how to configure secondary / slave name server
 

I'm following instructions here http://www.elinuxbook.com/how-to-con...bind-in-linux/ to set up a 2ndary name server. I've added the 'allow-transfer' directives to the named.conf file, now I'm a bit indecisive on the zone file. The example shows:
I want to use 192.168.0.3 on my LAN as the secondary NS. My zone file currently has:
My syntax is a bit different from the example: I don't have the "IN" class, I guess that's implied(?). I don't quite get what the example's 3rd A record does - perhaps directs any domain-only reference to host 192.168.1.100?

To get my 2ndary DNS server specified, is all I need to do here is add:
after my current 'NS' record? I think the A records should be OK as-is, yes?

(I'm asking first before I just try it because I'm doing this remotely and I don't want to cut of the branch I'm sitting on!)

You're right about the IN keyword
The 3rd A RR assigns an IP to the plain elinuxbook.com. It's not mandatory, but it's useful for example if you're going to run elinuxbook.com website (without the leading www).


Sure you can add the above NS RR in the zonefile.

OK, added the 2ndary name server to named.conf on "master" (192.168.0.2) and updated the zonefiles accordingly. I also created a named.conf on the "slave" machine (192.168.0.3) per that link's instructions. Slave named.conf is:
I then started bind on the slave and, per the link, it did create zonefiles in /var/named. Two questions/issues:

1) The generated zonefiles are basically unreadable, unlike the zonefiles on the master (readable and editable with text editor), and unlike the example show in my howto link. See image. when I run:
Why? Is this OK?

2) Now that I supposedly have a secondary name server, how do hosts and workstations on the LAN actually *use* it? The master is also the DHCP server and it causes 192.168.0.2 to be plugged into DHCP clients' resolv.conf files. If that host goes down, how do other hosts know to use this 2ndary host for name resolution?

Yes it is.
By default slave writes the zonefiles in raw format, so you need to use:

The dhcp server should give both dns servers to the clients' resolv.conf.

Awesome! That worked! Also I found that to actually view the contents I can do:
Ok, I'll have to wait until off-business-hours to test this. I'll restart the master dhcpd, then restart one of the host's NICs and see what I get.

Yes, the dhcpd server did give both dns servers to the clients' resolv.conf. However, I had to add the 2ndary host (192.168.0.3) to the dhcpd.conf:
Otherwise, it didn't work. I don't recall reading this detail in the howto link, but maybe I missed it.

My final test will be to pull the Ethernet cable on the 192.168.0.2 primary DNS host and see if other LAN hosts can still resolve domain names, but that test will likely have to wait for a convenient time when that server can be taken offline.

I thought it's obvious, that you need to add the nameserver(s) you want to use in the "option domain-name-servers" of dhcpd.conf...

Very little is "obvious" to me, but it wasn't too difficult to figure out. :)

I have a couple of more questions ...

The example site shows "recursion yes;" under options. I did not have this in my master named.conf and did not put it in my slave config. I've search for information on this and have found plenty of sites telling how to enable or disable "recursion", but I can't seem to find anything telling me what it is other than having to do with "recursive queries". What is recursion? What are "recursive queries? is 'recursion yes/no' related to 'allow-recursion { IP; };' and/or 'allow-recursion-on { IP; };'? Are these options interdependent? Should I set one or all of these in my slave config?

My master named.conf has localhost zones defined:
I did not put these in my slave config. Should I? If so, would they remain "type master" since it's for the local host, or should they be "type slave"?

If you want to run just an authoritative nameserver, then you don't need recursion. You should explicitly set it to "No", because the default value is "Yes"
If you want your nameserver to act also as a resolver for your clients, you should use the "allow-recursion ..." directive giving the IPs/networks of your clients, so you prevent abuse of your dns.
For more details about recursion see this.


IMO you don't need these zones, unless you're not using /etc/hosts.
I cannot think of a client other than localhost itself that is going to query your dns about... localhost! So having localhost into /etc/hosts will be fine.

OK, I've set the to "no", explicitly. I'll experiment with that.
Thanks for that link. I wish I could have found it myself! You say, "If you want your nameserver to act also as a resolver for your clients, you should use the 'allow-recursion ... directive'". This nameserver's clients will be other hosts on the LAN. Do I not want it to act as a resolver for these clients?
Normally, localhost is not in /etc/hosts (well, 192.168.0.3 is not. "localhost" as 127.0.0.1 is), and its own IP is assigned by the DHCP server on the DNS Master, and the rc.inet1.conf startup config is set to have this host query for an IP. I suppose that as long as the slave does not reboot, the assigned IP will be workable even with no DHCP server online. Yes?

Yup. Use for example:

By localhost I mean the local loopback interface (127.0.0.1, ::1) that is always present in /etc/hosts.


Yes, but what happens if lease expires before the dhcp server comes up?
Better assign a static IP to the slave too

OK, did that. I assume, therefore, I also DO NOT want to have "recursion no", right? Or do those deal with different things? (Sorry if I did not assimilate well your link on recursion).
Good point. I've given it a static IP, and I've put it in /etc/hosts. I suppose it needs to be in /etc/hosts in case it does take over for name serving so it "knows thyself".

Right.
Using just "allow recursion {...};" and nothing else, it implies "recursion yes;" (the default), but it will allow recursion only to those host/networks specified.

Regards

OK ... I just tried a live test. I have a Windows 7 workstations/AD domain member. ipconfig shows 192.168.0.2 and 192.168.0.3 as DNS servers (where .2 is the original Master, and .3 is this new slave). I opened a browser on the workstation, unplugged the .2 server and ... nothing! I could not get to any web page until the .2 was plugged back in. :(

So, is something wrong in my slave config? What can I do to test/debug this?

This is my complete slave named.conf

What you mean by "... nothing"?
You get a timeout from the 2nd dns, a NXDOMAIN answer, or what?

I'm not a windows user, so I did a little search.
Many users claim that if the 1st dns is down, windows clients do not query the 2nd dns.
M$ says it doesn't work this way, but after 3s the 2nd dns is queried! You may also look at this relevant post.