hi,
Guys my name is shanker and i'm new here and am studying linux now. Currently i'm trying to configure a bind DNS server in my centos7 virtual machine but for some reason its not working. I'm following this tutorial right now
Code:
https://www.tecmint.com/setup-master-slave-dns-server-in-centos/
here are my forward and reverse zones along with my named file details i have configured so far.
my master DNS config:
.fwd.zone file:
Code:
$TTL 1D
@ IN SOA dns-master-local.net. root.local.net. (
2018010700 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
;NS @
;A 127.0.0.1
;AAAA ::1
;Name server's
@ IN NS dns-master-local.net.
@ IN NS dns-slave-local.net.
;Name server hostname to ip resole
@ IN A 10.0.2.10
@ IN A 10.0.2.11
;hosts in this domain
@ IN A 10.0.2.15
@ IN A 10.0.2.16
masterdns IN A 10.0.2.10
slavedns IN A 10.0.2.11
node1 IN A 10.0.2.15
rhel IN A 10.0.2.16
my .rev.zone file:
Code:
$TTL 1D
@ IN SOA dns-master-local.com. root.dns-master-local.com (
2018010700 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.dns-master-local.net.
@ IN NS ns2.dns-slave-local.net.
@ IN PTR local.net.
;Name server hostname to ip resolve
dns-master-local IN A 10.0.2.10
dns-slave-local IN A 10.0.2.11
;hosts in domain
ns1 IN A 10.0.2.15
ns2 IN A 10.0.2.16
10 IN PTR dns-master-local.net.
11 IN PTR dns-slave-local.net.
15 IN PTR ns1.dns-master-local.net.
16 IN PTR ns2.dns-slave-local.net.
my master named file:
Code:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 127.0.0.1; 10.0.2.10;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 10.0.2.0/24;};
allow-transfer { localhost; 10.0.2.11; }; # Here we need to our Slave DNS server IP.
recursion no;
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "dns-master-local.net" IN {
type master;
file "dns-master-local.fwd.zone";
allow-update {none;};
};
zone "2.0.10.in-addr.arpa" IN{
type master;
file "dns-master-local.rev.zone";
allow-update{none;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
And here are my slave config files:
.fwd.zone files:
Code:
$TTL 1D
@ IN SOA dns-master-local.net. root.local.net. (
2018010700 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
;NS @
;A 127.0.0.1
;AAAA ::1
;Name server's
@ IN NS dns-master-local.net.
@ IN NS dns-slave-local.net.
;Name server hostname to ip resole
@ IN A 10.0.2.10
@ IN A 10.0.2.11
;hosts in this domain
@ IN A 10.0.2.15
@ IN A 10.0.2.16
masterdns IN A 10.0.2.10
slavedns IN A 10.0.2.11
ns1 IN A 10.0.2.15
ns2 IN A 10.0.2.16
here is my reverse dns config:
Code:
$TTL 1D
@ IN SOA dns-master-local.com. root.dns-master-local.com (
2018010700 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.dns-master-local.net.
@ IN NS ns2.dns-slave-local.net.
@ IN PTR local.net.
;Name server hostname to ip resolve
dns-master-local IN A 10.0.2.10
dns-slave-local IN A 10.0.2.11
;hosts in domain
ns1 IN A 10.0.2.15
ns2 IN A 10.0.2.16
10 IN PTR dns-master-local.net.
11 IN PTR dns-slave-local.net.
15 IN PTR ns1.dns-master-local.net.
16 IN PTR ns2.dns-slave-local.net.
output of the testing in master virtual machine:
Code:
[shan@dns-master-local ~]$ nslookup dns-master-local.net
Server: 208.67.222.222
Address: 208.67.222.222#53
Non-authoritative answer:
Name: dns-master-local.net.net
Address: 52.50.81.210
[shan@dns-master-local ~]$ nslookup dns-slave-local.net
Server: 208.67.222.222
Address: 208.67.222.222#53
Non-authoritative answer:
Name: dns-slave-local.net.net
Address: 52.50.81.210
[shan@dns-master-local ~]$ dig dns-slave-local.net
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.1 <<>> dns-slave-local.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22377
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns-slave-local.net. IN A
;; AUTHORITY SECTION:
net. 899 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1515495395 1800 900 604800 86400
;; Query time: 346 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Tue Jan 09 16:26:43 IST 2018
;; MSG SIZE rcvd: 124
[shan@dns-master-local ~]$ ping dns-slave-local.net
PING dns-slave-local.net.net (52.50.81.210) 56(84) bytes of data.
^Z
[1]+ Stopped ping dns-slave-local.net
[shan@dns-master-local ~]$ ping 10.0.2.11
PING 10.0.2.11 (10.0.2.11) 56(84) bytes of data.
From 10.0.2.10 icmp_seq=1 Destination Host Unreachable
From 10.0.2.10 icmp_seq=2 Destination Host Unreachable
From 10.0.2.10 icmp_seq=3 Destination Host Unreachable
From 10.0.2.10 icmp_seq=4 Destination Host Unreachable
From 10.0.2.10 icmp_seq=5 Destination Host Unreachable
From 10.0.2.10 icmp_seq=6 Destination Host Unreachable
From 10.0.2.10 icmp_seq=7 Destination Host Unreachable
^Z
[2]+ Stopped ping 10.0.2.11
[shan@dns-master-local ~]$
kindly help me in learning and resolving this.