Sunday, February 21, 2016

DNS zone transfer, bind9 master slave

**** information ****
master: ip: 192.168.56.231
slave ip: 192.168.56.230
domain: test.mail

+ on master
1- install bind9 package
$ sudo apt-get install bind9
2- configure zone on file /etc/bind/named.conf.default-zones by add the following lines
zone "test.mail" {
    type master;
    file "/etc/bind/test.mail";
    also-notify { 192.168.56.230; };
    allow-transfer { 192.168.56.230; };
    notify yes;
};

3- configure the domain in file /etc/bind/test.mail with the following content
;
$TTL    604800
@    IN    SOA    ns1.test.mail. root.test.mail. (
                  3        ; Serial
             604800        ; Refresh
              86400        ; Retry
            2419200        ; Expire
             604800 )    ; Negative Cache TTL
;
@    IN    NS    ns1.test.mail.
@    IN    A    192.168.56.230
@    IN    MX    10 mail.test.mail.
ns1    IN    A    192.168.56.230
www    IN    A    192.168.56.230
mail    IN    A    192.168.56.23


+ on slave
1- install bind9 package
$ sudo apt-get install bind9
2- configure zone on file /etc/bind/named.conf.default-zones by add the following lines
zone "test.mail" {
    type slave;
    masters { 192.168.56.231; };
    file "/etc/bind/test.mail";
};
 

3- if you store the zone file other than /etc or you don't use apparmor you might not need to configure apparmor, but since we store it in /etc you have to allow read write in directory /etc/bind. so in apparmor /etc/apparmor.d/usr.sbin.named and modify content as below

  /etc/bind/** rw,
  /var/lib/bind/** rw,
  /var/lib/bind/ rw,
  /var/cache/bind/** lrw,
  /var/cache/bind/ rw,


4- restart apparmor and bind9 service, now everything is ready.
 $ sudo service apparmor restart 
 $ sudo service bind9 restart


+ testing the zone transfer,
edit file  /etc/bind/test.mail on master pc and add A record or CNAME or any type record,
than increase the serial number. in above configuration my serial number is 3, so after adding record i need to increase by 1, so it is 4. then restart bind service

and you will be able to resolve the name to ip on the slave pc, the newly record added on master pc.

No comments:

Post a Comment