Create Slave Server
The primary purpose of the slave server is to provide a backup to the primary master server should it go down for any reason. The major difference between the master server and the slave is where they get their data. The primary master server gets it’s information from zone files that are created on it. The slave server gets data from the master server which provide it with the necessary information. When a slave server receives this information from a server it is called a zone transfer. Typically, in order to differentiate the master zone files from the slave, the names on the slave are changed so they start with “bak” to indicate they are really backup files.
Need Some Linux Training Options? You can learn Linux with Online Classes or Live Linux Instruction.
Build a Slave
The first thing you will want to do is install bind and the caching-nameserver just like you did on the master. If you are using the chroot jail you will want to install that as well. Here is an example of install with CentOS 5.5.
yum install bind caching-nameserver
Create the /etc/named.conf
In order to set up the slave, copy the /etc/named.conf file from the master and modify it for a slave perspective.
Here is the master zone entry.
};
zone “example.com” {
type master;
file “example.com.zone”;
};
zone “1.168.192.in-addr.arpa” {
type master;
file “zone.192.168.1.5″;
};
Change that file for the slave.
The slave entries will have several differences. First, you need to change the type to slave.
type slave;
The other feature that you want to use is the masters line which indicates the IP Address of the master DNS server. It is important to list this to prevent transfers from outside sources. Note that the master is 192.168.3.1 and it needs to be used as you do not want to receive transfers from any outside sources.
masters { 192.168.3.1; };
The file name should be changed so it is not confused with the master zone files. Here you can see that the file name starts with “bak”. When the transfer occurs you will find that bind will create the correct name in your /var/named.
};
zone “example.com” {
type slave;
file “bak.example.com.zone”;
masters { 192.168.3.1; };
};
zone “1.168.192.in-addr.arpa” {
type slave;
file “bak.zone.192.168.1.5″;
masters { 192.168.3.1; };
};
Zone Transfer Security
You will want to consider limiting who can transfer your zones files. There are several settings that you can use to restrict who is able to transfer the zones. In the example you can see that the Master is located at 192.168.3.1 so in the master /etc/named.conf you will want to limit transfers to your slave server at 192.168.4.1.
allow-transfer
The allow-transfer statement restricts the transfer of the domain or IP Address you attach it to so that only the IP Address listed can transfer the zone information. This allows your master to transfer the zone information to the slaves. On the master you should have the line for each of your zones:
};
zone “example.com” {
type master;
file “example.com.zone”;
allow-transfer { 192.168.4.1; };
};
zone “1.168.192.in-addr.arpa” {
type master;
file “zone.192.168.1.5″;
allow-transfer { 192.168.4.1; };
};
One the slave you will want to add a line that does not allow any transfer as hackers can steal from the slave just as easy as the master.
};
zone “example.com” {
type slave;
file “bak.example.com.zone”;
masters { 192.168.3.1; };
allow-transfer { none; };
};
zone “1.168.192.in-addr.arpa” {
type slave;
file “bak.zone.192.168.1.5″;
masters { 192.168.3.1; };
allow-transfer { none; };
};
