BestHub
Sign in
Operations 5 min read

Configuring Primary and Secondary DNS with BIND on Kubernetes Nodes

This guide walks through installing BIND on two Kubernetes nodes, setting up primary DNS with forward and reverse zones, copying zone files, starting the service, and configuring a secondary DNS server to replicate the zones for reliable name resolution.

Practical DevOps Architecture
Practical DevOps Architecture
Practical DevOps Architecture
Configuring Primary and Secondary DNS with BIND on Kubernetes Nodes

This article demonstrates how to set up a DNS service using BIND on a Kubernetes environment, covering both the primary (master) and secondary (slave) DNS servers.

Environment preparation

Primary DNS IP: 192.168.210.177 Secondary DNS IP: 192.168.210.195

Install BIND

yum install bind bind-utils -y

Synchronize time and disable the firewall before proceeding.

Configure the primary DNS

Edit /etc/named.conf and set the following options:

options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { ::1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file "/var/named/data/named.recursing";
    secroots-file "/var/named/data/named.secroots";
    allow-query { any; };
    forward first;
    forwarders { 103.84.240.85; 219.141.130.10; 8.8.8.8; };
};

Add forward and reverse zone definitions in /etc/named.rfc1912.zones :

zone "hahashen.com" IN {
    type master;
    file "hahashen.com.zone";
    allow-update { 192.168.210.195; };
    also-notify { 192.168.210.195; };
};

zone "210.168.192.in-addr.arpa" IN {
    type master;
    file "hahashen.com.local";
    allow-update { 192.168.210.195; };
    also-notify { 192.168.210.195; };
};

Copy the template zone file and edit it:

cp -p /var/named/named.localhost hahashen.com.zone
cp -p hahashen.com.zone hahashen.com.local

Example zone file content ( hahashen.com.zone )

$TTL 1D
@   IN  SOA rname.invalid. (
        0; serial
        1D; refresh
        1H; retry
        1W; expire
        3H ); minimum
NS  dns.hahashen.com.
 dns   IN  A   192.168.210.177
 www   IN  A   192.168.210.85
 gateway IN A 192.168.210.105

Validate the configuration and start the service:

named-checkconf
systemctl start named
netstat -nltp

Configure the secondary DNS

On the slave node, edit /etc/named.conf with the same options as the master.

Update /etc/named.rfc1912.zones to define the zones as slaves:

zone "hahashen.com" IN {
    type slave;
    masters { 192.168.210.177; };
    file "slaves/hahashen.com.zone";
};

zone "210.168.192.in-addr.arpa" IN {
    type slave;
    masters { 192.168.210.177; };
    file "slaves/hahashen.com.local";
};

Validate and start the slave service:

named-checkconf /etc/named.conf
named-checkconf /etc/named.rfc1912.zones
systemctl start named
netstat -nltp

The result is a functional forward and reverse DNS resolution setup with strict policies that can be adjusted per environment.

operationskubernetesnetworklinuxDNSBIND
Practical DevOps Architecture
Written by

Practical DevOps Architecture

Hands‑on DevOps operations using Docker, K8s, Jenkins, and Ansible—empowering ops professionals to grow together through sharing, discussion, knowledge consolidation, and continuous improvement.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment