Skip to content

Instantly share code, notes, and snippets.

@krishnamurthydasari

krishnamurthydasari/Master-Slave DNS Setup in EC2

Last active February 6, 2018 11:51
Show Gist options
  • Save krishnamurthydasari/042e90f5eef5c0935a7ffd33e897608c to your computer and use it in GitHub Desktop.
Save krishnamurthydasari/042e90f5eef5c0935a7ffd33e897608c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Master-Slave DNS Setup in EC2
For this setup:
DNS Master Server 172.31.88.75
DNS Slave Server 172.31.93.71
Host1 172.31.83.52
Host2 172.31.88.91
** Configured only fws zone. Reverse zone setup not tested.
** Reference : https://www.tecmint.com/setup-master-slave-dns-server-in-centos/
DNS Master Setup:
=================
Installing Bind:
yum install bind bind-utils bind-chroot
Configuring Bind:
vi /etc/named.conf
options {
.
.
listen-on port 53 { 127.0.0.1; 172.31.88.75; }; # Add Master DNS Server IP
#listen-on-v6 port 53 { ::1; }; # Comment ipv6 support
allow-query { localhost; any; }; # subnet range where my hosts are allowed to query our DNS. "any" will allow query requests from any host
recursion yes; # This will allow DNS server to fetch root servers if record is not available.
allow-transfer { localhost; 172.31.93.71; }; # Here we need to our Slave DNS server IP. This setting will be there in master DNS server
.
.
}
.
.
## Define our forward & reverse Zone file here for tecmintlocal.com.
zone "example.com" IN {
type master;
file "zones/example.com.fwd.zone";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "zones/example.com.rev.zone";
allow-update { none; };
};
#####
.
.
Following are the explanation of each configuration we used in above file.
listen-on port 53 – This is used for the DNS to listen in available interfaces.
Master DNS – Define, your Master DNS IP address to listen the query.
Slave DNS – Define your Slave DNS, which is used to sync our zone information to resolve the hosts from Master.
recursion no – If its set to yes, recursive queries will make the server into DDOS attack.
Zone Name – Define your Zone name here defined as tecminlocal.com.
type master – As this system was configured for a master server, for upcoming slave server this will be slave.
example.com.fwd.zone – This file have the host information for this zone.
allow-update none – If none will set. it won’t use Dynamic DNS (DDNS).
Configuring Zone files:
cp /var/named/named.localhost /var/named/example.com.fwd.zone
cp /var/named/named.loopback /var/named/example.com.rev.zone
vi /var/named/example.com.fwd.zone
$TTL 1D
@ IN SOA ns1.example.com. root.example.com. (
3 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.example.com.
@ IN NS ns2.example.com.
ns1 IN A 172.31.88.75
ns2 IN A 172.31.93.71
host1 IN A 172.31.83.52
host2 IN A 172.31.88.91
vi /var/named/example.com.rev.zone
$TTL 1D
@ IN SOA ns1.example.com. root.example.com. (
3 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.example.com.
@ IN NS ns2.example.com.
ns1 IN A 172.31.88.75
ns2 IN A 172.31.93.71
210 IN PTR host1.example.com.
220 IN PTR host2.example.com
#chgrp named /var/named/example.com.fwd.zone
#chgrp named /var/named/example.com.rev.zone
Test Configuration:
#named-checkconf /etc/named.conf
#named-checkzone example.com /var/named/example.com.fwd.zone
#named-checkzone example.com /var/named/example.com.rev.zone
Start Service:
#service named start
#chkconfig named on
#chkconfig --list named
Client Setup:
=============
Edit /etc/resolv.conf file and update DNS server IPs
Test DNS:
[root@ip-172-31-83-52 ~]# nslookup host1.example.com
Server: 172.31.88.75
Address: 172.31.88.75#53
Name: host1.example.com
Address: 172.31.83.52
[root@ip-172-31-83-52 ~]# dig host1.example.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.56.amzn1 <<>> host1.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21700
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;host1.example.com. IN A
;; ANSWER SECTION:
host1.example.com. 86400 IN A 172.31.83.52
;; AUTHORITY SECTION:
example.com. 86400 IN NS ns1.example.com.
example.com. 86400 IN NS ns2.example.com.
;; ADDITIONAL SECTION:
ns1.example.com. 86400 IN A 172.31.88.75
ns2.example.com. 86400 IN A 172.31.93.71
;; Query time: 1 msec
;; SERVER: 172.31.88.75#53(172.31.88.75)
;; WHEN: Wed Jan 31 07:24:27 2018
;; MSG SIZE rcvd: 119
[root@ip-172-31-83-52 ~]#
DNS Slave Setup:
================
Installing Bind:
yum install bind bind-utils bind-chroot
Configuring Bind:
vi /etc/named.conf
options {
.
.
listen-on port 53 { 127.0.0.1; 172.31.93.71; }; # Add Slave DNS Server IP
#listen-on-v6 port 53 { ::1; }; # Comment ipv6 support
allow-query { localhost; any; }; # subnet range where my hosts are allowed to query our DNS. "any" will allow query requests from any host
recursion yes; # This will allow DNS server to fetch root servers if record is not available.
. .
.
}
.
.
## Define our slave forward and reverse zone, Zone files are replicated from master.
zone "example.com" IN {
type slave;
file "slaves/example.fwd.zone";
masters { 172.31.88.75; };
};
zone "0.168.192.in-addr.arpa" IN {
type slave;
file "slaves/example.com.rev.zone";
masters { 172.31.88.75; };
};
Test Configuration:
#named-checkconf /etc/named.conf
Start Service:
#service named start
#chkconfig named on
#chkconfig --list named
**No need to create zone files on slave machine. when you start named service, files will automatically get synced from Master DNS server.
**Test nsloop by stopping DNS service on master. you should get response from slave automatically. and also stop service on slave and test. With dig command, note from where query is getting answered.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment