How to configure a primary or master authoritative name server

In the DNS system, only the authoritative name server resolves DNS queries. We have two types of authoritative name servers: primary or master and secondary or slave. A primary or master name server resolves queries for configured zones. A secondary or slave name server is a backup name server. It resolves queries when the primary name server is not available.

LAB set up

We will use the following lab to configure, test, and verify a primary or master authoritative name server.

Lab set up

To learn how to set up this lab on virtual or physical systems, please check the previous tutorials of this tutorial series.

This tutorial is part of the following tutorial series on DNS server concepts and configurations.

Chapter 01   How to configure DNS Server in Linux
Chapter 02   DNS Basic Concepts, Fundamentals, and Terminology
Chapter 03   DNS Server and Query Types Explained
Chapter 04   The /etc/hosts, /etc/resolv.conf, and /etc/nsswitch.conf files
Chapter 05   The dig command on Linux
Chapter 06   The nslookup command on Linux
Chapter 07   Change or specify the DNS server to the nslookup command
Chapter 08   DNS zone File Format
Chapter 09   The TTL and ORIGIN directives in the zone file
Chapter 10   Types of resources records in zone files
Chapter 11   The SOA Record Explained in the DNS zone file
Chapter 12   The NS Record, Glue record, and Lame Delegation
Chapter 13   The MX record in a zone file explained
Chapter 14   The a, aaaa, and cname DNS record types
Chapter 15   The pointer (PTR) record and Reverse mapping Explained
Chapter 16   How to configure a caching-only name server
Chapter 17   How to configure DNS Forwarding and a forwarder name server
Chapter 18   How to configure a primary or master authoritative name server
Chapter 19   How to configure a secondary or slave authoritative name server
Chapter 20   How to configure reverse mapping on DNS name servers

Configuring the primary authoritative name server

On the RHELServer1 system, install the bind and bind-utils packages and open the /etc/named.conf file. Add RHELServer1's IP address in the listen-on port 53 option and the network address in the allow-query option.

These options configure the name server to listen and answer DNS queries from the network 192.168.29.0/24 on the IP address 192.168.29.100.

Add a zone configuration for the example.com domain. In this configuration, configure three options: type, file, and allow-transfer.

The type option defines the role of this server for this zone. To configure this server as the primary or master name server for this zone, we use the value master here. To configure this server as the secondary or slave name server for this zone, we use the value slave here.

The file option defines the name of the zone file. The name server uses this file to answer DNS queries that belong to this domain. DNS saves this file in the /var/named/ directory.

The allow-transfer option defines the secondary or slave name servers' IP addresses. The name server automatically transfers zone files to name servers configured in this option.

Add the following zone configuration.

zone "example.com"{
	type master;
	file "example.com.db";
	allow-transfer {none;};
};

The above configuration makes this server an authoritative name server for the example.com zone. To resolve queries for this zone, it reads the /var/named/example.com.db file.

Primary name server configuration

Creating the zone file

Authoritative name servers use zone files to resolve DNS queries. Create the file example.com.db in the /var/named/ directory and add the following configuration to this file.

Zone file for forward mapping

I have already explained the zone file's options and configuration directives in previous tutorials of this series. You can use them to learn, create, and configure zone files.

Adding the firewall rule for the DNS service

By default, the firewall does not allow DNS queries from other systems. That means the firewall will drop all incoming DNS queries from DNS client systems. You can use the following commands to display and add an allow rule for the DNS traffic.

#firewall-cmd --get-default-zone
#firewall-cmd --zone=public --add-service=dns

Allow DNS traffic through the firewall

Restart the named service.

systemctl restart named

Testing and verifying the authoritative name server

We can use the host and dig commands to test and verify the authoritative name server. First, let us test the configuration from the server. The following command sends a DNS query to the configured DNS server to translate the name pc1.example.com.

#host pc1.example.com

The following image shows the output of this command.

testing primary name server

The following command sends a DNS query to the configured DNS server to provide resource records related to the name example.com.

#dig example.com

the dig command example

As we can see in the above output, the authoritative name server resolved the query. It verifies the authoritative name server is configured correctly and working properly. To test and verify the setup from the DNS client, we can use the same commands on RHELClient.

testing primary name server from the client

Conclusion

A primary or master name server uses zone files to resolve queries. It provides authoritative answers. In this tutorial, we learned how to configure a primary name server in a lab environment.

By ComputerNetworkingNotes Updated on 2026-06-08

ComputerNetworkingNotes Linux Tutorials How to configure a primary or master authoritative name server

We do not accept any kind of Guest Post. Except Guest post submission, for any other query (such as adverting opportunity, product advertisement, feedback, suggestion, error reporting and technical issue) or simply just say to hello mail us ComputerNetworkingNotes@gmail.com