{"id":3275,"date":"2019-06-15T15:19:46","date_gmt":"2019-06-15T12:19:46","guid":{"rendered":"https:\/\/kifarunix.com\/?p=3275"},"modified":"2019-06-16T11:18:39","modified_gmt":"2019-06-16T08:18:39","slug":"configure-bind-as-slave-dns-server-on-ubuntu-18-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/configure-bind-as-slave-dns-server-on-ubuntu-18-04\/","title":{"rendered":"Configure BIND as Slave DNS Server on Ubuntu 18.04"},"content":{"rendered":"\n<p>Our previous guide demonstrated how to configure BIND as a Master DNS server on Ubuntu 18.04 (See the link below). This guide will demonstrate how to configure BIND as <a href=\"https:\/\/ns1.com\/resources\/what-exactly-is-secondary-dns\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Slave DNS Server (opens in a new tab)\">Slave DNS Server<\/a> on Ubuntu 18.04. The Slave DNS servers, also known as Secondary DNS servers act a backup of the Master DNS servers.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-bind-as-dns-server-on-ubuntu-18-04\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"How to configure BIND as a Master DNS server on Ubuntu 18.04 (opens in a new tab)\">How to configure BIND as a Master DNS server on Ubuntu 18.04<\/a><\/p>\n\n\n\n<p>The master DNS server stored the zone files. Any changes on the Zone files are made on the master DNS server. The slave DNS on the other hand receive zone definitions from the primary name servers using a zone transfer operation. Both primary and secondary name servers are authoritative for the zone and look the same to clients.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configure BIND as Slave DNS Server on Ubuntu 18.04<\/h2>\n\n\n\n<p>In this Demo, our environment setup is;<\/p>\n\n\n\n<p>Master DNS server:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>ns1.kifarunix-demo.com, 192.168.2.5\/24<\/li><\/ul>\n\n\n\n<p>Slave DNS server:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>ns2.kifarunix-demo.com, 192.168.2.6\/24<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Update your system<\/h3>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt update\napt upgrade<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Install BIND and BIND Utilities<\/h3>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apt install bind9 bind9-utils<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configure Master Zone Transfer<\/h3>\n\n\n\n<p>Login to the master DNS server and configure it allow zone transfer to slave DNS server. This can be done by the use the <strong>allow-transfer<\/strong> option. This option specifies the slave servers that are allowed to request a transfer of the zone&#8217;s information from the master.<\/p>\n\n\n\n<p>The configuration can be done globally using the <strong>option<\/strong> statement or from a specific zone. To configure zone transfer globally;<\/p>\n\n\n\n<p>(Note the line; <strong>allow-transfer { 192.168.2.6; };<\/strong>)<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/bind\/named.conf.options<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>...\noptions {\n  directory \"\/var\/cache\/bind\";\n\n        recursion yes;\n        allow-recursion { localhost; allowed; };\n        listen-on port 53 { localhost; 192.168.2.5; };\n        allow-query { localhost; allowed; };\n        allow-transfer { 192.168.2.6; };  # Slave IP address\n\n        forwarders {\n                192.168.2.1;\n                8.8.8.8;\n        };\n\n...<\/code><\/pre>\n\n\n\n<p>Run the configuration check and restart BIND.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>named-checkconf \/etc\/bind\/named.conf.options<\/code><\/pre>\n\n\n\n<p>Next, edit the Master Forward and Reverse zone files to include the slave DNS server.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/var\/cache\/bind\/kifarunix-demo.com<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>...\n;\n; Primary Nameserver\n        IN      NS      ns1.kifarunix-demo.com.\n        IN      NS      ns2.kifarunix-demo.com.\n;\n; Define A records (forward lookups)\nns1     IN      A       192.168.2.5\nns2     IN      A       192.168.2.6\nserver01        IN      A       192.168.2.100\n...<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/var\/cache\/bind\/rev-kifarunix-demo.com<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>...\n;\n; Primary nameserver\n@       IN      NS      ns1.kifarunix-demo.com.\n        IN      NS      ns2.kifarunix-demo.com.\n; PTR records for reverse lookup\n5       IN      PTR     ns1.kifarunix-demo.com.\n6       IN      PTR     ns2.kifarunix-demo.com.\n100     IN      PTR     server01.kifarunix-demo.com.<\/code><\/pre>\n\n\n\n<p>Verify Zone configuration Syntax.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>named-checkzone kifarunix-demo.com \/var\/cache\/bind\/kifarunix-demo.com<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>named-checkzone 2.168.192.in-addr.arpa \/var\/cache\/bind\/rev-kifarunix-demo.com<\/code><\/pre>\n\n\n\n<p>Reload configuration file and zones<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>rndc reload\nserver reload successful<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configure Slave DNS server<\/h3>\n\n\n\n<p>Next, configure Slave DNS server ACL and options such that your configuration looks like in below. Note the line,<strong> allow-transfer { none; };<\/strong>. The file should however look similar to the Master server configuration.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/bind\/named.conf.options<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>acl \"allowed\" {\n        192.168.2.0\/24;\n};\n\noptions {\n  directory \"\/var\/cache\/bind\";\n\n        recursion yes;\n        allow-recursion { localhost; allowed; };\n        listen-on port 53 { localhost; 192.168.2.6; };\n        allow-query { localhost; allowed; };\n        allow-transfer { none; };\n\n        forwarders {\n                192.168.2.1;\n                8.8.8.8;\n        };\n\n        dnssec-validation auto;\n\n        auth-nxdomain no;    # conform to RFC1035\n        listen-on-v6 { none; };\n};<\/code><\/pre>\n\n\n\n<p>Run the configuration syntax verification.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>named-checkconf \/etc\/bind\/named.conf.options<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Create Slave Forward and Reverse Zone Files<\/h3>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/bind\/named.conf.local<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code># Slave zone statement for forward DNS lookup\nzone \"kifarunix-demo.com\" IN {\n        type slave;\n        file \"kifarunix-demo.com\";\n        masters { 192.168.2.5; };\n};\n# Slave zone statement for reverse DNS lookup\nzone \"2.168.192.in-addr.arpa\" IN {\n        type slave;\n        file \"rev-kifarunix-demo.com\";\n        masters { 192.168.2.5; };\n};<\/code><\/pre>\n\n\n\n<p>Run zone configuration syntax verification.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>named-checkconf \/etc\/bind\/named.conf.local<\/code><\/pre>\n\n\n\n<p>Reload Zone files and configurations.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>rndc reload<\/code><\/pre>\n\n\n\n<p>One that is done, the master Zone files will be transferred to the slave server BIND working directory.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ls \/var\/cache\/bind\/ | grep kifarunix\nkifarunix-demo.com\nrev-kifarunix-demo.com<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Verify Resolution on the Client<\/h3>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dig server01.kifarunix-demo.com @192.168.2.6<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>; &lt;&lt;>> DiG 9.11.3-1ubuntu1.7-Ubuntu &lt;&lt;>> server01.kifarunix-demo.com @192.168.2.6\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 65474\n;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 4096\n; COOKIE: fa331bbdb978978e5ae1c9bc5d05085d6ec710f6f606b114 (good)\n;; QUESTION SECTION:\n;server01.kifarunix-demo.com.\tIN\tA\n\n;; ANSWER SECTION:\nserver01.kifarunix-demo.com. 86400 IN\tA\t192.168.2.100\n\n;; AUTHORITY SECTION:\nkifarunix-demo.com.\t86400\tIN\tNS\tns1.kifarunix-demo.com.\n\n;; ADDITIONAL SECTION:\nns1.kifarunix-demo.com.\t86400\tIN\tA\t192.168.2.5\n\n;; Query time: 1 msec\n;; SERVER: 192.168.2.6#53(192.168.2.6)\n;; WHEN: Sat Jun 15 15:01:49 EAT 2019\n;; MSG SIZE  rcvd: 134<\/code><\/pre>\n\n\n\n<p>Configure the Client interface to include the Slave DNS server.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>less \/etc\/netplan\/01-netcfg.yaml<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>network:\n  version: 2\n  renderer: networkd\n  ethernets:\n    enp0s3:\n      dhcp4: no\n      addresses: [192.168.2.100\/24]\n      nameservers:\n              addresses:\n                      - 192.168.2.5\n                      - 192.168.2.6\n              search: [ kifarunix-demo.com ]<\/code><\/pre>\n\n\n\n<p>Run reverse lookup.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>nslookup 192.168.2.100\n100.2.168.192.in-addr.arpa\tname = server01.kifarunix-demo.com.\n\nAuthoritative answers can be found from:<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>dig -x 192.168.2.100\n\n; &lt;&lt;>> DiG 9.11.3-1ubuntu1.7-Ubuntu &lt;&lt;>> -x 192.168.2.100\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 53827\n;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 65494\n;; QUESTION SECTION:\n;100.2.168.192.in-addr.arpa.\tIN\tPTR\n\n;; ANSWER SECTION:\n100.2.168.192.in-addr.arpa. 86400 IN\tPTR\tserver01.kifarunix-demo.com.\n\n;; Query time: 3 msec\n;; SERVER: 127.0.0.53#53(127.0.0.53)\n;; WHEN: Sat Jun 15 15:12:25 EAT 2019\n;; MSG SIZE  rcvd: 96<\/code><\/pre>\n\n\n\n<p>Great. That is all on to simply configure BIND as Slave DNS server on Ubuntu 18.04.<\/p>\n\n\n\n<p>BIND Master-Slave DNS configuration is demonstrated on a guide in the link below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-setup-master-slave-dns-server-using-bind-on-centos-7\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">How to Setup&nbsp;Master-Slave DNS Server using BIND on CentOS 7<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Our previous guide demonstrated how to configure BIND as a Master DNS server on Ubuntu 18.04 (See the link below). This guide will demonstrate how<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[979,971,121],"tags":[109,980,973,108,983,67],"class_list":["post-3275","post","type-post","status-publish","format-standard","hentry","category-bind","category-dns","category-howtos","tag-bind","tag-bind-9","tag-dns","tag-dns-server","tag-slave-dns-server","tag-ubuntu-18-04","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/3275"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=3275"}],"version-history":[{"count":4,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/3275\/revisions"}],"predecessor-version":[{"id":3282,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/3275\/revisions\/3282"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=3275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=3275"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=3275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}