Internal Errigal Collaboration Wiki

User Tools

Site Tools

Trace: excel slave_dns_on_redhat
Writing /app/www/public/data/meta/databaseandnetworkmanagement/slave_dns_on_redhat.meta failed
databaseandnetworkmanagement:slave_dns_on_redhat

Setup RedHat as DNS Slave

SSH to server as scotty

  • sudo yum install bind
  • sudo yum bind-utils
  • sudo cp /etc/named.conf /etc/named.conf.backup
  • sudo nano /etc/named.conf
options {
	listen-on port 53 { 127.0.0.1; 192.168.123.222;};
        listen-on-v6 port 53 { ::1; };
        directory	"/var/named";
        dump-file	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.123.0/24;10.5.5.0/24;};

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
	recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};
  • Replace 192.168.123.222 with whatever IP Address you want as DNS slave.
  • Below the options, in the same file (/etc/named.conf), add the zones.
zone "err" IN {
        type slave;
        file "/var/named/slaves/forward.errigal";
        masters { 10.91.100.71; };
};

zone "100.91.10.in-addr.arpa" IN {
        type slave;
        file "/var/named/slaves/reverse.errigal";
        masters { 10.91.100.71; };
};

zone "crc" IN {
        type slave;
        file "/var/named/slaves/forward.crown";
        masters { 10.91.100.71; };
};

zone"30.10.in-addr.arpa" IN {
        type slave;
        file "/var/named/slaves/reverse.crown";
        masters { 10.91.100.71; };
};
zone "ext" IN {
        type slave;
        file "/var/named/slaves/forward.extenet";
        masters { 10.91.100.71; };
};

zone"104.214.10.in-addr.arpa" IN {
        type slave;
        file "/var/named/slaves/reverse.extenet";
        masters { 10.91.100.71; };
};
  • SSH to the master dns server (qadb2)
  • sudo nano /var/named/chroot/etc/named.conf
  • Ensure that: 
    allow-transfer  { localhost; 10.5.5.50; 10.5.5.15;  192.168.123.211; 192.168.123.222; }; # Slave DNS Servers IP

    has your slave ip address.

  • If it is not there add it and save your changes
  • sudo service named restart
  • SSH back to your slave dns
  • ls -l /var/named/slaves
  • Ensure forward and reverse are present for crown extenet and errigal.
  • If successful you should now be able to set this as a DNS.
  • Remember to restart named on the master and slave so the changes can take place
databaseandnetworkmanagement/slave_dns_on_redhat.txt · Last modified: 2021/06/25 10:09 by 127.0.0.1

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki