What is DNS Server?
As you might know, DNS, Domain Name System, is a system that resolves Domain names into IP Addresses and vice-versa. For example if you type www.unixmen.com in your browser, the computer doesn’t know where it is actually. So in-order to find www.unixmen.com site, your computer will contact the current DNS server. The DNS servers simply reply to your computer with the associated IP address of unixmen.com domain. Since IP address of every domain is hard to remember, DNS Server makes it easy to remember domain names instead of their IP addresses. You can get the DNS server details from your Internet Service Providers.
Types of DNS Server
There are two types of DNS Servers, Primary and Secondary DNS server. These two DNS servers are computers where the domain names with their respective IP addresses are stored and the information available on both DNS servers is identical. The values for these two DNS’s are configured by the Internet Service Provider (ISP). The secondary DNS acts as backup for the Primary DNS if Primary DNS server is down.
Scenario
In this tutorial i am going to setup local Primary and secondary DNS servers. I am using two systems running with openSUSE 13.1 for primary and secondary DNS servers and one system running with Ubuntu 13.04 Desktop for Client.
Primary DNS server details:
Operating System: openSUSE 13.1 Hostname: master.unixmen.local IP Address: 192.168.1.101/24
Secondary DNS Server Details:
Operating System: openSUSE 13.1 Hostname: slave.unixmen.local IP Address: 192.168.1.102/24
Client Details:
Operating System: Ubuntu 13.04 Desktop Hostname: client.unixmen.local IP Address: 192.168.1.100/24
Note: I tested this how-to twice on local area network (LAN). It is worked perfectly for me as i expected. If you want to setup external DNS server, use your public ip in zone files and dns configuration files.
1. Setup Primary DNS Server
Install bind9
BIND (Berkely Internet Name Domain) is a software for translating domain names into IP addresses.
Install it using command:
# zypper in bind
The DNS configuration files are stored in the /etc/ directory. The primary configuration file is /etc/named.conf.
Configure Bind9
Open up the file /etc/named.conf in any editor.
# nano /etc/named.conf
Add the following lines to define forward and reverse zone files.
[...]
## Uncomment and add your local area network ip series
allow-query { 127.0.0.1; 192.168.1.0/24;};
[...]
zone "unixmen.local" {
type master;
file "for.unixmen.local";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "rev.unixmen.local";
};
Save and close the file.
Create Zone Files
Now create the forward and reverse zone files which we defined in the above step.
1. Forward Zone file
Copy the existing zone file template /var/lib/named/localhost.zone to create a new forward zone file.
# cp /var/lib/named/localhost.zone /var/lib/named/for.unixmen.local
Now edit the file /var/lib/named/for.unixmen.local,
# nano /var/lib/named/for.unixmen.local
Change the contents as shown below and replace the domain name and ip address with your own.
;
; BIND data file for forward.unixmen.local zone
;
$TTL 604800
@ IN SOA master.unixmen.local. root.unixmen.local. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
IN A 192.168.1.101
;
@ IN NS master.unixmen.local.
@ IN NS slave.unixmen.local.
@ IN A 192.168.1.101
@ IN A 192.168.1.102
@ IN A 192.168.1.100
@ IN AAAA ::1
master IN A 192.168.1.101
slave IN A 192.168.1.102
client IN A 192.168.1.100
2. Reverse Zone file
Copy the existing zone file template /var/lib/named/127.0.0.zone to create a new reverse zone file.
# cp /var/lib/named/127.0.0.zone /var/lib/named/rev.unixmen.local
Now edit the file /etc/bind/rev.unixmen.local,
# nano /var/lib/named/rev.unixmen.local
Change the contents as shown below and replace the domain name and ip address with your own.
; ; BIND reverse data file for rev.unixmen.local ; $TTL 604800 @ IN SOA master.unixmen.local. root.unixmen.local. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS master. @ IN NS slave. @ IN A 192.168.1.101 @ IN A 192.168.1.102 @ IN A 192.168.1.100 101 IN PTR master.unixmen.local. 102 IN PTR slave.unixmen.local. 100 IN PTR client.unixmen.local.
Save and close the file.
As you see in the above configuration, i increased the serial number for reverse zone file. For each change you should increase the reverse zone serial number as well.
Now start bind9 service.
# /etc/init.d/named start # chkconfig named on
Test DNS Configuration and Zone Files
You can check the DNS configuration and zone files configuration for any syntax errors.
Check DNS configuration file using command:
# named-checkconf /etc/named.conf
If it returns nothing, your configuration file doesn’t have any syntax errors.
Check Forward Zone:
# named-checkzone unixmen.local /var/lib/named/for.unixmen.local
Sample Output:
zone unixmen.local/IN: loaded serial 2 OK
Check Reverse Zone:
# named-checkzone unixmen.local /var/lib/named/rev.unixmen.local
Sample output:
zone unixmen.local/IN: loaded serial 3 OK
First make sure that BIND9 is running on default port 53.
# netstat -tulpn | grep :53
Sample output:
tcp 0 0 192.168.1.101:53 0.0.0.0:* LISTEN 2803/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2803/named tcp 0 0 :::53 :::* LISTEN 2803/named udp 0 0 0.0.0.0:5353 0.0.0.0:* 479/avahi-daemon: r udp 0 0 192.168.1.101:53 0.0.0.0:* 2803/named udp 0 0 127.0.0.1:53 0.0.0.0:* 2803/named udp 0 0 :::5353 :::* 479/avahi-daemon: r udp 0 0 :::53 :::* 2803/namedhi-daemon:
Adjust openSUSE firewall
open YaST control center. Go to Network Services -> Firewall -> Allowed Services. Select bind DNS server from Service to Allow drop down box. Click Next and Ok to apply the settings.
![openSUSE 13.1 [Running] - Oracle VM VirtualBox_001](http://unixmen.com/wp-content/uploads/2013/12/openSUSE-13.1-Running-Oracle-VM-VirtualBox_001.jpg)
Test Master DNS Server
Edit file /etc/resolv.conf,
# nano /etc/resolv.conf
And add your Master DNS server details,
search unixmen.local nameserver 192.168.1.101
Reboot the system or restart the networking service.
# /etc/init.d/network restart
Now let us check Master DNS server is working or not using the following commands:
Method 1:
# dig master.unixmen.local
Sample output:
; <<>> DiG 9.9.3-rpz2+rl.156.01-P2 <<>> master.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42189 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;master.unixmen.local. IN A ;; ANSWER SECTION: master.unixmen.local. 604800 IN A 192.168.1.101 ;; AUTHORITY SECTION: unixmen.local. 604800 IN NS slave.unixmen.local. unixmen.local. 604800 IN NS master.unixmen.local. ;; ADDITIONAL SECTION: slave.unixmen.local. 604800 IN A 192.168.1.102 ;; Query time: 5 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Sat Dec 07 17:14:17 IST 2013 ;; MSG SIZE rcvd: 115
Method 2:
# dig -x master.unixmen.local
Sample Output:
; <<>> DiG 9.9.3-rpz2+rl.156.01-P2 <<>> -x master.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29989 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;local.unixmen.master.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2011030040 1800 900 604800 3600 ;; Query time: 1491 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Sat Dec 07 17:15:09 IST 2013 ;; MSG SIZE rcvd: 130
Method 3:
# dig unixmen.local
Sample output:
; <<>> DiG 9.9.3-rpz2+rl.156.01-P2 <<>> unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50957 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;unixmen.local. IN A ;; ANSWER SECTION: unixmen.local. 604800 IN A 192.168.1.101 unixmen.local. 604800 IN A 192.168.1.102 unixmen.local. 604800 IN A 192.168.1.100 ;; AUTHORITY SECTION: unixmen.local. 604800 IN NS master.unixmen.local. unixmen.local. 604800 IN NS slave.unixmen.local. ;; ADDITIONAL SECTION: slave.unixmen.local. 604800 IN A 192.168.1.102 master.unixmen.local. 604800 IN A 192.168.1.101 ;; Query time: 16 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Sat Dec 07 17:15:52 IST 2013 ;; MSG SIZE rcvd: 163
Method 4:
# dig -x unixmen.local
Sample output:
; <<>> DiG 9.9.3-rpz2+rl.156.01-P2 <<>> -x unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34278 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;local.unixmen.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2011030040 1800 900 604800 3600 ;; Query time: 218 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Sat Dec 07 17:16:23 IST 2013 ;; MSG SIZE rcvd: 123
Method 5:
# nslookup unixmen.local
Sample output:
Server: 192.168.1.101 Address: 192.168.1.101#53 Name: unixmen.local Address: 192.168.1.101 Name: unixmen.local Address: 192.168.1.100 Name: unixmen.local Address: 192.168.1.102
Method 6:
# host unixmen.local
Sample output:
unixmen.local has address 192.168.1.102 unixmen.local has address 192.168.1.101 unixmen.local has address 192.168.1.100 unixmen.local has IPv6 address ::1
Method 7:
# host master.unixmen.local
Sample Output:
master.unixmen.local has address 192.168.1.101
That’s it. Primary DNS server is ready and working.
2. Setup Secondary DNS Server
Install bind9 package with following command:
# zypper in bind
Configure DNS Server
Before proceeding to configure Secondary DNS server, first you should allow the zone transfer from your Primary DNS server.
To do so, go to Primary DNS server, edit the DNS main configuration file /etc/named.conf,
# nano /etc/named.conf
Add the lines allow-transfer { 192.168.1.102; }; and also-notify { 192.168.1.102; }; in the zone section.
[...]
zone "unixmen.local" {
type master;
file "for.unixmen.local";
allow-transfer { 192.168.1.102; };
also-notify { 192.168.1.102; };
};
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
file "rev.unixmen.local";
allow-transfer { 192.168.1.102; };
also-notify { 192.168.1.102; };
};
Here 192.168.1.102 is Secondary DNS server IP address. allow-transfer { 192.168.1.102; }; line will transfer the zone files automatically from master dns to secondary dns server. also-notify { 192.168.1.102; }; line will notify the secondary dns server if any changes in primary dns server zone files.
Save and close the file. Restart bind9 service.
# /etc/init.d/named restart
Now go to Secondary DNS server, edit file /etc/named.conf,
# nano /etc/named.conf
Add the lines as shown below.
[...]
## Uncomment and add the local area network IP series
allow-query { 127.0.0.1; 192.168.1.0/24;};
zone "unixmen.local" {
type slave;
file "slave/for.unixmen.local";
masters { 192.168.1.101; };
};
zone "1.168.192.in-addr.arpa" {
type slave;
file "slave/rev.unixmen.local";
masters { 192.168.1.101; };
};
Here 192.168.1.101 is my Primary DNS server IP address. Save and close the file.
Start bind9 service with following command.
# /etc/init.d/named start # chkconfig named on
First make sure that BIND9 is running on default port 53.
# netstat -tulpn | grep :53
Sample output:
tcp 0 0 192.168.1.102:53 0.0.0.0:* LISTEN 2201/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2201/named tcp 0 0 :::53 :::* LISTEN 2201/named udp 0 0 0.0.0.0:5353 0.0.0.0:* 389/avahi-daemon: r udp 0 0 192.168.1.102:53 0.0.0.0:* 2201/named udp 0 0 127.0.0.1:53 0.0.0.0:* 2201/named udp 0 0 :::5353 :::* 389/avahi-daemon: r udp 0 0 :::53 :::* 2201/named
Adjust openSUSE firewall
open YaST control center. Go to Network Services -> Firewall -> Allowed Services. Select bind DNS server from Service to Allow drop down box. Click Next and Ok to apply the settings.
Check Zone files
Now the zone files from master server will be replicated to secondary server automatically. The zones files will be created in /var/lib/named folder of secondary server.
# ls /var/lib/named/slave/
Sample output:
for.unixmen.local rev.unixmen.local
Check Forward zone file:
# cat /var/lib/named/slave/for.unixmen.local
Sample output:
$ORIGIN . $TTL 604800 ; 1 week unixmen.local IN SOA master.unixmen.local. root.unixmen.local. ( 2 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) NS slave.unixmen.local. NS master.unixmen.local. A 192.168.1.100 A 192.168.1.101 A 192.168.1.102 AAAA ::1 $ORIGIN unixmen.local. client A 192.168.1.100 master A 192.168.1.101 slave A 192.168.1.102
Check Reverse Zone file:
# cat /var/lib/named/slave/rev.unixmen.local
Sample output:
$ORIGIN . $TTL 604800 ; 1 week 1.168.192.in-addr.arpa IN SOA master.unixmen.local. root.unixmen.local. ( 3 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) NS slave. NS master. $ORIGIN 1.168.192.in-addr.arpa. 100 PTR client.unixmen.local. 101 PTR master.unixmen.local. 102 PTR slave.unixmen.local.
Test Secondary DNS Server
Edit file /etc/resolv.conf,
# nano /etc/resolv.conf
And add your Master DNS server details,
search unixmen.local nameserver 192.168.1.101 nameserver 192.168.1.102
Reboot the system or restart the networking service.
# /etc/init.d/network restart
Now let us check Master DNS server is working or not using the following commands:
Method 1:
# dig slave.unixmen.local
Sample output:
; <<>> DiG 9.9.3-rpz2+rl.156.01-P2 <<>> slave.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37775 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;slave.unixmen.local. IN A ;; ANSWER SECTION: slave.unixmen.local. 604800 IN A 192.168.1.102 ;; AUTHORITY SECTION: unixmen.local. 604800 IN NS master.unixmen.local. unixmen.local. 604800 IN NS slave.unixmen.local. ;; ADDITIONAL SECTION: master.unixmen.local. 604800 IN A 192.168.1.101 ;; Query time: 31 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Sat Dec 07 23:53:36 IST 2013 ;; MSG SIZE rcvd: 115
Method 2:
# dig -x slave.unixmen.local
Sample output:
; <<>> DiG 9.9.3-rpz2+rl.156.01-P2 <<>> -x slave.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59558 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;local.unixmen.slave.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2011030042 1800 900 604800 3600 ;; Query time: 757 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Sat Dec 07 23:54:32 IST 2013 ;; MSG SIZE rcvd: 129
Method 3:
# dig unixmen.local
Sample Output:
; <<>> DiG 9.9.3-rpz2+rl.156.01-P2 <<>> unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2144 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;unixmen.local. IN A ;; ANSWER SECTION: unixmen.local. 604800 IN A 192.168.1.101 unixmen.local. 604800 IN A 192.168.1.102 unixmen.local. 604800 IN A 192.168.1.100 ;; AUTHORITY SECTION: unixmen.local. 604800 IN NS master.unixmen.local. unixmen.local. 604800 IN NS slave.unixmen.local. ;; ADDITIONAL SECTION: slave.unixmen.local. 604800 IN A 192.168.1.102 master.unixmen.local. 604800 IN A 192.168.1.101 ;; Query time: 36 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Sat Dec 07 23:55:03 IST 2013 ;; MSG SIZE rcvd: 163
Method 4:
# dig -x unixmen.local
Sample output:
; <<>> DiG 9.9.3-rpz2+rl.156.01-P2 <<>> -x unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23721 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;local.unixmen.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2011030042 1800 900 604800 3600 ;; Query time: 415 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Sat Dec 07 23:55:31 IST 2013 ;; MSG SIZE rcvd: 123
Method 5:
# nslookup unixmen.local
Sample output:
Server: 192.168.1.101 Address: 192.168.1.101#53 Name: unixmen.local Address: 192.168.1.101 Name: unixmen.local Address: 192.168.1.100 Name: unixmen.local Address: 192.168.1.102
Method 6:
# host unixmen.local
Sample output:
unixmen.local has address 192.168.1.100 unixmen.local has address 192.168.1.101 unixmen.local has address 192.168.1.102 unixmen.local has IPv6 address ::1
Method 7:
# host slave.unixmen.local
Sample output:
slave.unixmen.local has address 192.168.1.102
Method 8:
# host master.unixmen.local
Sample output:
master.unixmen.local has address 192.168.1.101
That’s it. Secondary DNS server is ready and up now.
Client Side Configuration
In your client system, edit file /etc/resolv.conf,
$ sudo nano /etc/resolv.conf
Comment out all existing DNS servers and add the your Primary and Secondary DNS servers IP addresses.
search unixmen.local nameserver 192.168.1.101 nameserver 192.168.1.102
Test DNS Server
Run the following command to test Primary DNS server.
$ sudo dig master.unixmen.local
Sample output:
; <<>> DiG 9.9.2-P1 <<>> master.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47844 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;master.unixmen.local. IN A ;; ANSWER SECTION: master.unixmen.local. 604800 IN A 192.168.1.101 ;; AUTHORITY SECTION: unixmen.local. 604800 IN NS master.unixmen.local. unixmen.local. 604800 IN NS slave.unixmen.local. ;; ADDITIONAL SECTION: slave.unixmen.local. 604800 IN A 192.168.1.102 ;; Query time: 5 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Sat Dec 7 17:50:52 2013 ;; MSG SIZE rcvd: 115
Check Secondary server using command:
$ sudo dig slave.unixmen.local
Sample output:
; <<>> DiG 9.9.2-P1 <<>> slave.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16506 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;slave.unixmen.local. IN A ;; ANSWER SECTION: slave.unixmen.local. 604800 IN A 192.168.1.102 ;; AUTHORITY SECTION: unixmen.local. 604800 IN NS slave.unixmen.local. unixmen.local. 604800 IN NS master.unixmen.local. ;; ADDITIONAL SECTION: master.unixmen.local. 604800 IN A 192.168.1.101 ;; Query time: 3 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Sat Nov 7 17:55:25 2013 ;; MSG SIZE rcvd: 115
That’s it. Now you’ve successfully installed Primary and Secondary DNS servers.
Cheers!
