For those of you who don't know, DNS is the system which marshals the traffic around the Internet, for example in the absence of DNS you would have to type in 72.21.206.5 instead of amazon.com to get to your favourite e commerce merchant :o). So DNS is important for the Internet but also as local networks are now very much modeled upon the Internet scheme, without DNS it becomes very difficult to manage your network in a user friendly manner. Which as usual is great until it breaks!
So very quickly as your office network becomes more central to the workings of your business it is natural to want a secondary system in case the first one breaks, especially when you are using a VPN as we are as the loss of our central DNS server would render our remote systems unusable as well. So that's the background, here is the solution to setting up a secondary DNS server using BIND on Linux as a slave to an Active Directory DNS server. Bear in mind this is for CentOS 4.5 (RHEL 4 equivalent) using the command line, if you are using a GUI just use the GUI tool!1. On the Microsoft box open DNS and right click on the forward lookup zone you wish to replicate, eg, somebiz.local. Under 'Name Servers' add the IP address of your Linux box.
2. If you have already been playing, completely remove your existing BIND installation (yum remove bind), and trash any files in /var/named/chroot/var/named.
3. Run yum install bind to install a fresh one.
4. Paste the following into /var/named/chroot/var/etc/named.conf
// Red Hat BIND Configuration Tool
// Default initial "Caching Only" name server configuration
options { directory "/var/named"; };
zone "mydomain.local" IN {
type slave;
file "slaves/mydomain.local";
masters { xxx.xxx.xxx.xxx port 53;};
};
include "/etc/rndc.key";
5. substitute your domain for mydomain.local and your active directory server's IP address in the xxx.xxx.xxx.xxx space.
6. Run service named start and make a cuppa cos your done!
Obviously this is not a comprehensive look at this subject, there is an awful lot more to play with in bind but that really is all you need to do to get going. Hope it helps..
5 comments:
Hey again Kieron,
Don;t know if you remember be but my name is Jack Loftus, News Writer for SearchEnterpriselinux.com.
Would you care to talk a bit more about this for a quick article/tip on our site? We're trying to expand coverage to include apps like BIND, etc, and how people are deploying and using them on Linux
I can be reached at jloftus@techtarget.com
Thanks!
-jack
Awesome thanks for your post - it has got me started. I suggest to more things though:
1) Add "check-names ignore;" to get rid of warnings about underscores in names
2) Add a reverse zone.
Here is config which works for me Win2003 -> CentOS 5.2:
http://lists.centos.org/pipermail/centos/2009-March/073023.html
options { directory "/var/named"; };
zone "internal.mycompany.com" IN {
type slave;
file "slaves/internal.mycompany.com";
masters { 10.121.42.40 port 53;};
check-names ignore;
};
zone "121.10.in-addr.arpa" IN {
type slave;
file "slaves/10.121";
masters { 10.121.42.40 port 53;};
check-names ignore;
};
include "/etc/rndc.key";
This is great info. One other step that confounded me is:
In the same dialog box where you enter your Linux nameserver IP Address: click on the Zone Transfer tab to make sure Transfers are allowed. Otherwise it just won't work!
Thanks again!
Hi,
I just wanted to say that I really enjoyed your blog and this post. You make some very informative points. Keep up the great work!
-
Delphi development
Just popping in to say nice site.
Post a Comment