How To Install And Configure Secondary DNS Server In Linux
In the video below, we show you how to install and configure a secondary DNS server in Linux using Ubuntu 22.04.1 LTS and Bind9
Prerequisites
- •Basic command line familiarity
What You'll Learn
- Understand Linux system administration
- Configure and manage Linux servers
Linux Fundamentals
How To Install And Configure Secondary DNS Server In Linux
Aug 18, 2022
· 2 mins read
_
#### In the video below, we show you how to install and configure a secondary DNS server in Linux using Ubuntu 22.04.1 LTS and Bind 9
Bear in mind, while a secondary DNS server will provide redundancy for DNS resolutions, it will contain a readable copy of the database
So if the primary server fails, it should be replaced as soon as possible in order to be able to make future DNS changes
We’ll update and configure an existing primary DNS server as we want redundancy with internal zone transfers
Then we’ll install and configure a secondary server which will also act as a redundant forwarder for Internet DNS resolution
Finally we’ll set up a client and do some testing
Steps Taken
-
Update Primary Server
sudo apt update && sudo apt upgrade -y
cd /etc/bind
sudo nano /etc/bind/named.conf.local
zone "templab.lan" {
..
allow-transfer { 172.16.17.11; };
also-notify { 172.16.17.11; };
};zone "16.172.in-addr.arpa" {
..
allow-transfer { 172.16.17.11; };
also-notify { 172.16.17.11; };
};
sudo systemctl restart bind9
sudo systemctl status bind9-
Create Secondary Server
NOTE: It’s assumed you already have an Ubuntu server built to be the secondary server. This next step is just to install bind9
sudo apt update && sudo apt upgrade -y
sudo apt install bind9 -y
cd /etc/bind
sudo nano /etc/bind/named.conf.local
zone "templab.lan" {
type secondary;
file "/var/lib/bind/db.templab.lan";
masters { 172.16.17.10; };
};zone "16.172.in-addr.arpa" {
type secondary;
file "/var/lib/bind/db.172.16";
masters { 172.16.17.10; };
};
sudo systemctl restart bind9
sudo systemctl status bind9Check a transfer took place
ls -l /var/lib/bindIf not, then if you have UFW installed on your computers, check that TCP is allowed on port 53
Traditionally UDP was used for lookups and TCP for zone transfers, but now both UDP and TCP get used for lookups so TCP access should have already been allowed
-
Test Internal DNS on the secondary
nslookup dhcp1.templab.lan 172.16.17.11
nslookup 172.16.17.10 172.16.17.11-
Restrict Access and Configure DNS Forwarding
cd /etc/bind
sudo nano named.conf.options
acl trustedclients {
localhost;
localnets;
172.16.18.0/24;
172.16.19.0/24;
172.16.21.0/24;
172.16.22.0/24;
172.16.24.0/24;
};options {
directory "/var/cache/bind";
recursion yes;
allow-query { trustedclients; };
allow-query-cache { trustedclients; };
allow-recursion { trustedclients; };
forwarders {
172.16.17.254;
};
dnssec-validation no;
listen-on-v6 port 53 { ::1; };
listen-on port 53 { 127.0.0.1; 172.16.17.11; };
};
sudo systemctl restart bind9
sudo systemctl status bind9-
Update IP addressing
Re-configuure the secondary server to use itself for DNS resolution
cd /etc/netplan
ls -l
sudo nano 00-installer-config.yamlChange the name server to 127.0.0.1
Apply the changes
sudo netplan apply
Sharing is caring!_
Please enable JavaScript to view the comments powered by Disqus.