Welcome to WebmasterWorld Guest from 54.145.39.186

Forum Moderators: bakedjake

Message Too Old, No Replies

Setting up a Secondary DNS need some advice.

     

fintan

11:18 am on Feb 20, 2003 (gmt 0)

10+ Year Member



I'm setting up a Secondary DNS on a Linux box. The Primary is on a NT machine. It's to go on a Intranet. What I need to know is how it should be set up.

Do I need a samba share setup?

Do I have to manually add the hostnames to the Linux slave files?

How could I get the two DNS's to interact with each other so the NT machine updates the Linux box?

Does rndc have to be running to allow named to run properly?

What kind of security issues do I need to look at?

Thanks
fintan

jmendenhall

7:39 pm on Feb 20, 2003 (gmt 0)

10+ Year Member



> Do I need a samba share setup?

No.

> Do I have to manually add the hostnames
> to the Linux slave files?

No. You can use standard zone transfers to copy the information to the secondary name server.

> How could I get the two DNS's to interact
> with each other so the NT machine updates
> the Linux box?

This is automatic if using zone transfers, as mentioned above. It is all in the configuration of the secondary, if you go with zone transfers.

One warning with using zone transfers. If your secondary uses zone transfers, and the primary server goes down for an extended period of time, the zones might expire and the secondary will not have a source. Best practice dictates the secondary has it's own records. This is where you might want to consider some sort of file transfer from the NT (perhaps SAMBA might work for you here...).

> Does rndc have to be running to allow named
> to run properly?

No. This is a "controlling" type of utility. It makes it easier to update and control the name server. It is a good thing.

> What kind of security issues do I need to
> look at?

All-purpose box security issues apply. This should be done prior to putting any services on it. Best practice security issues can be reviewed at many Linux sites. Search on "hardening" your linux server. SANS (sans.org) is a good place to look as well. I have no affiliation with SANS.

fintan

11:17 am on Feb 24, 2003 (gmt 0)

10+ Year Member



Is there another way to do it other than zone transfers?

dingman

6:29 pm on Feb 24, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Write up a zone file for BIND, and configure BIND on the linux server to be a master server rather than a slave. Then any time to make a change to the zone on one system, make the same change on the other.

(I just use zone transfers. They're easier.)

fintan

9:40 am on Feb 25, 2003 (gmt 0)

10+ Year Member



Yeah but I'm using a NT box as the primary. Is there an easy way for the NT to talk to the Linux box?

fintan

11:45 am on Feb 25, 2003 (gmt 0)

10+ Year Member



Right the way we have it setup on the NT is we have a piece of software called Meta IP(Which is bassically a java front end tied in with a access 97 database) Now how do I get the info from dns1 to dns2, using zone transfers.

Do I need a samba share with NetBIOS running on the Linux for a zone transfer to work?

Thanks

jpjones

1:31 pm on Feb 25, 2003 (gmt 0)

10+ Year Member



Now how do I get the info from dns1 to dns2, using zone transfers.

Set dns1 to be the master, and change the options for each domain to allow the dns2 ip address to do zone transfers.

On the linux dns2, for each domain name, create something like the following in the named.conf file:


zone "thedomain.com" {
type slave;
file "sz/thedomain.com";
masters { ip.address.of.master; };
};

Now, every time the domain information changes on dns1, dns1 will contact dns2 to tell it the information for that domain has changed. dns2 will then do a zone transfer from dns1 and update it's records.

Do I need a samba share with NetBIOS running on the Linux for a zone transfer to work?

Nope - the transfer is handled directly through standard tcp/ip ports.

JP

fintan

2:23 pm on Feb 25, 2003 (gmt 0)

10+ Year Member



When I restart named I get the zones but in the logs it says refresh_callback: zone "file name"/IN: ipaddresses#53 timed out. Any ideas?

fintan

3:57 pm on Feb 25, 2003 (gmt 0)

10+ Year Member



I figured out what I was doing wrong, in the zone files I wasn't changing the serial number so it would be able to update its self.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month