I am using 2 dns server here. 192.168.2.83 (Master) and 192.168.2.86 (Slave)
First lets setup the Master
1. Create /etc/named.conf as RHEL 5.8 does not provide a sample file. Then add the following content to it
include "/etc/transfer.key";
server 192.168.2.86 {
keys { HOST1-HOST2. ;};
};
acl domblocal { 192.168.2.0/24;
127.0.0.1;
};
options { allow-transfer { 192.168.2.86;};
directory "/var/named";
notify yes;
};
//include "/etc/named.rfc1912.zones";
zone "2.168.192.in-addr.arpa" {
type master;
// allow-transfer { 192.168.2.86;};
allow-transfer { key HOST1-HOST2. ;};
allow-query { domblocal;};
file "2.168.192.in-addr.arpa.zone";
};
zone "local.domb.com" {
type master;
// allow-transfer { 192.168.2.86;};
allow-transfer { key HOST1-HOST2. ;};
allow-query { domblocal;};
file "local.domb.com.zone";
};
2. Create the zone files. Lets begin with the reverse zone in /var/named/2.168.192.in-addr.arpa.zone
$ORIGIN .
$TTL 86400
2.168.192.in-addr.arpa IN SOA ns1.local.domb.com. root.2.168.192.in-addr.arpa. (
50 ; serial
1H ; refresh
15M ; retry
1W ; expiry
1D ; minimum
)
NS ns1.local.domb.com.
NS ns2.local.domb.com.
$ORIGIN 2.168.192.in-addr.arpa.
83 PTR ns1.local.domb.com.
86 PTR ns2.local.domb.com.
231 PTR test.local.domb.com.
3. Add forward zone local.domb.com.zone
$ORIGIN .
$TTL 86400
local.domb.com IN SOA ns1.local.domb.com. root.local.domb.com. (
50 ; serial
1H ; refresh
15M ; retry
1W ; expiry
1D) ; minimum
NS ns1.local.domb.com.
NS ns2.local.domb.com.
$ORIGIN local.domb.com.
ns1 A 192.168.2.83
ns2 A 192.168.2.86
test A 192.168.2.231
4. Add iptables
# iptables -I INPUT -p udp --dport 53 -j ACCEPT # iptables -I INPUT -p udp --dport 953 -j ACCEPT # iptables -I INPUT -p tcp --dport 53 -j ACCEPT # iptables -I INPUT -p tcp --dport 953 -j ACCEPT
5. Create the TSIG key
# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST rndc-key
6. Create the transfer.key file. Cat the file and add its content to the transfer.key file
# cat Ktransfer.+157+58702.private
7. This how the transfer key file should look like. After you added the keyfile transfer it to the slave host.
keys HOST1-HOST2. {
algorithm hmac-md5;
secret "SKDuwwhNH+adsfasfda/aJ/zOV9PPIblBNiehnFo=";
};
8. Login to the slave add add the named.conf
include "/etc/transfer.key";
server 192.168.2.83 {
keys { HOST1-HOST2. ;};
};
acl domblocal { 192.168.2.0/24;
127.0.0.1;
};
options { allow-transfer { 192.168.2.83;};
directory "/var/named";
};
//include "/etc/named.rfc1912.zones";
zone "2.168.192.in-addr.arpa" {
type slave;
allow-query { domblocal; };
file "/var/named/slaves/2.168.192.in-addr.arpa.zone";
masters { 192.168.2.83; };
allow-notify { 192.168.2.86;};
// allow-transfer { none; };
};
zone "local.domb.com" {
type slave;
allow-query { domblocal; };
file "/var/named/slaves/local.domb.com.zone";
allow-notify { 192.168.2.86;};
masters { 192.168.2.83; };
// allow-transfer { none; };
};
9. Now create the zone files for the slave. Lets start with the reverse zone file in /var/namend/slaves/
$ORIGIN .
$TTL 86400 ; 1 day
2.168.192.in-addr.arpa IN SOA ns1.local.domb.com. root.2.168.192.in-addr.arpa. (
50 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.local.domb.com.
NS ns2.local.domb.com.
$ORIGIN 2.168.192.in-addr.arpa.
231 PTR test.local.domb.com.
83 PTR ns1.local.domb.com.
86 PTR ns2.local.domb.com.
10. Add the foreward Zone
$ORIGIN .
$TTL 86400 ; 1 day
local.domb.com IN SOA ns1.local.domb.com. root.local.domb.com. (
50 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.local.domb.com.
NS ns2.local.domb.com.
$ORIGIN local.domb.com.
test A 192.168.2.231
ns1 A 192.168.2.83
ns2 A 192.168.2.86
11. Restart both dns server and do an rndc reload on the master. Look at /var/log/messages on the client. You should see something like
May 13 00:00:58 ns2 named[2913]: zone local.domb.com/IN: transferred serial 49: TSIG 'host1-host2'