Setup Slave DNS bind chroot CentOS 5


References:
http://www.howtoforge.com/installation-of-bind-as-a-secondary-slave-dns-server-on-centos
http://doc.planet-lab.eu/html/x732.htm

 
I. Skenario:
Primary DNS : 192.168.0.250
Secondary DNS (Mirror) : 192.168.0.251

II. Edit /etc/hosts
# vi /etc/hosts

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.0.251 kucing.example.net kucing

 
III. Edit /etc/resolv/conf

search example.net
nameserver 192.168.0.250
nameserver 192.168.0.251


 
IV. Install & setting Bind9 chroot for DNS Server
– Install Bind chroot
# yum -y install bind bind-chroot bind-libs bind-utils caching-nameserver

-Setting rndc
# cd /var/named/chroot/etc
# rndc-confgen > rndc.key
# chown root:named rndc.key

-Edit File rndc.key :
# vi /var/named/chroot/etc/rndc.key

# Start of rndc.conf
key "rndckey" {
algorithm hmac-md5;
secret "QXkk0JXZDrgi0dJ0DrETKQ==";
};

#options {
# default-key "rndckey";
# default-server 127.0.0.1;
# default-port 953;
#};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndckey" {
# algorithm hmac-md5;
# secret "xwINl5E9kGDva0PcJWCZjQ==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndckey"; };
# };
# End of named.conf

 
– Konfigurasi /var/named/chroot/etc/named.conf
# vi /var/named/chroot/etc/named.conf

// Red Hat BIND Configuration Tool
// Default initial "Caching Only" name server configuration
// we include the rndckey (copy-paste from rndc.key created earlier)
// include "/var/named/chroot/etc/rndc.key";
key "rndckey" {
algorithm hmac-md5;
secret "QXkk0JXZDrgi0dJ0DrETKQ==";
};

// assume our server has the IP 192.168.0.251 serving the 192.168.0.0/24 subnet
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; };
inet 192.168.0.251 allow { 192.168.0.0/24; } keys { "rndckey"; };
};

options {
directory "/var/named";
pid-file "/var/run/named/named.pid";

recursion yes;

allow-recursion {
127.0.0.1;
192.168.0.0/24;
};

// these are the opendns servers (optional)
forwarders {
202.134.0.155;
203.130.193.74;
8.8.8.8;
8.8.4.4;
};

listen-on {
127.0.0.1;
192.168.0.251;
};

/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;

// so people can't try to guess what version you're running
version "REFUSED";

allow-query {
127.0.0.1;
192.168.0.0/24;
};
};

server 192.168.0.251 {
keys { rndckey; };
};

zone "." IN {
type hint;
file "named.ca";
};

//forward zone
zone "example.net" IN {
type slave;
file "slaves/example.net.zone";
// allow-update { none; };
// we assume we have a master dns server with the IP 192.168.0.250
allow-transfer { 192.168.0.250/32; };
masters { 192.168.0.250; };
};

//reserve zone
zone "0.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.0.zone";
// allow-update { none; };
// we assume we have a master dns server with the IP 192.168.0.250
allow-transfer { 192.168.0.250/32; };
masters { 192.168.0.250; };
};

 
-Change permission /var/named
# chmod 777 -Rvf /var/named/

-Restart Bind Service & Setting run level
# service named restart
# chkconfig named on

Make sure it’s running :
# rndc status

Note:
Jika tidak ada error, maka file zone dalam master server akan dicopy secara otomatis ke /var/named/chroot/var/named/slaves/

V. Testing secondary DNS Query
-Testing query jika primary DNS status on :

-Testing query jika primary DNS status off :

Leave a Reply

Your email address will not be published. Required fields are marked *