12. Why is need master/slave architecture
There are many reasons why is need this architecture. First at all for redundancy, if you have only one DNS server what will happen in case of hardware failure? Or if DNS software or OS crash? Thats because it is wise to have more that one server. And to avoid synchronization efforts and mistakes will be good to do it automatically.
Next possible reason is spread the load of DNS requests. In case of big enterprise DNS requests can overload the server if there is only one. Of course you can replace it with new, more powerful server, but this will be (again) single point of failure.
Other reason can be security. If you expose to for public access only secondary server this will prevent (more or less) the possibility of harm on some way the resolv of hostnames/IP addreses. At the end this is only one server, so do not forget to implement all the security precautions you usually do
13. Configure to allow transfers to slave server(s)
In file /var/named/chroot/etc/named.conf the block
zone "example.net" in{
type master;
file "master.example.net";
};
will become
zone "example.net" in{
type master;
file "master.example.net";
allow-transfer {10.1.0.10;};
};
and
zone "0.1.10.IN-ADDR.ARPA" in{
type master;
file "10.1.0.rev";
};
will become
zone "0.1.10.IN-ADDR.ARPA" in{
type master;
file "10.1.0.rev";
allow-transfer {10.1.0.10;};
};
14. Configure slave server
The base is the same so lets edit /var/named/chroot/etc/named.conf. I will use config file from master and just edit some sections like
zone "example.net" in{
type master;
file "master.example.net";
allow-transfer {10.1.0.10;};
};
become
zone "example.net" in{
type slave;
file "slave.example.net";
masters {10.1.0.5;};
};
and
zone "0.1.10.IN-ADDR.ARPA" in{
type master;
file "10.1.0.rev";
allow-transfer {10.1.0.10;};
};
become
zone "0.1.10.IN-ADDR.ARPA" in{
type slave;
file "10.1.0.rev.slave";
masters {10.1.0.5;};
};
14. Check the configuration
[root@centos named]# service named configtest
zone localhost/IN: loaded serial 42
zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
15. This look nice, but it is need to do few more steps
>/var/named/chroot/var/named/10.1.0.rev.slave
>/var/named/chroot/var/named/slave.example.net
chown named:named /var/named/chroot/var/named/10.1.0.rev.slave /var/named/chroot/var/named/slave.example.net
mkdir -p /var/named/chroot/tmp
chmod 1777 /var/named/chroot/tmp
last two lines are because of the chroot environment
16. Run the server
[root@centos named]# service named start
Starting named: [ OK ]
17. And of course make some tests
[root@centos named]# nslookup
> server 10.1.0.10
Default server: 10.1.0.10
Address: 10.1.0.10#53
> nsd
Server: 10.1.0.10
Address: 10.1.0.10#53
Name: nsd.example.net
Address: 10.1.0.5
> nsd.example.net.
Server: 10.1.0.10
Address: 10.1.0.10#53
Name: nsd.example.net
Address: 10.1.0.5
> centos
Server: 10.1.0.10
Address: 10.1.0.10#53
Name: centos.example.net
Address: 10.1.0.10
> set q=mx
> example.net
Server: 10.1.0.10
Address: 10.1.0.10#53
example.net mail exchanger = 1 centos.example.net.
> set q=ns
> example.net
Server: 10.1.0.10
Address: 10.1.0.10#53
example.net nameserver = nsd.example.net.
> exit
18. All is fine except one minor mistake.
On the definitions for domain example,net is missing our new name server. Lets correct this
19. Go to master name server and edit /var/named/chroot/var/named/master.example.net
and line
2010072501 ; serial
will be changed to
2010080701 ; serial
and after line
@ IN NS nsd.example.net.
will be added
@ IN NS centos.example.net.
20. Make server reload the configuration
[root@nsd named]# service named reload
Reloading named: [ OK ]
21. And go back to slave server
[root@centos named]# nslookup
> server 10.1.0.10
Default server: 10.1.0.10
Address: 10.1.0.10#53
> set q=ns
> example.net
Server: 10.1.0.10
Address: 10.1.0.10#53
example.net nameserver = centos.example.net.
example.net nameserver = nsd.example.net.
22. E voila, we have already working master/slave DNS configuration
No comments:
Post a Comment