LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-23-2017, 10:25 PM   #1
mfoley
Senior Member
 
Registered: Oct 2008
Location: Columbus, Ohio USA
Distribution: Slackware
Posts: 2,539

Rep: Reputation: 177Reputation: 177
how to configure secondary / slave name server


I'm following instructions here http://www.elinuxbook.com/how-to-con...bind-in-linux/ to set up a 2ndary name server. I've added the 'allow-transfer' directives to the named.conf file, now I'm a bit indecisive on the zone file. The example shows:
Code:
  ; name servers

   @                       IN NS   ns1.elinuxbook.com.
   @                       IN NS   ns2.elinuxbook.com.

   ; name server A records

   ns1                     IN  A   192.168.1.100
   ns2                     IN  A   192.168.1.101
   elinuxbook.com.         IN  A   192.168.1.100
I want to use 192.168.0.3 on my LAN as the secondary NS. My zone file currently has:
Code:
                        NS      mail.hprs.local.
                        A       192.168.0.2
:
mail                    A       192.168.0.2
webserver               A       192.168.0.3
My syntax is a bit different from the example: I don't have the "IN" class, I guess that's implied(?). I don't quite get what the example's 3rd A record does - perhaps directs any domain-only reference to host 192.168.1.100?

To get my 2ndary DNS server specified, is all I need to do here is add:
Code:
                        NS      webserver.hprs.local.
after my current 'NS' record? I think the A records should be OK as-is, yes?

(I'm asking first before I just try it because I'm doing this remotely and I don't want to cut of the branch I'm sitting on!)
 
Old 10-24-2017, 03:08 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,159
Blog Entries: 1

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
Quote:
; name servers

@ IN NS ns1.elinuxbook.com.
@ IN NS ns2.elinuxbook.com.

; name server A records

ns1 IN A 192.168.1.100
ns2 IN A 192.168.1.101
elinuxbook.com. IN A 192.168.1.100

My syntax is a bit different from the example: I don't have the "IN" class, I guess that's implied(?). I don't quite get what the example's 3rd A record does - perhaps directs any domain-only reference to host 192.168.1.100?
You're right about the IN keyword
The 3rd A RR assigns an IP to the plain elinuxbook.com. It's not mandatory, but it's useful for example if you're going to run elinuxbook.com website (without the leading www).


Quote:
To get my 2ndary DNS server specified, is all I need to do here is add:

NS webserver.hprs.local.

after my current 'NS' record? I think the A records should be OK as-is, yes?
Sure you can add the above NS RR in the zonefile.
 
Old 10-24-2017, 12:41 PM   #3
mfoley
Senior Member
 
Registered: Oct 2008
Location: Columbus, Ohio USA
Distribution: Slackware
Posts: 2,539

Original Poster
Rep: Reputation: 177Reputation: 177
OK, added the 2ndary name server to named.conf on "master" (192.168.0.2) and updated the zonefiles accordingly. I also created a named.conf on the "slave" machine (192.168.0.3) per that link's instructions. Slave named.conf is:
Code:
options {
        directory "/var/named";

        forwarders {            // These are the ISP provided name servers
            209.18.47.61;
           209.18.47.62;
        };

        allow-query { any; };
};

logging{
  channel marks_log {
    syslog local7;
    severity info;
  };
  category default {
    marks_log;
  };
};

zone "hprs.local" IN {
        type slave;
        masters { 192.168.0.2; };
        file "/var/named/db.hprs.local";
};

zone "0.168.192.in-addr.arpa" IN {
    type slave;
    masters { 192.168.0.2; };
    file "/var/named/db.192.168.0";
};
I then started bind on the slave and, per the link, it did create zonefiles in /var/named. Two questions/issues:

1) The generated zonefiles are basically unreadable, unlike the zonefiles on the master (readable and editable with text editor), and unlike the example show in my howto link. See image. when I run:
Code:
# named-checkzone hprs.local /var/named/db.hprs.local
dns_master_load: /var/named/db.hprs.local:3: syntax error
dns_master_load: /var/named/db.hprs.local:3: syntax error
: (above repeated 617 time)
/var/named/db.hprs.local: file does not end with newline
zone hprs.local/IN: loading from master file /var/named/db.hprs.local failed: syntax error
zone hprs.local/IN: not loaded due to errors.
Why? Is this OK?

2) Now that I supposedly have a secondary name server, how do hosts and workstations on the LAN actually *use* it? The master is also the DHCP server and it causes 192.168.0.2 to be plugged into DHCP clients' resolv.conf files. If that host goes down, how do other hosts know to use this 2ndary host for name resolution?
Attached Thumbnails
Click image for larger version

Name:	zonefile.jpg
Views:	14
Size:	240.0 KB
ID:	26169  

Last edited by mfoley; 10-24-2017 at 01:36 PM.
 
Old 10-24-2017, 03:29 PM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,159
Blog Entries: 1

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
Quote:
1) The generated zonefiles are basically unreadable, unlike the zonefiles on the master (readable and editable with text editor), and unlike the example show in my howto link. See image. when I run:
<snip>
Why? Is this OK?
Yes it is.
By default slave writes the zonefiles in raw format, so you need to use:
Code:
named-checkzone -f raw hprs.local /var/named/db.hprs.local

Quote:
2) Now that I supposedly have a secondary name server, how do hosts and workstations on the LAN actually *use* it? The master is also the DHCP server and it causes 192.168.0.2 to be plugged into DHCP clients' resolv.conf files. If that host goes down, how do other hosts know to use this 2ndary host for name resolution?
The dhcp server should give both dns servers to the clients' resolv.conf.

Last edited by bathory; 10-24-2017 at 03:30 PM.
 
Old 10-24-2017, 04:55 PM   #5
mfoley
Senior Member
 
Registered: Oct 2008
Location: Columbus, Ohio USA
Distribution: Slackware
Posts: 2,539

Original Poster
Rep: Reputation: 177Reputation: 177
Quote:
Originally Posted by bathory View Post
Yes it is.
By default slave writes the zonefiles in raw format, so you need to use:
Code:
named-checkzone -f raw hprs.local /var/named/db.hprs.local
Awesome! That worked! Also I found that to actually view the contents I can do:
Code:
named-compilezone -f raw -F text -o - hprs.local /var/named/db.hprs.local
Quote:
The dhcp server should give both dns servers to the clients' resolv.conf.
Ok, I'll have to wait until off-business-hours to test this. I'll restart the master dhcpd, then restart one of the host's NICs and see what I get.

Last edited by mfoley; 10-24-2017 at 05:08 PM.
 
Old 10-25-2017, 01:48 AM   #6
mfoley
Senior Member
 
Registered: Oct 2008
Location: Columbus, Ohio USA
Distribution: Slackware
Posts: 2,539

Original Poster
Rep: Reputation: 177Reputation: 177
Yes, the dhcpd server did give both dns servers to the clients' resolv.conf. However, I had to add the 2ndary host (192.168.0.3) to the dhcpd.conf:
Code:
option domain-name-servers 192.168.0.2, 192.168.0.3;
Otherwise, it didn't work. I don't recall reading this detail in the howto link, but maybe I missed it.

My final test will be to pull the Ethernet cable on the 192.168.0.2 primary DNS host and see if other LAN hosts can still resolve domain names, but that test will likely have to wait for a convenient time when that server can be taken offline.
 
Old 10-25-2017, 03:27 AM   #7
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,159
Blog Entries: 1

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
Quote:
However, I had to add the 2ndary host (192.168.0.3) to the dhcpd.conf:

option domain-name-servers 192.168.0.2, 192.168.0.3;

Otherwise, it didn't work. I don't recall reading this detail in the howto link, but maybe I missed it.
I thought it's obvious, that you need to add the nameserver(s) you want to use in the "option domain-name-servers" of dhcpd.conf...
 
Old 10-25-2017, 11:47 AM   #8
mfoley
Senior Member
 
Registered: Oct 2008
Location: Columbus, Ohio USA
Distribution: Slackware
Posts: 2,539

Original Poster
Rep: Reputation: 177Reputation: 177
Quote:
Originally Posted by bathory View Post
I thought it's obvious, that you need to add the nameserver(s) you want to use in the "option domain-name-servers" of dhcpd.conf...
Very little is "obvious" to me, but it wasn't too difficult to figure out.

I have a couple of more questions ...

The example site shows "recursion yes;" under options. I did not have this in my master named.conf and did not put it in my slave config. I've search for information on this and have found plenty of sites telling how to enable or disable "recursion", but I can't seem to find anything telling me what it is other than having to do with "recursive queries". What is recursion? What are "recursive queries? is 'recursion yes/no' related to 'allow-recursion { IP; };' and/or 'allow-recursion-on { IP; };'? Are these options interdependent? Should I set one or all of these in my slave config?

My master named.conf has localhost zones defined:
Code:
zone "localhost" IN {
        type master;
        file "/var/named/db.local";
};

zone "127.in-addr.arpa" IN {
        type master;
        file "/var/named/db.127";
};
I did not put these in my slave config. Should I? If so, would they remain "type master" since it's for the local host, or should they be "type slave"?
 
Old 10-25-2017, 01:03 PM   #9
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,159
Blog Entries: 1

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
Quote:
The example site shows "recursion yes;" under options. I did not have this in my master named.conf and did not put it in my slave config. I've search for information on this and have found plenty of sites telling how to enable or disable "recursion", but I can't seem to find anything telling me what it is other than having to do with "recursive queries". What is recursion? What are "recursive queries? is 'recursion yes/no' related to 'allow-recursion { IP; };' and/or 'allow-recursion-on { IP; };'? Are these options interdependent? Should I set one or all of these in my slave config?
If you want to run just an authoritative nameserver, then you don't need recursion. You should explicitly set it to "No", because the default value is "Yes"
If you want your nameserver to act also as a resolver for your clients, you should use the "allow-recursion ..." directive giving the IPs/networks of your clients, so you prevent abuse of your dns.
For more details about recursion see this.


Quote:
My master named.conf has localhost zones defined:
<snip>
I did not put these in my slave config. Should I? If so, would they remain "type master" since it's for the local host, or should they be "type slave"?
IMO you don't need these zones, unless you're not using /etc/hosts.
I cannot think of a client other than localhost itself that is going to query your dns about... localhost! So having localhost into /etc/hosts will be fine.
 
Old 10-25-2017, 01:46 PM   #10
mfoley
Senior Member
 
Registered: Oct 2008
Location: Columbus, Ohio USA
Distribution: Slackware
Posts: 2,539

Original Poster
Rep: Reputation: 177Reputation: 177
Quote:
Originally Posted by bathory View Post
If you want to run just an authoritative nameserver, then you don't need recursion. You should explicitly set it to "No", because the default value is "Yes"
OK, I've set the to "no", explicitly. I'll experiment with that.
Quote:
If you want your nameserver to act also as a resolver for your clients, you should use the "allow-recursion ..." directive giving the IPs/networks of your clients, so you prevent abuse of your dns.
For more details about recursion see this.
Thanks for that link. I wish I could have found it myself! You say, "If you want your nameserver to act also as a resolver for your clients, you should use the 'allow-recursion ... directive'". This nameserver's clients will be other hosts on the LAN. Do I not want it to act as a resolver for these clients?
Quote:
IMO you don't need these zones, unless you're not using /etc/hosts.
I cannot think of a client other than localhost itself that is going to query your dns about... localhost! So having localhost into /etc/hosts will be fine.
Normally, localhost is not in /etc/hosts (well, 192.168.0.3 is not. "localhost" as 127.0.0.1 is), and its own IP is assigned by the DHCP server on the DNS Master, and the rc.inet1.conf startup config is set to have this host query for an IP. I suppose that as long as the slave does not reboot, the assigned IP will be workable even with no DHCP server online. Yes?

Last edited by mfoley; 10-25-2017 at 01:48 PM.
 
Old 10-26-2017, 03:30 AM   #11
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,159
Blog Entries: 1

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
Quote:
This nameserver's clients will be other hosts on the LAN. Do I not want it to act as a resolver for these clients?
Yup. Use for example:
Code:
allow-recursion {192.168.0.0/24;};

Quote:
Normally, localhost is not in /etc/hosts (well, 192.168.0.3 is not. "localhost" as 127.0.0.1 is),
By localhost I mean the local loopback interface (127.0.0.1, ::1) that is always present in /etc/hosts.


Quote:
I suppose that as long as the slave does not reboot, the assigned IP will be workable even with no DHCP server online. Yes?
Yes, but what happens if lease expires before the dhcp server comes up?
Better assign a static IP to the slave too
 
Old 10-27-2017, 01:15 AM   #12
mfoley
Senior Member
 
Registered: Oct 2008
Location: Columbus, Ohio USA
Distribution: Slackware
Posts: 2,539

Original Poster
Rep: Reputation: 177Reputation: 177
Quote:
Originally Posted by bathory View Post
Yup. Use for example:
Code:
allow-recursion {192.168.0.0/24;};
OK, did that. I assume, therefore, I also DO NOT want to have "recursion no", right? Or do those deal with different things? (Sorry if I did not assimilate well your link on recursion).
Quote:
Yes, but what happens if lease expires before the dhcp server comes up?
Better assign a static IP to the slave too
Good point. I've given it a static IP, and I've put it in /etc/hosts. I suppose it needs to be in /etc/hosts in case it does take over for name serving so it "knows thyself".
 
Old 10-27-2017, 03:07 AM   #13
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,159
Blog Entries: 1

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
Quote:
OK, did that. I assume, therefore, I also DO NOT want to have "recursion no", right? Or do those deal with different things? (Sorry if I did not assimilate well your link on recursion).
Right.
Using just "allow recursion {...};" and nothing else, it implies "recursion yes;" (the default), but it will allow recursion only to those host/networks specified.

Regards
 
Old 10-30-2017, 06:12 PM   #14
mfoley
Senior Member
 
Registered: Oct 2008
Location: Columbus, Ohio USA
Distribution: Slackware
Posts: 2,539

Original Poster
Rep: Reputation: 177Reputation: 177
OK ... I just tried a live test. I have a Windows 7 workstations/AD domain member. ipconfig shows 192.168.0.2 and 192.168.0.3 as DNS servers (where .2 is the original Master, and .3 is this new slave). I opened a browser on the workstation, unplugged the .2 server and ... nothing! I could not get to any web page until the .2 was plugged back in.

So, is something wrong in my slave config? What can I do to test/debug this?

This is my complete slave named.conf
Code:
options {
        directory "/var/named";

        forwarders {            // These are the ISP provided name servers
           209.18.47.61;
           209.18.47.62;
        };

        allow-query { any; };
        allow-recursion {192.168.0.0/24;};
};

logging{
  channel marks_log {
    syslog local7;
    severity info;
  };
  category default {
    marks_log;
  };
};

zone "hprs.local" IN {
        type slave;
        masters { 192.168.0.2; };
        file "/var/named/db.hprs.local";
};

zone "0.168.192.in-addr.arpa" IN {
    type slave;
    masters { 192.168.0.2; };
    file "/var/named/db.192.168.0";
};

Last edited by mfoley; 10-31-2017 at 01:11 AM.
 
Old 10-31-2017, 04:59 AM   #15
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,159
Blog Entries: 1

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
Quote:
OK ... I just tried a live test. I have a Windows 7 workstations/AD domain member. ipconfig shows 192.168.0.2 and 192.168.0.3 as DNS servers (where .2 is the original Master, and .3 is this new slave). I opened a browser on the workstation, unplugged the .2 server and ... nothing! I could not get to any web page until the .2 was plugged back in.

So, is something wrong in my slave config? What can I do to test/debug this?
What you mean by "... nothing"?
You get a timeout from the 2nd dns, a NXDOMAIN answer, or what?

I'm not a windows user, so I did a little search.
Many users claim that if the 1st dns is down, windows clients do not query the 2nd dns.
M$ says it doesn't work this way, but after 3s the 2nd dns is queried! You may also look at this relevant post.
 
  


Reply

Tags
zone files


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How can configure dns cache name server with slave domain?? Gran_Maestre Linux - Server 1 07-06-2010 06:18 AM
how to configure nis slave server on fedora 11 x86_64 poswer Linux - Networking 0 09-14-2009 04:30 AM
Configure Linux as secondary DNS Server js_valencia Linux - Networking 1 07-28-2006 11:51 PM
booting from secondary slave sharad durgawad Linux - Enterprise 2 03-18-2006 12:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration