Now that the master dns server got created it is usually a good idea to add a second server. To do this we need to modify the named.conf.local on the master server. If you haven’t done the master server yet, then there is a guide here.
Changes on the Master DNS server
Run the following command to open the named.conf.local file on the master server: “sudo vi /etc/bind/named.conf.local” You should output like this:
// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "test.local" IN { //Domain name type master; //Primary DNS file "/etc/bind/forward.test.local.db"; allow-update { none;}; }; zone "226.168.192.in-addr.arpa" IN { type master; file "/etc/bind/reverse.test.local.db"; allow-update {none;}; };
Now modify the file to contain these things (marked in bold)
// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "test.local" IN { //Domain name type master; //Primary DNS file "/etc/bind/forward.test.local.db"; allow-update { none;}; allow-transfer {192.168.226.12; }; // IP of the new DNS server also-notify {192.168.226.12; }; // Inform new DNS server for zone updates }; zone "226.168.192.in-addr.arpa" IN { type master; file "/etc/bind/reverse.test.local.db"; allow-update {none;}; allow-transfer {192.168.226.12; }; also-notify {192.168.226.12; }; };
After this run “sudo sytemctl restart bind9″ to update the configuration.
Preparing the server
So now we move to the secondary DNS server.
First update the server: “sudo apt-get update && sudo apt upgrade -y && sudo apt autoremove -y”
Install vim and change the default editor by running these two commands:
“sudo apt install vim -y” and “update-alternatives –config editor”
Then install the bind packages: “sudo apt-get install -y bind9 bind9utils bind9-doc dnsutils”
Set a fixed IP address on the server, in this case 192.168.226.12/24 and with a gateway of 192.168.226.2 (using VMware Workstation/Fusion the gateway is often .2 on the NAT connection).
You can read about how to set the IP address here.
With that complete we should be ready to do the DNS part of the configuration on the second server.
Configuring the slave DNS server
First we must creat the named.conf.local file. To do this run “sudo vim /etc/bind/named.conf.local” and modify the file as shown below:”
// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "test.local" IN { type slave; file "/var/cache/bind/forward.test.local.db"; masters { 192.168.226.11; }; }; zone "226.168.192.in-addr.arpa" IN { type slave; file "/var/cache/bind/reverse.test.local.db"; masters { 192.168.226.11; }; };
Next restart the bind9 service by running “sudo systemctl restart bind9“.
Now edit the resolv.conf file by entering “sudo vim /etc/resolv.conf”
Add the nameserver as 192.168.226.12
domain test.local search test.local nameserver 192.168.226.12
and now you can test the dns settings by using the dig command like with the master server. As before the highlighted section is the important part that confirms it is working.
dig esx01.test.local ; <<>> DiG 9.16.37-Debian <<>> esx01.test.local ;; global options: +cmd ;; Got answer: ;; WARNING: .local is reserved for Multicast DNS ;; You are currently testing what happens when an mDNS query is leaked to DNS ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 574 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 509b630db5c4f8e00100000063f20dd035b820823ae8f37f (good) ;; QUESTION SECTION: ;esx01.test.local. IN A ;; ANSWER SECTION: esx01.test.local. 604800 IN A 192.168.226.21 ;; Query time: 3 msec ;; SERVER: 192.168.226.12#53(192.168.226.12) ;; WHEN: Sun Feb 19 12:53:52 CET 2023 ;; MSG SIZE rcvd: 89
And reverse lookup:
dig -x 192.168.226.21 ; <<>> DiG 9.16.37-Debian <<>> -x 192.168.226.21 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20635 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 12940b28863337d40100000063f20e61ef7dd80c469d5bfd (good) ;; QUESTION SECTION: ;21.226.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 21.226.168.192.in-addr.arpa. 604800 IN PTR esx01.test.local.226.168.192.in-addr.arpa. ;; Query time: 3 msec ;; SERVER: 192.168.226.12#53(192.168.226.12) ;; WHEN: Sun Feb 19 12:56:17 CET 2023 ;; MSG SIZE rcvd: 139
That shows you how to have a slave dns server connecting to the master dns server.
The second server was a good deal easier since you only had to configure how the data was getting replicated, this server receive update from the master server and you have noticed that the location of the db files are different from the master server. The master server keeps the updates in the /etc/bind folder where as the slave server relies on data from the master server and keeps this data in the var/cache/bind/ folder.
Hope it was helpful.