A secondary DNS Server is used as a backup DNS Server in case the primary fails. The configuration is almost identical.
Here are the details:
Domain: testdom.inv
Primary: ns1.testdom.inv (192.168.1.13)
Secondary: ns2.testdom.inv (192.168.1.14)
Secondary DNS Server
Phase1:
Again, the host names must be properly specified. We have to modify the following lines in the mentioned files -[root@centu ~]# vim /etc/sysconfig/network
HOSTNAME=ns2.testdom.inv
[root@ns2 ~]# vim /etc/hosts
192.168.1.14 ns2.testdom.inv ns2
Finally, we set the resolver IP to the primary DNS Server
[root@ns2 ~]# vim /etc/resolv.conf
nameserver 192.168.1.13
nameserver 192.168.1.14
Phase 2:
Now we set up necessary packages -[root@ns2 ~]# yum install bind bind-chroot
Loaded plugins: fastestmirror, presto
Determining fastest mirrors
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind.i686 32:9.7.0-5.P2.el6 set to be updated
---> Package bind-chroot.i686 32:9.7.0-5.P2.el6 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================================
Package Arch Version Repository Size
================================================================================================================
Installing:
bind i686 32:9.7.0-5.P2.el6 myyum 3.5 M
bind-chroot i686 32:9.7.0-5.P2.el6 myyum 65 k
Transaction Summary
================================================================================================================
Install 2 Package(s)
Upgrade 0 Package(s)
Total download size: 3.5 M
Installed size: 6.4 M
Is this ok [y/N]: y
Downloading Packages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download: 3.5 M
----------------------------------------------------------------------------------------------------------------
Total 22 MB/s | 3.5 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 32:bind-9.7.0-5.P2.el6.i686 1/2
Installing : 32:bind-chroot-9.7.0-5.P2.el6.i686 2/2
Installed:
bind.i686 32:9.7.0-5.P2.el6 bind-chroot.i686 32:9.7.0-5.P2.el6
Complete!
Phase 3:
Preparing the configuration file -[root@ns2 ~]# cp /usr/share/doc/bind-9.7.0/sample/etc/named.rfc1912.zones /var/named/chroot/etc/named.conf
[root@ns2 ~]# vim /var/named/chroot/etc/named.conf
##### ADD/MODIFY THE FOLLWOING LINES #####
options {
directory "/var/named";
forwarders {4.2.2.1; };
};
zone "testdom.inv" IN {
type slave;
file "testdom-fz";
//allow-update { none; };
allow-transfer {192.168.1.13/32; }; //the primary server
masters {192.168.1.13; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "testdom-rz";
// allow-update { none; };
allow-transfer {192.168.1.13/32; }; //the primary server
masters {192.168.1.13; };
};
And we set necessary permissions to the directory /var/named/chroot/var/named
[root@ns2 ~]#
chmod 770 /var/named/chroot/var/named
Phase 4:
Time to start the service.[root@ns2 ~]# service named restart; chkconfig named on
Stopping named: [ OK ]
Starting named: [ OK ]
[root@ns2 ~]#
Now the secondary DNS Server is ready. The zone files from the primary server will be automatically copied to the secondary server.
Testing
To test, we could do the following-- In the client, we can set the primary and the secondary DNS IP as the IP addresses of servers ns1 and ns2
- Stop the named service in the primary server.
- Checking from client whether the DNS query gets answered or not. If there queries are answered, we could check which server answered the query.
NOTE
While configuring the secondary DNS Server, the following should be kept in mind -
- We don't need to define the zone files in the secondary DNS Server. It will automatically be transferred from primary DNS Server.
- While updating the zone files in the primay DNS Server, the serial number has to be updated. The secondary DNS Server will transfer zone files only if the serial number is different.
Troubleshooting
- Check /var/log/messages. It may provide useful clue such as whether there is a permission issue i.e. the working directory is not writable.
- Check whether the named service is listening to the necessary ports by using the command netstat -tulpn
Hope this helps ^_^
Reference
0 comments:
Post a Comment