Wiki

User Tools

Site Tools

Trace: promiscuous_mode blind_sql_injections secondary_nameserver
ubuntu:bind:configure_bind9:secondary_nameserver

This is an old revision of the document!

Ubuntu - Bind - Configure Bind9 - Secondary Nameserver

A Secondary Server is highly recommended in order to maintain the availability of the domain should the Primary become unavailable.

IMPORTANT: On the Primary server, the zone transfer needs to be allowed.

Add the allow-transfer option to the example Forward and Reverse zone definitions in /etc/bind/named.conf.local:

/etc/bind/named.conf.local
zone "example.com" {
    type master;
    file "/etc/bind/db.example.com";
    allow-transfer { 192.168.1.11; };
};
 
zone "1.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/db.192";
    allow-transfer { 192.168.1.11; };
};

NOTE: Replace 192.168.1.11 with the IP Address of your Secondary nameserver.

Restart BIND9 on the Primary server: 

sudo systemctl restart bind9.service

Configure Bind9

On the Secondary server.

Edit the /etc/bind/named.conf.local and add the following declarations for the Forward and Reverse zones:

/etc/bind/named.conf.local
zone "example.com" {
    type slave;
    file "db.example.com";
    masters { 192.168.1.10; };
};        
 
zone "1.168.192.in-addr.arpa" {
    type slave;
    file "db.192";
    masters { 192.168.1.10; };
};

NOTE: Replace 192.168.1.10 with the IP Address of your Primary nameserver.

Restart BIND9 on the Secondary server: 

sudo systemctl restart bind9.service

NOTE: In /var/log/syslog you should see something similar to the following (some lines have been split to fit the format of this document): 

client 192.168.1.10#39448: received notify for zone '1.168.192.in-addr.arpa'
zone 1.168.192.in-addr.arpa/IN: Transfer started.
transfer of '100.18.172.in-addr.arpa/IN' from 192.168.1.10#53:
 connected using 192.168.1.11#37531
zone 1.168.192.in-addr.arpa/IN: transferred serial 5
transfer of '100.18.172.in-addr.arpa/IN' from 192.168.1.10#53:
 Transfer completed: 1 messages, 
6 records, 212 bytes, 0.002 secs (106000 bytes/sec)
zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 5)
 
client 192.168.1.10#20329: received notify for zone 'example.com'
zone example.com/IN: Transfer started.
transfer of 'example.com/IN' from 192.168.1.10#53: connected using 192.168.1.11#38577
zone example.com/IN: transferred serial 5
transfer of 'example.com/IN' from 192.168.1.10#53: Transfer completed: 1 messages, 
8 records, 225 bytes, 0.002 secs (112500 bytes/sec)
ubuntu/bind/configure_bind9/secondary_nameserver.1607529603.txt.gz · Last modified: 2020/12/09 16:00 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki