Setting up a slave name server on the Raspberry Pi
I use VestaCP to host my main websites, so I needed to set up a second nameserver on a different IP. I am using my Raspberry Pi as a secondary nameserver and this will document how to set this up. Commands done on the Raspberry Pi are in red and those done on the main web server are in blue.
First, install Bind9 on the Raspberry Pi:
sudo apt-get install bind9 bind9utils dnsutils
Take a look at the bind config on the VestaCP server:
sudo nano /etc/bind/named.conf
This is what the default looks like for VestaCP. You can see any zones you have set up at the bottom as a master, using yourdomain.com as an example:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
zone "yourdomain.com" {type master; file "/home/admin/conf/dns/yourdomain.com.db";};
Now, we need to change the options to allow transfer of zone information to our Raspberry Pi whenever a change is made. Open the options file on the VestaCP webserver:
sudo nano /etc/bind/named.conf.options
An example IP of 1.2.3.4 is shown, but you must youse the external static IP of your Raspberry Pi. Add these two lines:
allow-transfer { 1.2.3.4; };
notify yes;
So it looks like this below:
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
//listen-v6 { any; };
allow-transfer { 1.2.3.4; };
notify yes;
};
Thats all we have to do on the VestaCP master server. Now on to the Raspberry Pi slave DNS server. We need to add the zones to the local config on the slave, so it knows what and where to go. Open the local config file on the Raspberry Pi:
sudo nano /etc/bind/named.conf.local
Add the zone at the bottom of the file as shown below. Change 4.3.2.1 to your VestaCP master IP address and yourdomain.com to, um, your domain. If you are hosting more than one domain, just add more zones:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "yourdomain.com" {
type slave;
masters { 4.3.2.1; };
file "/var/lib/bind/yourdomain.com.db";
};
It's good practice to add an allow-notify for your slaves public IP to prevent "refused notify from non-master" errors as it likes to be able to talk to itself! We can add this in the options file:
sudo nano /etc/bind/named.conf.options
Now add this line before the end of the options section, changing the IP to suit
allow-notify {1.2.3.4;};
Almost done. Make sure port 53 is open on both machines for TCP and UDP. Now restart bind on the Raspberry Pi:
sudo service bind9 restart
And then on the VestaCP machine:
sudo service bind9 restart
Thats all folks! Now, whenever you make a change to any DNS settings in VestaCP, it should pass them over to your slave DNS. Note: If you add a new domain, you will have to manually add the new corresponding zone on your slave. You can check to see if its working by looking at the zone file on the Raspberry Pi:
nano /var/lib/bind/yourdomain.com.db
Don't forget to add the nameservers as hosts at your domain registrar. You can check to see if everything is behaving itself by entering your domain name at dnscheck.pingdom.com
I hope that helps you getting a second DNS working!
John.
Kaynak Site: http://j0hn.uk/vestacp-dns-slave/
Yorum Gönder