nobaloney
NoBaloney Internet Svcs - In Memoriam †
Slave DNS for DA Servers Mini How-To
Jeff Lasman, [email protected] 07/07/04 07:51
======================================
Books are wonderful teacher
.
I highly recommend either the latest edition of "DNS and BIND", published by O'Reilly or "Linux DNS Server Administration" published by Sybex.
First let's take a look at what a zone entry for a slaved zone looks like in an /etc/named.conf file:
This is an actual copy of a working zone slave DNS zone on my ns2.ns-one.net server; in this case the server with the master zone file for this domain, 204.155.150.42, is ns1.ns-one.net.
I put slave zone entries in a separate file, named-slave-zones.conf, which I put in this directory path:
/etc/named
I made a directory called /etc/named, and in it I put the named-slave-zones.conf file and directories for the various entities I do slave DNS for.
I do it in the /etc/named/ directory path so as to not intefere with the domains automatically managed by DA in the /var/named directory.
Let's go over all the different parts of the entry here:
"kelli.com" is the name of the zone I'm running slave DNS for, and "/etc/named/rwl/db.kelli.com" is the name of the file that BIND will create automatically. I had to create the /etc/named/rwl directory, but BIND creates the slave zone file itself.
(In this case rwl is my friend Rob, and Kelli, his wife, is an accomplished country singer and daughter of country music legend Johnny Lidell.)
204.155.150.42 is the IP# of the nameserver that does the master DNS for kelli.com.
Here are some important "Don't Forgets":
1) Don't forget to put an "include" line into /etc/named.conf so BIND will know to include the slaved zones; I use this line:
include "/etc/named/named-slave-zones.conf";
because I call the file named-slave-zones.conf and I put it in the new /etc/named directory I've created.
I put the include line into my /etc/named.conf file directly above the first line beginning with
the word "zone".
2) Don't forget to make all the new directories and files readable by user named and group named and no one else.
3) Don't forget to restart named after you make any changes to any of these files:
# /etc/rc.d/init.d/named restart
4) Don't forget you must create the directory structure; BIND will only create the zone files.
5) Don't forget you should never create or change any zone files in the directory structure yourself; any changes must be made in the master server for the domains.
Once you've restarted named you should see the /etc/named/* directories (where "*" means the directories you've created) fill with the zone files for the domains you're slaving. If you don't, then check your /var/log/messages file
for error messages; you may have to fix a directory permissions problem or open
a hole in your firewall for port 53 (on both servers in both directions).
Be sure to check to make sure your slave zones are working; since my slave server is ns2.ns-one.net, I do it this way:
$ nslookup kelli.com ns2.ns-one.net
or
$ dig @ns2.ns-one.net kelli.com
If it's working I'll get an authoritative answer; if it's not working I'll either get either a non-authoritative answer or no answer at all.
Jeff Lasman, [email protected] 07/07/04 07:51
======================================
Books are wonderful teacher
.I highly recommend either the latest edition of "DNS and BIND", published by O'Reilly or "Linux DNS Server Administration" published by Sybex.
First let's take a look at what a zone entry for a slaved zone looks like in an /etc/named.conf file:
Code:
zone "kelli.com" in { type slave; file "/etc/named/rwl/db.kelli.com"; masters { 204.155.150.42; }; };I put slave zone entries in a separate file, named-slave-zones.conf, which I put in this directory path:
/etc/named
I made a directory called /etc/named, and in it I put the named-slave-zones.conf file and directories for the various entities I do slave DNS for.
I do it in the /etc/named/ directory path so as to not intefere with the domains automatically managed by DA in the /var/named directory.
Let's go over all the different parts of the entry here:
"kelli.com" is the name of the zone I'm running slave DNS for, and "/etc/named/rwl/db.kelli.com" is the name of the file that BIND will create automatically. I had to create the /etc/named/rwl directory, but BIND creates the slave zone file itself.
(In this case rwl is my friend Rob, and Kelli, his wife, is an accomplished country singer and daughter of country music legend Johnny Lidell.)
204.155.150.42 is the IP# of the nameserver that does the master DNS for kelli.com.
Here are some important "Don't Forgets":
1) Don't forget to put an "include" line into /etc/named.conf so BIND will know to include the slaved zones; I use this line:
include "/etc/named/named-slave-zones.conf";
because I call the file named-slave-zones.conf and I put it in the new /etc/named directory I've created.
I put the include line into my /etc/named.conf file directly above the first line beginning with
the word "zone".
2) Don't forget to make all the new directories and files readable by user named and group named and no one else.
3) Don't forget to restart named after you make any changes to any of these files:
# /etc/rc.d/init.d/named restart
4) Don't forget you must create the directory structure; BIND will only create the zone files.
5) Don't forget you should never create or change any zone files in the directory structure yourself; any changes must be made in the master server for the domains.
Once you've restarted named you should see the /etc/named/* directories (where "*" means the directories you've created) fill with the zone files for the domains you're slaving. If you don't, then check your /var/log/messages file
for error messages; you may have to fix a directory permissions problem or open
a hole in your firewall for port 53 (on both servers in both directions).
Be sure to check to make sure your slave zones are working; since my slave server is ns2.ns-one.net, I do it this way:
$ nslookup kelli.com ns2.ns-one.net
or
$ dig @ns2.ns-one.net kelli.com
If it's working I'll get an authoritative answer; if it's not working I'll either get either a non-authoritative answer or no answer at all.
Last edited: