Scenario:
- You are on-boarding/bringing up a new Bind DNS server (say NSHost3 – 198.164.12.103) to replace/upgrade your existing Bind DNS server (NSHost2 – 198.164.12.102)
- You have installed Bind 9.8 as shown on the new server
- [root@NSHost3 ~]# named -v
BIND 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1
[root@NSHost3 ~]#
Implementation:
- Configuring your new server NSHost3 as slave to NSHost1 server requires updating named.conf file on both the servers as detailed here.
- On NSHost1 (198.164.12.101) setup /etc/named.conf with below essential contents
- options {
listen-on port 53 { 198.164.12.101; }; //NSHost1 the master server in Data centre 1
allow-notify { 198.164.12.103; }; //NSHost3 the new Slave server
allow-transfer { 198.164.12.103; }; //NSHost3 the new Slave server
..
…
};
/* primary zones */
zone “dc1.mydomain.com” {
type master;
file “dc1.mydomain.com.zone”;
};
/* Secondary zones */
zone “dc2.mydomain.com” {
type slave;
masters { 198.164.12.103; };
file “secondary/dc2.mydomain.com.zone”;
};
- options {
listen-on port 53 { 198.164.12.103; }; //NSHost3 the new Slave server
allow-transfer { 198.164.12.101 }; //NSHost1 the master server in Data centre 1
allow-notify { 198.164.12.101 }; //NSHost1 the master server in Data centre 1
..
…
};
/* primary zones */
zone “dc2.mydomain.com” {
type master;
file “dc2.mydomain.com.zone”;
};
/* Secondary zones */
zone “dc1.mydomain.com” {
type slave;
masters { 198.164.12.101; }; // Specifying the IP-address of NSHost1 which is hosting this zone.
file “secondary/dc1.mydomain.com.zone”;
};
Troubleshooting:
During the first time replication setup on RedHat Bind, most people encounter that despite successful file transfers the zone files does not get created on the Slave servers. It results in below errors in /var/log/messages file.
Oct 14 02:58:15 NSHost3 named-sdb[18253]: zone dc1.mydomain.com/IN: Transfer started.
Oct 14 02:58:15 NSHost3 named-sdb[18253]: transfer of ‘dc1.mydomain.com/IN’ from 198.164.12.101#53: connected using 198.164.12.103#49611
Oct 14 02:58:16 NSHost3 named-sdb[18253]: zone dc1.mydomain.com/IN: transferred serial 2014109804
Oct 14 02:58:16 NSHost3 named-sdb[18253]: transfer of ‘dc1.mydomain.com/IN’ from 198.164.12.101#53: Transfer completed: 1 messages, 21 records, 529 bytes, 0.217 secs (2437 bytes/sec)
Oct 14 02:58:16 NSHost3 named-sdb[18253]: zone dc1.mydomain.com/IN: sending notifies (serial 2014109804)
Oct 14 02:58:16 NSHost3 named-sdb[18253]: dumping master file: secondary/tmp-IWDKG5gBFC: open: permission denied
This is a known bug with RedHat Bind software as documented here: Bug 545128 – SELinux is preventing the named daemon from writing to the zone directory. You require to fix it by enabling the SELinux paramater named_write_master_zones boolean as shown below:
<<Fix for error: dumping master file: open: permission denied >>
[root@NSHost3 ~]# setsebool -P named_write_master_zones=1
[root@NSHost3 ~]#
<</>>
Then restart the named service as shown below:
[root@NSHost3 ~]# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
[root@NSHost3 ~]# service named status