How to Install and configure Master /Slave DNS in Centos /RHEL 7.6 - LinuxTeck

In this article, you will learn how to set up DNS (Domain Name System) on a Linux/Unix based system. DNS is mainly used to resolve hostnames, so it can translate IP addresses into fully qualified domain names (FQDNs), such as 172.217.166.110 into www.linuxteck.com. It is one of the basements of the internet. When you type a domain name in your browser, it sends a query across the internet to get a look at the corresponding IP address. After finding the IP address, it retrieves the website's information. The whole process only takes a few milliseconds. The term DNS is used by many names, such as name servers, domain name systems, and nameservers.

Throughout this chapter, we will discuss the Master/Slave DNS concept. A master DNS server is also referred to as a Primary DNS Server, whereas a slave DNS server is known as a Secondary DNS Server, which acts as either a backup server or a load balancer. Slave DNS retrieves all DNS zone records from the Master DNS Server. This is a replica of the Master DNS Server. The advantage of using slave servers is that they will provide redundant services if the Master Server is unavailable for some reason. Because slaves handle all requests, users are not able to identify whether they are using a slave or a master DNS.

To set up a DNS server on Linux, we use the BIND package. BIND stands for Berkeley Internet Name Domain, which is a service or protocol that converts domain names into IP addresses and IP addresses into domain names.

This step-by-step guide will help you to set up a Master-Slave DNS Server CENTOS/RHEL 7.x

My Lab Setup :

For the lab setup, I am using 3 machines in total. 2 for the server setup (Master-&-Slave) and 1 for the client to connect to the DNS server

BIND Packages :

DNS Port :

Step 1 : Installing BIND9 on CentOS 7.6

In Terminal you can use either the direct root or sudo to execute the commands.

#:- prompt shows that you can execute the command with root privileges or used by sudo command

$:- prompt shows that you can execute the command as a regular user (non-privileged user)

Make sure you have configured the hostname and IP address for your machines. To cross verify execute the below command

Master DNS Server

Slave DNS Server

Client - Machine

Let's move forward and Install the BIND package on Master-Slave (CentOS 7.6)

Once your BIND applications are installed, you need to start the service and enable it to begin automatically after each reboot, so that you don’t have to start manually each time.

Use the below command to check the version of BIND running on your server

Step 2 : BIND Server Configurations

It’s a time to edit the main configuration file of the DNS server is called ‘named.conf’ . It will be located under ‘/etc/’ directory.

 

 

The following is a short explanation of the entries added/highlighted in the '/etc/named.conf' file to setup Master:

Note: save and close the file using ‘:wq!’ .If you have missed any semicolon or braces in the ‘etc/named.conf’ file an error message will popup during the startup in bind service.

Step 3 : Creating BIND Zones

Now we have to build our zones file (forward and reverse) as we declared in named.conf above. The default location of the zone lookup files is located in the '/var/named' directory.

Note: The easiest way to create two zone files can be taken as a copy from the sample file of the default location of the zone.

Make sure both the zone files (forward.linuxteck and reverse.linuxteck) are to be kept under /var/named/ directory. First, edit the forward.linuxteck zone file.

Before editing the forward.linuxteck zone file let us have a look at the sample zone file

After defining the required entires into the forward.linuxteck zone file

Note: save and close the file using ‘:wq!’

Special keywords for Zone Files used above :

• A – A record point host names. We also use (www, ftp, mail) to one or more IP addresses.
• NS – Name Server, specify the servers which are providing DNS services for that domain name.

Next, create a new zone file for the reverse zone under ‘/var/named/’ directory, to create a reverse pointer to the above forward zone entries.

Note: save and close the file using ‘:wq!’

That’s it, we have successfully configured our BIND Server. We all need it to start DNS services, but before starting the service we must check a few more things.

Step 4 : SELinux

Just for additional information. Today, most Linux systems are imposing SELinux -- a far-reaching protection enhancement that modifications the persona of machine protection then again requires that we deal with some more complexity in managing our systems.

For machines running with SELinux, all strategies and files are labeled in a way that represents security-relevant information. This information is referred to as the SELinux context. There are 4 phases and every phase of the security context is separated by means of a colon (:)"SELinux user, SELinux role, the type, multilevel safety or MLS". This rule will complete "Allow access, Prevent get entry to or Denied" which will guard your server more than the regular way. For any newly created files that will set the permit to get entry to else it will prevent writing/executing to the file. Please see the SELinux documentation for more information

For files, this is viewed using the ls -Z command:

cd /var/named/

# ls -Z

The results of the newly created files are highlighted above which show the wrong SELinux context, so to change the security context. There are more than one instruction for managing the SELinux context for files, such as “chcon, semanage fcontext, and restorecon”.

Here I use ‘chcon ‘

Now we have modified the security context of (forward.linuxteck & reverse.linuxteck) file, which is the right one.

Now, restart the BIND Services

Step 5 : Firewall Configuration

We want to permit (TCP & UDP port 53) in firewall rule to use DNS port

Reload the firewall service

If you want to know more about firewalld services, have a look at this article on 15 basic useful firewall-cmd commands in Linux.

 

Step 6 : Test my bind configuration for any syntax errors

Run the following command:

If there is 'NO OUTPUT', then the configuration file is treated as valid.

Similarly, test the Forward &Reverse zone files as well.

Forward :

Output :

If you see “OK” as above, the forward zone file is properly configured.

Reverse:

Output :

If you see “OK” as above, the reverse zone file is also properly configured.

Step 7 : Add DNS Server details in your interface config file

Now we need to add our DNS IP to the network interface

Note : save and close the file using ‘:wq!’

Step 8 : Add DNS name servers address into /etc/resolv.conf

# vi /etc/resolv.conf

Add the name server IP address:

nameserver 192.168.0.100

Restart network service

# systemctl restart network

Step 9 : Test DNS Server with ‘dig & nslookup’

# dig masterdns.linuxteck.com

# dig -x 192.168.0.100

# nslookup masterdns.linuxteck.com

Finally, our Primary (Master) DNS Server is ready!. We can now cross ahead and configure our Secondary (Slave) DNS Server

Step 10 : Slave Server setup

The BIND Package and the Installation part of the Slave DNS Server is the same as of Master. To configure the Slave DNS Server, it need to edit /etc/named.conf’ and start the Bind service, then the zone files (forward and reverse) transfer automatically.

Install bind packages using the following command:

# yum install bind bind-utils -y

Step 11 : Edit slave bind configuration file /etc/named.conf :

# vi /etc/named.conf

 

As you can see, the configuration is pretty comparable in assessment with the master. The slave’s configuration also carries the same zones as on the master and they are configured as type slave. Zone files don’t want to be created because they must be replicated from the master.

Note: save and exit the file using ‘:wq!’ .If you have missed any semicolon or brasses in the ‘etc/named.conf’ file an error message will pop-up throughout the Startup Blink service.

Step 12 : start the bind service and enable it for the next reboot: 

# systemctl enable named

# systemctl start named

If all goes well, the slave have replicated the zone records from the master and created it’s zone files to ‘/var/named/slaves/’ in Slave DNS server.

# ls -l  /var/named/slaves/

linuxteck.fwd.zone

linuxteck.rev.zone

Step 13 : Add DNS Server details in the slave interface config file

# vi /etc/sysconfig/network-scripts/ifcfg-enp1s0

Note : save and close the file using ‘:wq!’

Step 14 : Add DNS name servers address into /etc/resolv.conf

Add the name server (Master & Slave)IP address:

# vi /etc/resolv.conf

 

nameserver 192.168.0.100
nameserver 192.168.0.101

Note : save and close the file using ‘:wq!’

Step 15 : Firewall Configuration

# firewall-cmd --permanent --add-port=53/tcp

# firewall-cmd --permanent --add-port=53/udp

Reload Firewall service :

# firewall-cmd --reload

Step 16 : SELinux

Use the following command for the security context of Selinux:

# chgrp named -R /var/named

# chown -v root:named /etc/named.conf

# restorecon -rv /var/named

# restorecon /etc/named.conf

That's it ! for the SLAVE configuration.

Step 17 : Setup DNS configuration to the client

Edit your client /etc/resolve.conf file and add the IP address of both the Master and Slave DNS servers.

# vi /etc/resolv.conf

nameserver 192.168.0.100
nameserver 192.168.0.101

Now we can test our forward and reverse look using "dig and nslookup" as below :

# nslookup lt001.linuxteck.com

# nslookup 192.168.0.200

The setup of  the Master and Slave  DNS server has been configured successfully, I believe this article will help those who are looking to setup the same on your end. Drop me your feedback/comments.

Thank you!!