The Secondary
(Slave) DNS Server
Introduction
Setting up
a Secondary (or Slave) DNS sever is much easier than
you might think. All the hard work is done when you
setup the Master DNS server by creating your
database zone files and configuring named.conf.
If you are
wondering how is it that the Slave DNS server is
easy to setup, well you need to remember that all
the Slave DNS server does is update its database
from the Master DNS server (zone transfer)
so almost all the files we configure on the Master
DNS server are copied to the Slave DNS server, which
acts as a backup in case the Master DNS server
fails.
Setting up the Slave DNS Server
Let's have
a closer look at the requirements for getting our
Slave DNS server up and running.
Keeping in
mind that the Slave DNS server is on another
machine, we are assuming that you have downloaded
and successfully installed the same BIND version on
it. We need to copy 3 files from the Master DNS
server, make some minor modifications to one file
and launch our Slave DNS server.... the rest will
happen automatically :)
So which files do we copy ?
The files
required are the following:
-
named.conf (our
configuration file)
-
named.ca or
db.cache (the root
hints file, contains all root servers)
-
named.local (local
loopback for the specific DNS server so it can
direct traffic to itself)
The
rest of the files, which are our
db.DOMAIN (db.space.net
for our example) and
db.in-addr.arpa (db.192.168.0
for our example), will be transferred automatically
(zone transfer) as soon as the newly brought up
Slave DNS server contacts the Master DNS server to
check for any zone files.
How do I copy the files ?
There
are plenty of ways to copy the files between
servers. The method you will use depends on where
the servers are located. If, for example, they are
right next to you, you can simply use a floppy disk
to copy them or use ftp to transfer them.
If
you're going to try to transfer them over a network,
and especially over a public one (Internet), then
you might consider something more secure than ftp. I
would recommend you use SCP,
which stands for Secure CoPy
and uses SSH (Secure
SHell).
SCP can
be used independently of SSH as long as there is an
SSH server on the other side. SCP will allow you to
transfer files over an encrypted connection and
therefore is preferred for sensitive files, plus you
get to learn a new command :)
The
command used is as follows:
scp localfile-to-copy username@remotehost:desitnation-folder.
Here is the command line I used from my Gateway
server (Master DNS): scp
/etc/named.conf root@voyager:/etc/
Keep in
mind that the files we copy are placed in the same
directory as on the Master DNS server. Once we have
copied all three files we need to modify the
named.conf file. To
make things simple, I am going to show you the
original file copied from the Master DNS and the
modified version which now sits on the Slave DNS
server.
The
Master named.conf file
is a clear cut/paste from the "Other Common Files"
page, whereas the Slave
named.conf has been modifed to suit our Slave DNS
server. To help you see the changes, I have marked
them in red:
|
Master
named.conf file
options {
directory "/var/named";
};
// Root Servers
zone "." IN {
type hint;
file "named.ca";
};
//
Entry for Space.net - name to
ip mapping
zone "space.net" IN {
type master;
file "db.space.net";
};
// Entry
for Space.net - ip to name mapping
zone "0.168.192.in-addr.arpa" IN {
type master;
file "db.192.168.0";
};
// Entry for
Local Loopback
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
}; |
Slave
named.conf file
options {
directory "/var/named";
};
// Root Servers
zone "." IN {
type hint;
file "named.ca";
};
//
Entry for Space.net - name to ip mapping
zone "space.net" IN {
type slave;
file "bak.space.net";
masters { 192.168.0.10
; } ;
};
//
Entry for Space.net - ip to name mapping
zone "0.168.192.in-addr.arpa" IN {
type salve;
file "bak.192.168.0";
masters { 192.168.0.10
; } ;
};
// Entry for Local
Loopback
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
}; |
|
