In the DNS system, only the authoritative name server resolves DNS queries. There are two types of authoritative name servers: primary or master and secondary or slave. A primary or master name server resolves queries for configured zones. A secondary or slave name server is a backup name server. It resolves queries when the primary name server is not available.
LAB set up
We will use the following lab to configure, test, and verify a primary or master authoritative name server.
To learn how to set up this lab on virtual or physical systems, please check the previous tutorials of this tutorial series.
This tutorial is the fourth tutorial of the tutorial series "How to configure DNS name servers in Linux.". Other tutorial of this tutorial series are the following.
How to configure DNS Server in Linux
How to configure a caching only name server
How to configure DNS Forwarding and a forwarder name server
How to configure a secondary or slave authoritative name server
Configuring the primary authoritative name server
On the RHELServer1 system, install the bind and bind-utils packages and open the /etc/named.conf file. In this file, add RHELServer1's IP address in the listen-on port 53 option and network address in the allow-query option.
These options configure the name server to listen and answer DNS queries from the network 192.168.29.0/24 on the IP address 192.168.29.100.
Add a zone configuration for the example.com domain. In this configuration, configure three options: type, file, and allow-transfer.
The type option defines the role of this server for this zone. To configure this server as the primary or master name server for this zone, we use the value master here. To configure this server as the secondary or slave name server for this zone, we use the value slave here.
The file option defines the name of the zone file. The name server uses this file to answer DNS queries that belong to this domain. DNS saves this file in the /var/named/ directory.
The allow-transfer option defines the secondary or slave name servers' IP addresses. The name server automatically transfers zone files to name servers defined in this option.
Add the following zone configuration.
zone "example.com"{ type master; file "example.com.db"; allow-transfer {none;}; };
The above configuration makes this server an authoritative name server for the example.com zone. To resolve queries for this zone, it uses the /var/named/example.com.db file.
Creating the zone file
Authoritative name servers use zone files to resolve DNS queries. Create the file example.com.db in the /var/named/ directory and add the following configuration to this file.
To learn about the zone file's options, you can check the following tutorial series. It explains zone files and their options in detail.
DNS zone file Format, Configuration, and Directives
Adding the firewall rule for the DNS service
By default, the firewall does not allow DNS queries from other systems. It means the firewall will drop all incoming DNS queries from DNS client systems. To view the default zone and add an allow rule for the DNS traffic in it, use the following commands.
#firewall-cmd --get-default-zone #firewall-cmd --zone=public --add-service=dns
Restart the named service.
Testing and verifying the authoritative name server
To test and verify the authoritative name server, we can use the host and dig commands. First, we will test the configuration from the server.
The following command sends a DNS query to the configured DNS server to translate the name pc1.example.com.
#host pc1.example.com
The following image shows the output of this command.
The following command sends a DNS query to the configured DNS server to provide resource records related to the name example.com.
#dig example.com
As we can see in the above output, the query has been resolved by the authoritative name server. It verifies the authoritative name server is correctly configured and working properly.
To test and verify the setup from the DNS client, we can use the same commands from RHELClient.