In the previous post we learnt configuring a DNS server. But what if your DNS server goes down for some reason or you want to take it down for maintainance... Your users cant access your sites with FQDN's right ? for that reason we need a backup DNS server which is known as slave DNS server. Let's see how to do it.

Before we start this thing we have to install & configure a DNS / BIND server and configure it as Master DNS for your domain. See how to install & configure DNS Server.

Note : Master IP 192.168.85.8, Slave IP 192.168.85.9

Now it's time to edit  /etc/named.rfc1912.zones file to make it Master DNS.
,
[root@master ~]# vim /etc/named.rfc1912.zones

zone "gil.net" IN {
    type master;
    file "for.zone";
    allow-update { none; };
    allow-transfer {192.168.85.9;};
    notify yes ;



zone "gil.net" IN {
    type master;
    file "for.zone";
    allow-update { none; };
    allow-transfer {192.168.85.9;};
    notify yes ;

Just add two directives allow-transfer and notify yes to make our previously configured DNS server as Primary in our domain.  That's all you need to add do it with Master DNS.

Let's go ahead configuring Slave DNS.

First of all install bind and disable iptables & selinux for Salve

[root@slave ~]# yum install bind*
[root@slave ~]# /etc/init.d/iptables stop
[root@slave ~]# chkconfig iptables off

[root@slave ~]# vi /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Change SELINUX=enforcing to disabled

add slave DNS ip in /etc/resolv.conf, dont add Master DNS ip in it.. only Salve IP

[root@slave ~]# vim /etc/resolv.conf

search gil.net
nameserver 192.168.85.8

Edit /etc/named.conf and /etc/named.rfc1912.zones, /etc/named.conf is just like shown in previous post configuring DNS server  change the ip to slave DNS  IP.  Edit /etc/named.rfc1912.zones.


[root@slave ~]# vim /etc/named.rfc1912.zones

zone "gil.net" IN {
        type slave;
        file "slaves/for";
        masters {192.168.85.8;};
};


zone "gil.net" IN {
        type slave;
        file "slaves/for";
        masters {192.168.85.8;};
};

Change as shown below

type slave
file "slave/for"    slave/for is forward zone file in slave DNS server.
masters (<master DNS IP>}

Do the same for reverse zone as-well.

Once you restart the named service on slave , both forward and reverse zones will automatically replicated from Master DNS and created under /var/named/slaves dir.

That's it you are done, try adding any record in zone files of Mater DNS server and the changes will be replcated to your slave server. See how to add DNS records on Master DNS.

Dont forget to  increase serial ; number by one, every time you edit / Add a DNS record on Master DNS. If serial there is no increase in serial, slaves thinks there that there is no update in Master and doesnt update slaves zone files.

Second thing is setting refresh interval on master DNS zone file, if you set it to 1 day, it tells slave to check for update every day. If you want you can change it to 1 hour or 1 week , its up to you.

[root@master ~]# vim /var/named/forward.zone

$TTL 1D
@       IN SOA  server1.gil.net. root.server1.gil.net. (
                                        1012    ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        IN      NS      master.gil.net.
        IN      NS      slave.gil.net.
master  IN      A       192.168.85.8
slave   IN      A       192.168.85.9
web     IN      A       192.168.85.10

Your are done, try digging

,
[root@client ~]# dig web.gil.net

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> web.gil.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28896
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;web.gil.net.            IN    A

;; ANSWER SECTION:
web.gil.net.        86400    IN    A    192.168.85.10

;; AUTHORITY SECTION:
gil.net.        86400    IN    NS    master.gil.net.
gil.net.        86400    IN    NS    slave.gil.net.

;; ADDITIONAL SECTION:
master.gil.net.    86400    IN    A    192.168.85.8
slave.gil.net.     86400    IN    A    192.168.85.9

;; Query time: 0 msec
;; SERVER: 192.168.85.8#53(192.168.85.8)
;; WHEN: Sun May 27 23:35:09 2012
;; MSG SIZE  rcvd: 12

Both Mater and Slave DNS are working fine.  You can see them listed under Authority Section and reply came from 192.168.85.8(master) you can find it under Additional section.

Now it's time to check High avilablilty, bring the Master server down by stopping named service and try digging to know if Slave can resolve in the absense of Master.

[root@master ~]# /etc/init.d/named stop

###### on client ########

[root@client ~]# dig web.gil.net


; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> web.gil.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28896
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;web.gil.net.            IN    A

;; ANSWER SECTION:
web.gil.net.        86400    IN    A    192.168.85.10

;; AUTHORITY SECTION:
gil.net.        86400    IN    NS    master.gil.net.
gil.net.        86400    IN    NS    slave.gil.net.

;; ADDITIONAL SECTION:
master.gil.net.    86400    IN    A    192.168.85.8
slave.gil.net.     86400    IN    A    192.168.85.9

;; Query time: 0 msec
;; SERVER: 192.168.85.9#53(192.168.85.8)
;; WHEN: Sun May 27 23:35:09 2012
;; MSG SIZE  rcvd: 12

Have you observed the change, no ??? SERVER IP is changed in ADDITIONAL SECTION this time it is 192.168.85.9 it's slave DNS server ip, which means your slave DNS is handling client request and resolving them.

Hu hu hu , you done it.... enjoy.