→ Setting up master and slave nameservers using BIND
→ Preamble
This tutorial assumes that the master server has an IP of 100.100.100.100, the slave has an IP of 123.123.123.123 and your domain is named domain.tld. This tutorial was written with a RHEL/CentOS/Fedora system in mind. The intent of this document is to explain how to install and configure a master and slave DNS server. It will require two separate servers, preferably in different geographic locations to add redundancy.
→ Setting up the master server
Install BIND
yum -y install bind
Configure /etc/named.conf
acl "slave_servers" {
123.123.123.123; };
acl "trusted" {
127.0.0.0/8;
::1/128;
123.123.123.123; };
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
listen-on { any; };
allow-query { any; };
allow-query-cache { any; };
allow-transfer { 123.123.123.123; };
also-notify { 123.123.123.123; };
allow-recursion { trusted; };
zone-statistics yes;
statistics-file "/var/cache/bind/named.stats";
auth-nxdomain no; # conform to RFC1035
};
};
Setup logging in /etc/named.conf
logging {
channel default_log {
file "/var/log/named/named.log" versions 5 size 50M;
print-time yes;
print-severity yes;
print-category yes;
};
category default { default_log; };
category general { default_log; };
channel b_query {
file "/var/log/named/query.log" versions 2 size 1m;
print-time yes;
severity info;
};
category queries { b_query; };
};
Configure the rndc.key in /etc/bind.conf
include "/etc/rndc.key";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
};
Add a zone file to /etc/named.conf
zone domain.tld {
type master;
file "domain.tld.db";
};
Create a zone file called /var/named/domain.tld
$TTL 300
domain.tld. 300 IN SOA ns1.domain.tld. dns.domain.tld. (
2015113000 ; serial number
300 ; refresh
7200 ; retry
3600000 ; expire
300 ; minimum TTL
)
;
; Zone NS Records
;
domain.tld. NS ns1.domain.tld.
domain.tld. NS ns2.domain.tld.
;
; Zone MX Records
;
domain.tld. MX 0 domain.tld.
;
; Zone Records
;
domain.tld. A IPADDR
localhost A 127.0.0.1
ftp CNAME domain.tld.
mail CNAME domain.tld.
www CNAME domain.tld.
domain.tld. TXT "v=spf1 a mx ~all"
Restart and enable BIND
systemctl restart bind
systemctl enable bind
→ Setting up the slave server
Install BIND
yum -y install bind
Configure /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
recursion no;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
include "/etc/crypto-policies/back-ends/bind.config";
};
Setup logging in /etc/named.conf
```conf
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
Add a zone file to /etc/named.conf
zone "domain.tld" {
type slave;
file "domain.tld.db";
masters { 100.100.100.100; };
};
Restart and enable BIND
systemctl restart named
systemctl enable named
