I am using 2 dns server here. 192.168.2.83 (Master) and 192.168.2.86 (Slave)
First lets setup the Master
1. Create /etc/named.conf as RHEL 5.8 does not provide a sample file. Then add the following content to it
include "/etc/transfer.key"; server 192.168.2.86 { keys { HOST1-HOST2. ;}; }; acl domblocal { 192.168.2.0/24; 127.0.0.1; }; options { allow-transfer { 192.168.2.86;}; directory "/var/named"; notify yes; }; //include "/etc/named.rfc1912.zones"; zone "2.168.192.in-addr.arpa" { type master; // allow-transfer { 192.168.2.86;}; allow-transfer { key HOST1-HOST2. ;}; allow-query { domblocal;}; file "2.168.192.in-addr.arpa.zone"; }; zone "local.domb.com" { type master; // allow-transfer { 192.168.2.86;}; allow-transfer { key HOST1-HOST2. ;}; allow-query { domblocal;}; file "local.domb.com.zone"; };
2. Create the zone files. Lets begin with the reverse zone in /var/named/2.168.192.in-addr.arpa.zone
$ORIGIN . $TTL 86400 2.168.192.in-addr.arpa IN SOA ns1.local.domb.com. root.2.168.192.in-addr.arpa. ( 50 ; serial 1H ; refresh 15M ; retry 1W ; expiry 1D ; minimum ) NS ns1.local.domb.com. NS ns2.local.domb.com. $ORIGIN 2.168.192.in-addr.arpa. 83 PTR ns1.local.domb.com. 86 PTR ns2.local.domb.com. 231 PTR test.local.domb.com.
3. Add forward zone local.domb.com.zone
$ORIGIN . $TTL 86400 local.domb.com IN SOA ns1.local.domb.com. root.local.domb.com. ( 50 ; serial 1H ; refresh 15M ; retry 1W ; expiry 1D) ; minimum NS ns1.local.domb.com. NS ns2.local.domb.com. $ORIGIN local.domb.com. ns1 A 192.168.2.83 ns2 A 192.168.2.86 test A 192.168.2.231
4. Add iptables
# iptables -I INPUT -p udp --dport 53 -j ACCEPT # iptables -I INPUT -p udp --dport 953 -j ACCEPT # iptables -I INPUT -p tcp --dport 53 -j ACCEPT # iptables -I INPUT -p tcp --dport 953 -j ACCEPT
5. Create the TSIG key
# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST rndc-key
6. Create the transfer.key file. Cat the file and add its content to the transfer.key file
# cat Ktransfer.+157+58702.private
7. This how the transfer key file should look like. After you added the keyfile transfer it to the slave host.
keys HOST1-HOST2. { algorithm hmac-md5; secret "SKDuwwhNH+adsfasfda/aJ/zOV9PPIblBNiehnFo="; };
8. Login to the slave add add the named.conf
include "/etc/transfer.key"; server 192.168.2.83 { keys { HOST1-HOST2. ;}; }; acl domblocal { 192.168.2.0/24; 127.0.0.1; }; options { allow-transfer { 192.168.2.83;}; directory "/var/named"; }; //include "/etc/named.rfc1912.zones"; zone "2.168.192.in-addr.arpa" { type slave; allow-query { domblocal; }; file "/var/named/slaves/2.168.192.in-addr.arpa.zone"; masters { 192.168.2.83; }; allow-notify { 192.168.2.86;}; // allow-transfer { none; }; }; zone "local.domb.com" { type slave; allow-query { domblocal; }; file "/var/named/slaves/local.domb.com.zone"; allow-notify { 192.168.2.86;}; masters { 192.168.2.83; }; // allow-transfer { none; }; };
9. Now create the zone files for the slave. Lets start with the reverse zone file in /var/namend/slaves/
$ORIGIN . $TTL 86400 ; 1 day 2.168.192.in-addr.arpa IN SOA ns1.local.domb.com. root.2.168.192.in-addr.arpa. ( 50 ; serial 3600 ; refresh (1 hour) 900 ; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS ns1.local.domb.com. NS ns2.local.domb.com. $ORIGIN 2.168.192.in-addr.arpa. 231 PTR test.local.domb.com. 83 PTR ns1.local.domb.com. 86 PTR ns2.local.domb.com.
10. Add the foreward Zone
$ORIGIN . $TTL 86400 ; 1 day local.domb.com IN SOA ns1.local.domb.com. root.local.domb.com. ( 50 ; serial 3600 ; refresh (1 hour) 900 ; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS ns1.local.domb.com. NS ns2.local.domb.com. $ORIGIN local.domb.com. test A 192.168.2.231 ns1 A 192.168.2.83 ns2 A 192.168.2.86
11. Restart both dns server and do an rndc reload on the master. Look at /var/log/messages on the client. You should see something like
May 13 00:00:58 ns2 named[2913]: zone local.domb.com/IN: transferred serial 49: TSIG 'host1-host2'