for redundancy , this structure is used in many infrastructure.
0
 
Duncan RoeSoftware DeveloperCommented:
Yes there are lots of duplicates of the root server - I've noticed that before. I would try Google or Wikipedia to find out how they do it. (I had a quick look at Wikipedia and there is a Root nameserver topic, but I didn't see the coordination mechanism in the few seconds I spent looking. As you say, there must be one)
0
 
oppofwarAuthor Commented:
Duncan finally I got the solution . Please find it below

Server 1: Master for abc.com

Create separate view and make it slave of Server 2 with same zone file

Server 2: Slave for abc.com

Create Separate view and make it master of Server 1 with the same zone file.

< -- below goes my named.conf configuration -->

Server 1 :


acl loc { 127.0.0.1; 10.0.0.0/8; };
options {
      listen-on port 53 { 127.0.0.1; 10.1.0.171 ; };
      directory       "/var/named";
      dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";

      // Those options should be used carefully because they disable port
      // randomization
      // query-source    port 53;      
      // query-source-v6 port 53;

      allow-query     { loc;  };
      allow-query-cache { loc; };
};


server 10.1.0.172 {
keys { ddns-update ; };
};

include "/etc/ddns-update.dnskey";


logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
view localhost_resolver {
      match-clients          { loc; };
      match-destinations { loc; };
      recursion yes;
//        include "/etc/named.root.hints";
//        include "/etc/named.rfc1912.zones";
 
zone "abc.com" IN {
      type master;
      file "abc.com.zone";
        notify yes;
        allow-transfer { loc;};
      allow-update {  key "ddns-update" ; };
};



zone "0.1.10.in-addr-arpa" {
      type master;
      file "0.1.10.zone";
      allow-transfer { loc; };
      allow-update { key "ddns-update" ; };
};





};




view abcd {
      match-clients          { loc; };
      match-destinations { loc; };
      recursion yes;
//        include "/etc/named.root.hints";
//        include "/etc/named.rfc1912.zones";
 


zone "abc.com" IN {
      type slave;
      file "abc.com.zone";
        notify yes;
        masters { 10.1.0.172; };
        allow-transfer { loc; };
        allow-update { key "ddns-update"; };



};
};



Server 2:

acl loc { 127.0.0.1; 10.0.0.0/8; };
options {
      listen-on port 53 { 127.0.0.1; 10.1.0.172 ; };
      directory       "/var/named";
      dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";

      allow-query     { loc; };
      allow-notify { loc; };
};

include "/etc/ddns-update.dnskey";

server 10.1.0.171 {
    keys {  ddns-update;
    };
};


logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
view localhost_resolver {
      match-clients          { loc; };
      match-destinations { loc; };
      recursion yes;
//        include "/etc/named.root.hints";
        include "/etc/named.rfc1912.zones";
 
zone "abc.com" IN {
      type slave;
      file "abc.com.zone";
        notify yes;
        masters { 10.1.0.171; };
        allow-transfer { loc; };
        allow-update { key "ddns-update"; };
};





zone "0.1.10.in-addr-arpa" {
type slave ;
masters { 10.1.0.171; };
file "10.1.0.zone";
};
};



view abc {
      match-clients          { loc; };
      match-destinations { loc; };
      recursion yes;
//        include "/etc/named.root.hints";
 //       include "/etc/named.rfc1912.zones";
 
zone "abc.com" IN {
      type master;
      file "abc.com.zone";
        notify yes;
        allow-transfer { loc; };
        allow-update { key "ddns-update"; };

};
};





0
 
oppofwarAuthor Commented:
Please follow comments
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now