homepage Welcome to WebmasterWorld Guest from 54.161.228.29
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
Setting up a Secondary DNS need some advice.
fintan




msg:912254
 11:18 am on Feb 20, 2003 (gmt 0)

I'm setting up a Secondary DNS on a Linux box. The Primary is on a NT machine. It's to go on a Intranet. What I need to know is how it should be set up.

Do I need a samba share setup?

Do I have to manually add the hostnames to the Linux slave files?

How could I get the two DNS's to interact with each other so the NT machine updates the Linux box?

Does rndc have to be running to allow named to run properly?

What kind of security issues do I need to look at?

Thanks
fintan

 

jmendenhall




msg:912255
 7:39 pm on Feb 20, 2003 (gmt 0)

> Do I need a samba share setup?

No.

> Do I have to manually add the hostnames
> to the Linux slave files?

No. You can use standard zone transfers to copy the information to the secondary name server.

> How could I get the two DNS's to interact
> with each other so the NT machine updates
> the Linux box?

This is automatic if using zone transfers, as mentioned above. It is all in the configuration of the secondary, if you go with zone transfers.

One warning with using zone transfers. If your secondary uses zone transfers, and the primary server goes down for an extended period of time, the zones might expire and the secondary will not have a source. Best practice dictates the secondary has it's own records. This is where you might want to consider some sort of file transfer from the NT (perhaps SAMBA might work for you here...).

> Does rndc have to be running to allow named
> to run properly?

No. This is a "controlling" type of utility. It makes it easier to update and control the name server. It is a good thing.

> What kind of security issues do I need to
> look at?

All-purpose box security issues apply. This should be done prior to putting any services on it. Best practice security issues can be reviewed at many Linux sites. Search on "hardening" your linux server. SANS (sans.org) is a good place to look as well. I have no affiliation with SANS.

fintan




msg:912256
 11:17 am on Feb 24, 2003 (gmt 0)

Is there another way to do it other than zone transfers?

dingman




msg:912257
 6:29 pm on Feb 24, 2003 (gmt 0)

Write up a zone file for BIND, and configure BIND on the linux server to be a master server rather than a slave. Then any time to make a change to the zone on one system, make the same change on the other.

(I just use zone transfers. They're easier.)

fintan




msg:912258
 9:40 am on Feb 25, 2003 (gmt 0)

Yeah but I'm using a NT box as the primary. Is there an easy way for the NT to talk to the Linux box?

fintan




msg:912259
 11:45 am on Feb 25, 2003 (gmt 0)

Right the way we have it setup on the NT is we have a piece of software called Meta IP(Which is bassically a java front end tied in with a access 97 database) Now how do I get the info from dns1 to dns2, using zone transfers.

Do I need a samba share with NetBIOS running on the Linux for a zone transfer to work?

Thanks

jpjones




msg:912260
 1:31 pm on Feb 25, 2003 (gmt 0)

Now how do I get the info from dns1 to dns2, using zone transfers.

Set dns1 to be the master, and change the options for each domain to allow the dns2 ip address to do zone transfers.

On the linux dns2, for each domain name, create something like the following in the named.conf file:


zone "thedomain.com" {
type slave;
file "sz/thedomain.com";
masters { ip.address.of.master; };
};

Now, every time the domain information changes on dns1, dns1 will contact dns2 to tell it the information for that domain has changed. dns2 will then do a zone transfer from dns1 and update it's records.

Do I need a samba share with NetBIOS running on the Linux for a zone transfer to work?

Nope - the transfer is handled directly through standard tcp/ip ports.

JP

fintan




msg:912261
 2:23 pm on Feb 25, 2003 (gmt 0)

When I restart named I get the zones but in the logs it says refresh_callback: zone "file name"/IN: ipaddresses#53 timed out. Any ideas?

fintan




msg:912262
 3:57 pm on Feb 25, 2003 (gmt 0)

I figured out what I was doing wrong, in the zone files I wasn't changing the serial number so it would be able to update its self.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved