Setup Master-Slave DNS Server Using “Bind” Tools in RHEL/CentOS 6.5

Domain Name Server (DNS) used for name resolving to any hosts. Master DNS servers (Primary Server) are the original zone data handlers and Slave DNS server (Secondary Server) are just a backup servers which is used to copy the same zone information’s from the master servers. Master Server will resolve the names for every hosts which we defined in the zone database and use UDP protocol, because UDP protocols never use the acknowledgement process while tcp uses acknowledgement. DNS servers also use UDP protocols to resolve the query request at the earliest.

Setup Master Slave DNS in CentOS
Setup Master Slave DNS in RHEL/CentOS 6.5

How DNS Works?

Understanding DNS might be little confusing for newbies. Here is a brief explanation on how the DNS work’s.

Let’s say, if we need to access any website what we will do? Just type www.google.com in browser and hit enter. Hmm that’s all we know, but the fact is, how pain DNS go through it, while querying for us. While we type www.google.com the system will look for www.google.com. Whenever we type some domain name, there is a . (dot) at the end of the www.google.com that say to search the root server of namespace.

Globally there are 13 root servers available to resolve the query. At first, while we hit enter as www.google.com our browser will pass a request to our local resolver, which has entry about our master and slave DNS server info. If they don’t have info about such requested query they will pass the request to the Top Level domain (TLD), if TLD say I don’t know the request, may be the authoritative server know your request, it will forward to authoritative servers, here only www.google.com was defined as address 72.36.15.56.

In mean time authoritative server will give the answer to TLD and TLD will pass to root server and root will provide the info to browser, hence the browser will cache the DNS request for future use. Thus these long process will just resolve with in milliseconds. If they don’t know the request they will reply as NXDOMAIN. That means, there is no record any-were found in the Zone database. Hope this makes you to understand how the DNS works.

Read Also: Setup DNS Cache Server in Ubuntu

My Testing Environment

For this article, I’m using 3 machines, 2 for server setup (master and slave) and 1 for client.

---------------------------------------------------
Master DNS Server
---------------------------------------------------

IP Address	:	192.168.0.200
Host-name	:	masterdns.tecmintlocal.com
OS		:	Centos 6.5 Final
---------------------------------------------------
Slave DNS Server
---------------------------------------------------

IP Address	:	192.168.0.201
Host-name	:	slavedns.tecmintlocal.com
OS		:	Centos 6.5 Final
---------------------------------------------------
Client Machine to use DNS
---------------------------------------------------

IP Address	:	192.168.0.210
Host-name	:	node1.tecmintlocal.com
OS		:	Centos 6.5 Final
Requirement Packages
bind, bind-utils, bind-chroot
Configuration Files Used
config file	:	/etc/named.conf
script file	:	/etc/init.d/named
Port & Protocols Used
53, UDP

Setup Master DNS Server

First, verify the IP address, Hostname and Distribution version of Master DNS Server, before moving forward for setup.

$ sudo ifconfig | grep inet
$ hostname
$ cat /etc/redhat-release
Verify Master Configuration
Verify Master Configuration

Once, you confirm that the above settings are correct, its time to move forward to install required packages.

$ sudo yum install bind* -y
Install Bind Package
Install Bind Package

Installing and Configuring Bind

After installing required packages, now define zone files in master configuration ‘named.conf‘ file.

$ sudo vim /etc/named.conf

Given below is my named.conf file entry, change the configuration file as per your need.

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; 192.168.0.200; }; # Here we need to add our Master DNS Server IP.
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.0.0/24; }; # subnet range where my hosts are allowed to query our DNS.
        allow-transfer     { localhost; 192.168.0.201; };  # Here we need to our Slave DNS server IP.
        recursion no;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

## Define our forward & reverse Zone file here for tecmintlocal.com.


zone"tecmintlocal.com" IN {
type master;
file "tecmintlocal.fwd.zone";
allow-update { none; };
};

zone"0.168.192.in-addr.arpa" IN {
type master;
file "tecmintlocal.rev.zone";
allow-update { none; };
};

#####
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Create Zone File in DNS
Create Zone File in DNS

Following are the explanation of each configuration we used in above file.

  1. listen-on port 53 – This is used for the DNS to listen in available interfaces.
  2. Master DNS – Define, your Master DNS IP address to listen the query.
  3. Slave DNS – Define your Slave DNS, which is used to sync our zone information to resolve the hosts from Master.
  4. recursion no – If its set to yes, recursive queries will make the server into DDOS attack.
  5. Zone Name – Define your Zone name here defined as tecminlocal.com.
  6. type master – As this system was configured for a master server, for upcoming slave server this will be slave.
  7. tecmintlocal.fwd.zone – This file have the host information for this zone.
  8. allow-update none – If none will set. it won’t use Dynamic DNS (DDNS).

Creating Master Zone Files

At first let us define forward look-up zone entry. Here we need to create the zone files in the name of what we have define in the named.conf file as below.

tecmintlocal.fwd.zone
tecmintlocal.rev.zone

We use sample configuration files for creating forward zone files, for this we’ve to copy the sample configuration files.

$ sudo cp /var/named/named.localhost /var/named/tecmintlocal.fwd.zone
$ sudo cp /var/named/named.loopback /var/named/tecmintlocal.rev.zone
Copy Zone Files
Copy Zone Files

Once, you’ve copied configuration files, now edit these zones files using vim editor.

$ sudo vim /var/named/tecmintlocal.fwd.zone

Before defining our host information in forward zone file, first have a quick look at the sample zone file.

Sample Zone File
Sample Zone File

This is my forward zone configuration, append the below entry and make changes as per your need.

$TTL 86400
@       IN SOA  masterdns.tecmintlocal.com.     root.tecmintlocal.com. (
                                  2014090401    ; serial
                                        3600    ; refresh
                                        1800    ; retry
                                      604800    ; expire
                                       86400 )  ; minimum

; Name server's

@       IN      NS      masterdns.tecmintlocal.com.
@       IN      NS      slavedns.tecmintlocal.com.

; Name server hostname to IP resolve.

@       IN      A       192.168.0.200
@       IN      A       192.168.0.201

; Hosts in this Domain

@       IN      A       192.168.0.210
@       IN      A       192.168.0.220
masterdns       IN      A       192.168.0.200
slavedns        IN      A       192.168.0.201
node1           IN      A       192.168.0.210
rhel1           IN      A       192.168.0.220

Save and quit the file using wq!. After editing the forward look-up, it looks like below, Use TAB to get a decent format in zone file.

Configure Forward Zone
Configure Forward Zone

Now, create reverse lookup file, we have already made a copy of loop-back file in the name of tecmintlocal.rev.zone. So, we use this file to configure our reverse look-up.

$ sudo vim /var/named/tecmintlocal.rev.zone

Before defining our host information in reverse zone file, have a quick look of sample reverse lookup file as shown below.

Sample Reverse Lookup Zone
Sample Reverse Lookup Zone

This is my reverse zone configuration, append the below entry and make changes as your need.

$TTL 86400
@       IN SOA  masterdns.tecmintlocal.com. root.tecmintlocal.com. (
                                2014090402      ; serial
                                      3600      ; refresh
                                      1800      ; retry
                                    604800      ; expire
                                     86400 )    ; minimum

; Name server's

@       IN      NS      masterdns.tecmintlocal.com.
@       IN      NS      slavedns.tecmintlocal.com.
@       IN      PTR     tecmintlocal.com.

; Name server hostname to IP resolve.

masterdns       IN      A       192.168.0.200
slavedns        IN      A       192.168.0.201

;Hosts in Domain 

node1           IN      A       192.168.0.210
rhel            IN      A       192.168.0.220
200             IN      PTR     masterdns.tecmintlocal.com.
201             IN      PTR     slavedns.tecmintlocal.com.
210             IN      PTR     node1.tecmintlocal.com.
220             IN      PTR     rhel1.tecmintlocal.com.

Save and quit the file using wq!. After editing the reverse look-up, it looks like below, Use TAB to get a decent format in zone file.

Configure Reverse Lookup Zone
Configure Reverse Lookup Zone

Check the group ownership of forward look-up & reverse look-up files, before checking for any errors in configuration.

$ sudo ls -l /var/named/

Here we can see both the files are in root users ownership, because files which we makes a copy from sample files are available under /var/named/. Change the group to named on both files using following commands.

$ sudo chgrp named /var/named/tecmintlocal.fwd.zone
$ sudo chgrp named /var/named/tecmintlocal.rev.zone

After setting correct ownership on the files, verify them again.

$ sudo ls -l /var/named/
Verify Zone Files
Verify Zone Files

Now, check for the errors in zone files, before starting the DNS service. First check the named.conf file, then check other zone files.

$ sudo named-checkconf /etc/named.conf
$ sudo named-checkzone masterdns.tecminlocal.com /var/named/tecmintlocal.fwd.zone
$ sudo named-checkzone masterdns.tecminlocal.com /var/named/tecmintlocal.rev.zone
Check Errors Zone Files
Check Errors Zone Files

By default iptables was running and our DNS server is restricted to localhost, if client wants to resolve name from our DNS Server, then we have to allow the inbound request, for that we need to add iptables inbound rule for the port 53.

$ sudo iptables -I INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT

Now, verify that the rules has been added correctly in INPUT chain.

$ sudo iptables -L INPUT

Next, save the rules and restart firewall.

$ sudo service iptables save
$ sudo service iptables restart
Open DNS Port on Firewall
Open DNS Port on Firewall

Start the named service and make it persistent.

$ sudo service named start
$ sudo chkconfig named on
$ sudo chkconfig --list named
Start DNS Server
Start DNS Server

Finally, test the configured Master DNS zone files (forward and reverse), using dig & nslookup tools.

$ dig masterdns.tecmintlocal.com		[Forward Zone]
Test Forward DNS Zone
Test Forward DNS Zone
$ dig -x 192.168.0.200
Test Reverse DNS Zone
Test Reverse DNS Zone
$ nslookup tecmintlocal.com
$ nslookup masterdns.tecmintlocal.com
$ nslookup slavedns.tecmintlocal.com
Test DNS Zones
Test DNS Zones

Cool! we have configured a Master DNS, now we need to setup a Slave DNS Server. Let’s move forward to setup a slave server, This won’t take much time as master setup.

Setup Slave DNS Server

In Slave machine, also we need to install same bind packages as shown in Master, so let’s install them using following command.

$ sudo yum install bind* -y
Install DNS Bind in CentOS
Install DNS Bind

Open and edit ‘named.conf’ file for our zone database and port listen.

$ sudo vim /etc/named.conf

Make changes as shown, as per your requirements.

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; 192.168.0.201}; # Our Slave DNS server IP
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.0.0/24; };
        recursion no;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

## Define our slave forward and reverse zone, Zone files are replicated from master.

zone"tecmintlocal.com" IN {
type slave;
file "slaves/tecmintlocal.fwd.zone";
masters { 192.168.0.200; };
};

zone"0.168.192.in-addr.arpa" IN {
type slave;
file "slaves/tecmintlocal.rev.zone";
masters { 192.168.0.200; };
};

#####
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Configure Slave DNS
Configure Slave DNS

Start the DNS service using.

$ sudo service named start

After restarting the bind service, we don’t have to define the zone information individually, as our allow-transfer will replicate the zone information from master server as shown in the image below.

$ sudo ls -l /var/named/slaves

Verify, the zone information using cat command.

$ sudo cat /var/named/slaves/tecmintlocal.fwd.zone
$ sudo cat /var/named/slaves/tecmintlocal.rev.zone
Verify Slave Zone Files
Verify Slave Zone Files

Next, open DNS port 53 on iptables to allow inbound connection.

$ sudo iptables -I INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT

Save the iptables rules and restart the iptables service.

$ sudo service iptables save
$ sudo service iptables restart

Make the service persistent on system boot.

$ sudo chkconfig iptables on
Check whether persistent set for run-levels .
$ sudo chkconfig --list iptables
Open DNS Port
Open DNS Port

That’s it!. Now time to configure our client machines and check for the hostname.

Configure Client Machine

In client side we need to assign the Primary (192.168.0.200) and Secondary DNS (192.168.0.201) entry in network settings to get assign a hostname. To do, run the setup command to define all these entries as shown in the picture.

$ setup
Add DNS Entry
Add DNS Entry

Else, edit the ‘/etc/reslov.conf‘ file and add the following entries.

$ vim /etc/resolv.conf
search tecmintlocal.com
nameserver 192.168.0.200
nameserver 192.168.0.201

Now, verify the ip, hostname and name server look-up.

$ ifconfig | grep inet
$ hostname
$ nslookup tecmintlocal.com
Verify DNS Entry
Verify DNS Entry

Now, check the forward & Reverse DNS look-up using.

$ dig masterdns.tecmintlocal.com
$ dig -x 192.168.0.200
Check DNS Info
Check DNS Info

Understaing the dig Output:

  1. Header – This says everything what we have asked and how the result was.
  2. Status – Status was NO ERROR, that means which query request sent by us was successful without any ERROR.
  3. Question – The Query which was made by us, here my query was masterdns.tecmintlocal.com.
  4. Answer – The Query request resolved if there is available information.
  5. Authority – The name servers response for the domain and zone.
  6. Additional – Additional info’s regarding name-servers such as host-name and IP address.
  7. Query time – How long it took for resolving the names from the above servers.

Finally check for our node and make a ping.

$ dig node1.tecmintlocal.com
Check Client DNS Info
Check Client DNS Info
$ ping masterdns.tecmintlocal.com -c 2
$ ping slavedns.tecmintlocal.com -c 2
$ ping 192.168.0.200 -c 2
$ ping 192.168.0.201 -c 2
Ping DNS Servers
Ping DNS Servers

Finally, setup completed, here we have configured both Primary (Master) and Slave (Seconday) DNS server successfully, hope everyone have setup-ed without any issue, feel free to drop a comment if you face any issue while setup.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Babin Lonston
I'm Working as a System Administrator for last 10 year's with 4 years experience with Linux Distributions, fall in love with text based operating systems.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

85 Comments

Leave a Reply
  1. The slave DNS will not have the file if you even follow up all the article line by line, everything is fine except for one thing that is allowing port 53 as TCP in iptables / firewall.

    DNS uses both TCP as well as UDP as a port.

    1. UDP is used for querying other name servers like root, TLD, and authoritative.
    2. TCP is used for zone transfer between master and slave DNS.

    In this article port 53 for UDP is allowed but we must allow port 53 as TCP as well in order for all the zone file to be seen in the /var/named/slaves folder and Slave DNS to receive all the zones and its data.

    Reply
  2. After I set up the slave server and ran the command ls -l /var/named/slaves or ls -l /var/named/slaves/local.fwd.zone or for the reverse zone total number of files are zero why my allow transfer didn’t work from the master.

    I set up the master server correctly and getting the answer for forward and reverse lockups i define my domain as local.com.

    Reply
  3. Hi,

    Great article and easy to understand.

    I would like to request if we can have a link to download packages from, as i downloaded the packages but many of the libraries are missing due to which a person ends us resolving the dependencies and adding libraries.

    It will be a great help if we get the required lib and packages.

    Reply
  4. All this is very nice but for a newbie trying to set up the DNS it’s tough to get through. I only have one server and your comment doesn’t show how to do this. So, thanks for trying…

    Reply
  5. Hi, if any of you could help me with master-slave dns configuration where the master is using dynamic dns in rhel 7, it would be a great help

    Reply
  6. Hi Babin,

    All tho this is a good tutorial, i need to point out that your configuration of reverse zone is wrong, and that the check for it doesn’t work.

    And that is because reverse zones there is no need for any type of record beside PTR records, and that since we defined reverse zone as 0.168.192.in-addr.arpa we should check that when checking configuration.

    The reverse zone file for this tutorial should be defined as:

    $TTL 1D
    @ IN SOA masterdns.tecmintlocal.com root.tecmintlocal.com (
    2017091402 ; serial
    1D ; refresh
    1H ; retry
    1W ; expire
    3H ) ; minimum

    ; Name server's
    @ IN NS masterdns.tecmintlocal.com
    @ IN NS slavedns.tecmintlocal.com

    ;Hosts in Domain
    200 IN PTR masterdns.tecmintlocal.com
    201 IN PTR slavedns.tecmintlocal.com

    And the check for zone should be:

    named-checkzone 0.168.192.in-addr.arpa /var/named//var/named/tecmintlocal.rev.zone

    I hope that my comment helps someone out.

    Cheers.

    Ninoslav.

    Reply
  7. Thank you for all of the above, very helpful. I only have one physical machine so is it O.K. if I don’t configure a slave machine configuration? Thanks

    Reply
  8. I didn’t understand the section for reverse zone file in /var/named.com zone”…..” that part

    please explain me what to write there

    Reply
    • @IShmael,

      You can’t leave it 0 instead you need to start from 00 which represent the date. If we are about to add new entry it’s good to increase the serial number by an incremental method.

      Reply
  9. has no address records (A or AAAA) , I had the same problem for this reason I added
    8 @ IN NS ns1.domain.com.
    9 @ IN NS ns2.domain.com.
    10 @ IN PTR domain.com.
    these following lines
    11 @ IN A 192.168.1.140
    12 @ IN A 192.168.1.150

    Reply
  10. if suddenly primary DNS fails what will happen?
    can you please explain the other dns zones like stub zone
    can we configure the stubzone in linux

    Reply
  11. Hi Ravi,

    Thanks! for such a informative article. I actually When i am checking reverse lookup zone file. i am getting below error …could you please help me out.

    [root@vxvm1 ~]# named-checkzone vxvm1.husain.net /var/named/husain.rev.zone
    

    zone vxvm1.husain.net/IN: NS ‘vxvm1.husain.net’ has no address records (A or AAAA)
    zone vxvm1.husain.net/IN: not loaded due to errors.

    Reply
      • 1 $TTL 86400
        2 @ IN SOA vxvm1.husain.net. root.husain.net. (
        3 2014090402 ; serial
        4 3600 ; refresh
        5 1800 ; retry
        6 604800 ; expire
        7 86400 ) ; minimum
        8 ; Name server’s
        9
        10 @ IN NS vxvm1.husain.net.
        11 @ IN NS rhel7.husain.net.
        12 @ IN PTR husain.net.
        13 ; Name server hostname to IP resolve.
        14
        15 vxvm1 IN A 10.10.104.20
        16 rhel7 IN A 10.10.104.115
        17
        18 ;Hosts in Domain
        19 vxvm2 IN A 10.10.104.30
        20 sarvar IN A 10.10.104.111
        21 111 IN PTR sarvar.husain.net.
        22 30 IN PTR vxvm2.husain.net.

        Reply
  12. 1 $TTL 86400
    2 @ IN SOA ns1.mailninja.io. root.mailninja.io. (
    3 2016090101 ; serial
    4 3600 ; refresh
    5 1800 ; retry
    6 604800 ; expire
    7 86400 ) ; minimum
    8 @ IN NS ns1.mailninja.io.
    9 @ IN NS ns2.mailninja.io.
    10 @ IN PTR mailninja.io.
    11 ns1 IN A 192.168.1.126
    12 ns2 IN A 192.168.1.121
    13 ;Hosts in domain
    14 126 IN PTR ns1.mailninja.io.
    15 121 IN PTR ns2.mailninja.io.

    named-checkzone ns1.mailninja.io /var/named/mailninja.rev.zone
    zone ns1.mailninja.io/IN: NS ‘ns1.mailninja.io’ has no address records (A or AAAA)
    zone ns1.mailninja.io/IN: not loaded due to errors.

    Hi ravi can you plz ellaborate what did i miss here that i am getting errors for reverse zone file.

    Reply
    • @raaz,

      In line 14 and 15 again you are adding your DNS server as a host. Please post your forward zone.

      14 126 IN PTR ns1.mailninja.io.
      15 121 IN PTR ns2.mailninja.io.

      Reply
  13. named-checkzone ns1.mailninja.io /var/named/mailninja.rev.zone
    zone ns1.mailninja.io/IN: NS ‘ns1.mailninja.io’ has no address records (A or AAAA)
    zone ns1.mailninja.io/IN: not loaded due to errors.

    cat -n 1 $TTL 86400
    2 @ IN SOA ns1.mailninja.io. root.mailninja.io. (
    3 2016090101 ; serial
    4 3600 ; refresh
    5 1800 ; retry
    6 604800 ; expire
    7 86400 ) ; minimum
    8 @ IN NS ns1.mailninja.io.
    9 @ IN NS ns2.mailninja.io.
    10 @ IN PTR mailninja.io.
    11 ns1 IN A 64.137.226.126
    12 ns2 IN A 64.137.167.121
    13 ;Hosts in domain
    14 126 IN PTR ns1.mailninja.io.
    15 121 IN PTR ns2.mailninja.io.

    Reply
  14. Starting named:
    Error in named configuration:
    dns_rdata_fromtext: forward:8: near ‘epsilon.jhilmil.com’: extra input text
    zone jhilmil.com/IN: loading from master file forward failed: extra input text
    zone jhilmil.com/IN: not loaded due to errors.
    _default/jhilmil.com/IN: extra input text
    zone localhost/IN: loaded serial 0
    zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
    dns_rdata_fromtext: reverse:8: near ‘epsilon.jhilmil.com’: extra input text
    zone 211.168.192.in-addr.arpa/IN: loading from master file reverse failed: extra input text
    zone 211.168.192.in-addr.arpa/IN: not loaded due to errors.
    _default/211.168.192.in-addr.arpa/IN: extra input text
    zone 0.in-addr.arpa/IN: loaded serial 0

    getting this error when starting dns service
    help me out.

    Reply
  15. Hello Ravi,

    FOR example I have typed dig facebook.com, ok.

    It gives me some dns detials,

    Queston: for ex : I don’t have facebook nameserver address in my local sysem /etc/resolv.conf,?

    so how it gives me the some dns result.

    and

    one more question is very simple.

    I have made one dns server how it goes to public they don’t have my dns server details. how they can see?

    Please clarify my doughts as soon as possible.

    Reply
    • @Mallikarjunn

      First question:

      When your machine(client) is connected to the Internet through an ISP, it initiates a query to find facebook.com and sends the query to the DNS server of the ISP.

      Then, the DNS Server of the ISP first checks it’s own cache to determine if it already has a result for your machine’s query.

      In the event that the result is negative(meaning nothing found), it generates another query, sends it to a hierarchy above it. Your machine’s query will keep moving up the up until it reaches the root DNS servers, and until when facebook.com is found.

      After the ISP DNS Server finding out the authoritative name servers, it contacts the authoritative name servers to find out the IP address for http://www.facebook.com. i.e. the IP address of host www in the domain facebook.com.

      facebook.com then responds to the ISP DNS Server by answering the query and providing the IP address of the web server i.e. www

      The ISP DNS Server stores the answer in it’s cache for any future use and provides the result to your machine(client) by sending the IP address of the www server plus so many other details.

      Second question:

      All the magic happens through your ISP, when your are connected to the Internet, the ISP must gather information about your network setup including the DNS server setup. Then other networks can find your DNS server through your ISP servers(network).

      Reply
  16. hi, ravi,

    I don’t understand, how dns works What you have disscussed somewhat tough to understand.

    Please explain in one sentence

    Reply
    • @Mallik,

      We’ve tried and kept the information as simple as it, but I am afraid that you still finding it tough to understand, no problem here is the screencast that tells how exactly dns works, just go through it: https://howdns.works/

      Reply
  17. hi babin,

    your post looks great with clear explanation and with color highlights.

    when am configure only master DNS in my machine, facing issue with rev.zone file.

    named.conf testing went fine
    fwd.zone testing went fine.
    rev.zone testing ended with following error.

    [root@server ~]# named-checkzone server.example.com /var/named/example.rev.zone
    zone server.example.com/IN: NS ‘server.example.com’ has no address records (A or AAAA)
    zone server.example.com/IN: not loaded due to errors.
    [root@server ~]#

    this is my rev zone file.

    [root@server ~]# cat /var/named/example.rev.zone
    $TTL 86400
    @ IN SOA server.example.com. root.example.com. (
    0 ; serial
    1D ; refresh
    1H ; retry
    1W ; expire
    3H ) ; minimum
    ;name servers

    @ IN NS server.example.com.
    @ IN PTR example.com.

    ;name server hostname to ip resolver

    server IN A 192.168.1.1
    1 IN PTR server.example.com.

    Reply
      • that entry is already there ravi…

        FYR

        [root@server named]# cat -n example.rev.zone
        1 $TTL 86400
        2 @ IN SOA server.example.com. root.example.com. (
        3 200102 ; serial
        4 3600 ; refresh
        5 1800 ; retry
        6 604800 ; expire
        7 86400 ; minimum )
        8 ;name servers
        9
        10 @ IN NS server.example.com.
        11 @ IN PTR example.com.
        12
        13 ;name server hostname to ip resolver
        14
        15 server IN A 192.168.1.1
        16 1 IN PTR server.example.com.
        17

        Reply
      • hi ravi,

        i got the o/p now. thanks for your help and time.

        all verification cmds are giving o/ps expect from below….when diagnosing with ip address

        [root@server etc]# dig -x 192.168.1.1

        ; <> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <> -x 192.168.1.1
        ;; global options: +cmd
        ;; Got answer:
        ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 48244
        ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
        ;; WARNING: recursion requested but not available

        ;; QUESTION SECTION:
        ;1.1.168.192.in-addr.arpa. IN PTR

        ;; Query time: 0 msec
        ;; SERVER: 192.168.1.1#53(192.168.1.1)
        ;; WHEN: Thu May 26 22:21:38 2016
        ;; MSG SIZE rcvd: 42

        [root@server etc]#

        Reply
  18. Error: bind97-libs conflicts with bind-libs
    Error: bind97-devel conflicts with bind-libbind-devel
    Error: bind97-chroot conflicts with bind-chroot
    Error: bind97-utils conflicts with bind-utils
    Error: bind97 conflicts with bind
    Error: bind97-devel conflicts with bind-devel

    How to resolve it this error

    Reply
  19. THANKS FOR YOUR QUICK RESPONSE, but my question is why we have to write A records in reverse lookup zone
    node1 IN A 192.168.0.210
    rhel IN A 192.168.0.220
    in reverse lookup zone

    Reply
      • Yes Ravi, it’s work once changed to 8.8.8.8 but i can’t reached the domain name on my DNS “ping: unknown host appdev.rqproject.com”. I want set it up both access local domain and public domain. please advise…

        Reply
        • it’s solved, with modified named.conf :
          dnssec-enable no;
          dnssec-validation no;

          zone “.” IN {
          type forward;
          forward first;
          forwarders { 8.8.8.8;8.8.4.4;};
          };

          Reply
          • @RikiS,

            That’s good to hear that you finally solved yourself and really thanks for sharing here, hope this will help other users who face similar problem.

  20. hi when i am starting my slave server zone files are not transferring even i open 53 port in iptables when i stoping the iptables its working fine can u give me a solution for this

    thanks in advance

    Reply
    • @Vamsi,

      That means your IPtables rules are not properly configured or added, you need to check properly or post here all your IPtables rules, so that I can check it.

      Reply
  21. Hello Babin Lonston
    Very thanks your tutorial.
    I got error with slave server
    I created my own DNS server :
    sale.dornbrachtkitchenfaucet.com –>master
    server2.dornbrachtkitchenfaucet.com –> slave

    There is error with slave server such as below :

    dns_master_load: /var/named/slaves/dornbrachtkitchenfaucet.com.hosts:1: isc_lex_gettoken() failed: unexpected end of input
    dns_master_load: /var/named/slaves/dornbrachtkitchenfaucet.com.hosts:1: unexpected end of input
    /var/named/slaves/dornbrachtkitchenfaucet.com.hosts: file does not end with newline
    zone dornbrachtkitchenfaucet.com/IN: loading from master file /var/named/slaves/dornbrachtkitchenfaucet.com.hosts failed: syntax error
    zone dornbrachtkitchenfaucet.com/IN: not loaded due to errors.

    A part Inside master : cat /etc/named.conf :

    zone "dornbrachtkitchenfaucet.com" {
            type master;
            file "/var/named/dornbrachtkitchenfaucet.com.hosts";
            };
    
    
    A part Inside slave : /etc/named.conf :
    zone "dornbrachtkitchenfaucet.com" {
          type slave;
          file "slaves/dornbrachtkitchenfaucet.com.hosts";
          masters { 45.33.66.122; };
    };
    

    Can I know how to fix it ?
    Thanks

    Reply
  22. Firstly, thanks to your post I was able to setup DNS in RHEL6.5 box. This was really detailed and easy after going through your article. I need some more help like if the master server got shutdown for some time then how to replace the slave server to master server position? Please let me know

    Thanks in Advance!
    Venkat

    Reply
  23. Hi ,
    First of all, thanks to your post I was able to setup DNS in RHEL6.5 box. This was really detailed and easy after going through your article. I need some more help from you. I need to setup DNS for resolving 2 Series of IP’s on a single RHEL box.
    Say for eg. I have a series 1.1.x.x and another 10.0.x.x . The 10 series IP’s are NATted with 1 series IP’s also . the requirement if to setup a DNS in the 10 series IP , which will be able to resolve queries from both the IP series. Is that even Possible ?

    Reply
  24. Very informative and exceptionally detailed article. I have created almost same setup using virtualbox with client being windows XP. nslookup runs fine for example.com, ns1.example.com and ns2.example.com and similarly when I do nslookup for google.com, results are just fine.

    Only problem I am facing is when I stop named service on ns1.example.com so that ns2 should handle stuf, nslookup from XP fails… any idea what I am doing wrong or missing anything?

    Thanks.

    Reply
  25. Hello, Just wondering how can i the zone files every week. If the initial attempt fails, it will try again once per day until it succeeds or three weeks have passed i, talking about the slave server here .
    I appreciate your help in this regard

    Reply
  26. Hi Sir,
    I am configuring DNS Server ,Forwork lookup zone is configured and when i am trying to check reverse zone config file to named-checkzone then /var/named/abc.rev.zone:2: no current owner name
    zone masterdns.ab.com/IN: loading from master file /var/named/abc.rev.zone failed: no owner
    zone masterdns.abc.com/IN: not loaded due to errors.

    Reply
    • @Pankaj Maurya

      Can you please recheck your below configuration files?

      /etc/named.conf

      /var/named/slaves/tecmintlocal.rev.zone

      And please check wether you have added rule in slave server.

      # sudo iptables -I INPUT -p udp –dport 53 -m state –state NEW -j ACCEPT

      Let us know how it went through

      Reply
  27. i configured master dns it is successful, but in slave when i restart named service the two files zones are changing there names and there are no replicatin from master server. as you shown above. plz help me regarding this.

    Reply
  28. Turn on the recursion in named.conf. This will be turned off only for dedicated masters which has many slaves.

    recursion yes;

    Cheers,
    Prakash

    Reply
  29. hello!,
    will it work as my outside facing DNS if I configure it inside my NAT router. (I mean, Will it be accessible from outside my network)?

    Reply
  30. Thank you so much for building such a good and elaborate website.Its very useful for beginners like us…….

    Reply
  31. Hello,

    I have configured the DNS in my test lab. Reverse lookup is working fine for me but facing issue with name(forward) lookup.

    node1 : 192.168.111.160 (Master)
    node2 : 192.168.111.161 (Slave)
    node3 : 192.168.111.162 (client)

    *****************Successful response for reverse lookup.

    [root@Node3 ~]# dig -x 192.168.111.162 +noquestion

    ; <> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <> -x 192.168.111.162 +noquestion
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2681
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
    ;; WARNING: recursion requested but not available

    ;; ANSWER SECTION:
    162.111.168.192.in-addr.arpa. 259200 IN PTR node3.ganesh.com.

    ;; AUTHORITY SECTION:
    111.168.192.in-addr.arpa. 259200 IN NS node1.ganesh.com.
    111.168.192.in-addr.arpa. 259200 IN NS node2.ganesh.com.

    ;; ADDITIONAL SECTION:
    node1.ganesh.com. 259200 IN A 192.168.111.160
    node2.ganesh.com. 259200 IN A 192.168.111.161

    ;; Query time: 0 msec
    ;; SERVER: 192.168.111.160#53(192.168.111.160)
    ;; WHEN: Mon Mar 16 03:04:42 2015
    ;; MSG SIZE rcvd: 148

    ****************Unsuccessful response for forward lookup. This is happening on all nodes.

    [root@Node3 ~]# dig -x node3 +noquestion

    ; <> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <> -x node3 +noquestion
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 2333
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; WARNING: recursion requested but not available

    ;; Query time: 1 msec
    ;; SERVER: 192.168.111.160#53(192.168.111.160)
    ;; WHEN: Mon Mar 16 03:05:30 2015
    ;; MSG SIZE rcvd: 36

    ****************************Master Forward lookup file

    [root@Node1 ~]# cat /var/named/chroot/var/named/ganesh.com.zone
    $TTL 3D
    @ IN SOA node1.ganesh.com. root.ganesh.com. (
    20021115413 ; serial#
    1D ; refresh, seconds
    1H ; retry, seconds
    1W ; expire, seconds
    3H ) ; minimum, seconds
    ; Name servers
    @ IN NS node1.ganesh.com.
    @ IN NS node2.ganesh.com.

    ;Hosts in the domain
    @ IN A 192.168.111.160
    @ IN A 192.168.111.161
    @ IN A 192.168.111.162
    node1 IN A 192.168.111.160
    node2 IN A 192.168.111.161
    node3 IN A 192.168.111.162

    ****************named.conf file from master node.

    [root@Node1 ~]# cat /var/named/chroot/etc/named.conf
    options{
    directory "/var/named/";
    listen-on port 53 { 127.0.0.1; 192.168.111.160; };
    allow-transfer { localhost; 192.168.111.161; };
    recursion no;
    };

    zone "ganesh.com" {
    type master;
    file "ganesh.com.zone";
    allow-update {none;};
    allow-query { any; };
    };
    zone "111.168.192.in-addr.arpa" {
    type master;
    file "192-168-111.zone";
    allow-update {none;};
    allow-query { any; };
    };

    Any help will be highly appreciated. Checked configuration couple of times not sure where I am doing the mistake.

    Regards,
    Vicky

    Reply
  32. hi,
    it’s good writing. i want to implement it on my vps. i’ve only one vps, this is my scenario:
    ===
    i have 3 domain names:
    apple.com
    grape.com
    banana.com

    i installed centos 7 minimal on my vps. i’ve only have one ip address (192.167.21.59). i have domain apple.com, and pointed it to my vps from domain panel
    #######
    HOST NAME IP ADDRESS/ URL RECORD TYPE MX PREF TTL
    @ 192.167.21.59 A
    www 192.167.21.59 A
    #######
    i installed apache web server and enabled vhost for apple.com. and it’s accessibled. i’ve also create vhost for grape.com and banana.com.
    my question is how to setup name server on my vps, so another domain like grape.com and banana.com pointed to my vps using name server, example:
    ns1.apple.com
    ns2.apple.com
    ===
    could it be possible? .i hope you’re willing to guide me?

    thank you.

    Reply
  33. root@www ~]# vi /etc/named.conf
    [root@www ~]# service named restart
    Stopping named: [ OK ]
    Starting named:
    Error in named configuration:
    /etc/named.conf:8: missing ‘;’ before ‘}’
    [FAILED]
    [root@www ~]#

    Reply
  34. Hello Sir,

    I have configured DNS in my laptop, But facing issue while rerstarting the named service.

    root@www ~]# vi /etc/named.conf
    [root@www ~]# service named restart
    Stopping named: [ OK ]
    Starting named:
    Error in named configuration:
    /etc/named.conf:8: missing ‘;’ before ‘}’
    [FAILED]
    [root@www ~]#

    Reply
  35. sir i have configure dns but sir i have type dig -x 192.168.1.17(dns server ip) to i saw Answer secotion is 0 and i type dig @localhost server21.dns.com (domain name) then answer =1 but i type dig -x 192.168.1.17 so plese give me soluation and i type nslookup then my dns is not working

    please suggest me

    Reply
  36. @ chris Guthrie Check your iptables in both master and slave. Please post more info about your setup. eg: IP, hostname, network range.

    Reply
  37. I ran across your article trying to solve a similar problem. However, when setting up my slave, it replicated my forward zone but not my reverse. Any idea why that would be?

    Reply
  38. Thanks a lotdude for this awesomepost, it resolved my biggest headache till now DNS.

    Able tosetup master DNS without nay issues, facing issues while setting up slave DNS , it is not bale to replicate files from master and getting below errors in logs of slave;

    Sep 11 19:19:51 puppetclient named[23733]: running
    Sep 11 19:19:51 puppetclient named[23733]: zone 12.168.192.in-addr.arpa/IN: Transfer started.
    Sep 11 19:19:51 puppetclient named[23733]: transfer of ‘12.168.192.in-addr.arpa/IN’ from 192.168.12.116#53: connected using 192.168.12.112#54419
    Sep 11 19:19:51 puppetclient named[23733]: transfer of ‘12.168.192.in-addr.arpa/IN’ from 192.168.12.116#53: failed while receiving responses: NOTAUTH
    Sep 11 19:19:51 puppetclient named[23733]: transfer of ‘12.168.192.in-addr.arpa/IN’ from 192.168.12.116#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
    Sep 11 19:19:52 puppetclient named[23733]: zone learning.com/IN: Transfer started.
    Sep 11 19:19:52 puppetclient named[23733]: transfer of ‘learning.com/IN’ from 192.168.12.116#53: connected using 192.168.12.112#55252
    Sep 11 19:19:52 puppetclient named[23733]: transfer of ‘learning.com/IN’ from 192.168.12.116#53: failed while receiving responses: NOTAUTH
    Sep 11 19:19:52 puppetclient named[23733]: transfer of ‘learning.com/IN’ from 192.168.12.116#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)

    Reply
    • It’s something connection issue between two nodes, please check your network and open respective ports on both mysql instance to communicate.

      Reply
    • Hemant,
      I recently completed a “hidden” master and 4 slave DNS server deployment in CentOS7. I ran into the same error. The problem was that a slave server will periodically query the master server zones. This is to ensure there are no changes. The slave only queries the serial number of the zone and compares it to its own. If the master DNS has a bigger serial the slave will initiate a zone transfer. I fixed that by adjusting the allow-query {} to include my slave DNS.

      Another reason I saw this was a misconfigured TSIG on the slave was causing NOTAUTH messages.

      If you run the following command from the slave server what do you get?
      #dig @MASTER_IP learning.com axfr
      Expected result is to see a zone transfer output on screen.

      Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.