Bind Question

[jman1764]

I have a single Plesk server setup using Bind and I want to have a secondary DNS only machine. I've installed Bind on the box but I am unsure on how to configure the secondary server to act as the slave and automatically do the zone transfers. Can someone point me in the right direction? I've read docs that state usage of TSIG keys which I understand but is it necessary for me to manually enter in each zone into the slave's named.conf in order for it to be secondary? There is no way for this server to automate this task?

 

[tlofton]

Hello,

Listed below is a named.conf serving as slave:

named.conf:
_______________________________

// Default named.conf generated by install of bind-9.3.1-20.FC4
acl recurseallow { xx.xx.xx.xx; xx.xx.xx.xx; }; # all NS connected in network
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";

allow-recursion { recurseallow; };

};

controls {
inet 127.0.0.1 allow { localhost; };
};

zone "." {
type hint;
file "/etc/named.root";
};

zone "domain.com" { # domain served
type slave;
file "/var/named/db.domain.com";
masters { xx.xx.xx.xx; }; master IP
forwarders { };

};

zone "xx.xx.xx.in-addr.arpa" { # reverse
type slave;
file "/var/named/db.xx.xx.xx"; # reverse
masters { xx.xx.xx.xx; xx.xx.xx.xx; }; # if you have two masters - their IP addresses
};

zone "domain2.com" {
type slave;
file "/var/named/db.domain2.com"; # file contained in this directory for Fedora Core 4 OS
masters { xx.xx.xx.xx; }; # master ip of domain2

forwarders { };
};

zone "0.0.127.in-addr-arpa" {
type master;
file "/var/named/db.127.0.0";
};

zone "domain3.com" {
type slave;
file "/var/named/db.domain3.com";
masters { xx.xx.xx.xx; }; #master IP of domain3
forwarders {};
};

_______________________

Basically, this file shows three zones (3 domains) and it is acting as a secondary server. All you need to do is fill in domain1, domain2 and domain3 with the actual domains that are to be serviced (and add in this same capacity for each additional domain that need to be run as slave). Then go to the directory that holds your zone data files and create the new data files, such as:

touch db.domain1.com, db.domain2.com, db.domain3.com, db.xx.xx.xx.xx(reverse), db.127.0.0, etc.

You do not need to put any data in these files, as Bind will write to them with the data obtained from Master.

Also, acl recurseallow is done because when you allow recursive lookups, you open yourself up to various security risks and performance issues, so you should only allow recursion when needed. Recursive lookups are lookups for domains you are not authoritative for. Therefore, if you are authoritative for yourdomain.com, and you do not allow recursion, then if somebody queries your server for anybodysdomain.com, they will just get a host not found error.

Hope this helps.
Cheers!
FREE Dynamic DNS Services
http://www.t4tm.net

 

[tlofton]

Hello again,

BTW within your master named.conf of Bind, add this:

zone "domain1.com" IN { # for each domain needing transfers to slave
type master;
file "/var/named/db.domain1.com"; # domain1 needing transfer
allow-transfer { xx.xx.xx.xx; xx.xx.xx.xx; }; # the IPs of each secondary server you want data transfered to
};


Cheers!
Free Dynamic DNS Services
http://www.t4tm.net

 

[Skeeter]

Hello, gentlemen

As for last tlofton`s post, there`s no need to modify the master DNS named.conf.

You can simply go to Plesk -> Domains -> DNS -> Zone transfer and add the IPs of your secondary server to the Allow Zone Transfer list.

If you want to enable the Zone transfer to some server for all the domains, you can check the following article:

http://download1.swsoft.com/Plesk/P...esk-7.5-win-advanced-features-manual/9779.htm

I should note, that it`s not recommended to edit the Plesk DNS server config files manually. Your manual settings will get lost after the next configuration update

 

[jman1764]

thanks for the help!