BestHub
Sign in
Operations 15 min read

Step‑by‑Step Master‑Slave DNS Deployment with BIND – Complete Lab Guide

This article walks through installing BIND, configuring the named.conf file, setting up master and slave zones, creating forward and reverse zone files, starting the named service, and verifying the setup with nslookup, including a fail‑over test to demonstrate slave activation.

Linux Tech Enthusiast
Linux Tech Enthusiast
Linux Tech Enthusiast
Step‑by‑Step Master‑Slave DNS Deployment with BIND – Complete Lab Guide

To satisfy a reader request, the author provides a practical lab for deploying a master‑slave DNS architecture using BIND on Linux.

Install BIND

# yum -y install bind*

Configuration file overview

The /etc/named.conf file is divided into three sections: options (global settings), logging, and zone definitions.

# vim /etc/named.conf
options {
    listen‑on port 53 { 10.0.0.62; };
    listen‑on‑v6 port 53 { ::1; };
    directory "/var/named";
    dump‑file "/var/named/data/cache_dump.db";
    statistics‑file "/var/named/data/named_stats.txt";
    memstatistics‑file "/var/named/data/named_mem_stats.txt";
    recursing‑file "/var/named/data/named.recursing";
    secroots‑file "/var/named/data/named.secroots";
    allow‑query { any; };
    recursion yes;               // enable for a caching server
    dnssec‑enable yes;
    dnssec‑validation yes;
    bindkeys‑file "/etc/named.root.key";
    managed‑keys‑directory "/var/named/dynamic";
    pid‑file "/run/named/named.pid";
    session‑keyfile "/run/named/session.key";
};
logging {
    channel default_debug {
        file "data/named.run";
        severity dynamic;
    };
};
zone "." IN { type hint; file "named.ca"; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Key directives explained: listen‑on defines the IP address and port the server listens on. directory sets the working directory for zone files. allow‑query { any; } permits any host to query the server. recursion yes enables recursive (caching) behavior; set to no for an authoritative server. zone statements declare root, forward, and reverse zones.

Configure the master server

# vim /etc/named.conf   (same as above, with the master IP address)
# systemctl start named
# nslookup www.test1.com
Server: 10.0.0.62
Address: 10.0.0.62#53
Name: www.test1.com
Address: 10.0.0.62
# nslookup ftp.test1.com
Server: 10.0.0.62
Address: 10.0.0.62#53
Name: ftp.test1.com
Address: 10.0.0.62

At the end of /etc/named.rfc1912.zones add a forward and a reverse zone for test1.com:

zone "test1.com" IN {
    type master;
    file "test1.com.zone";   // forward zone file
};
zone "0.0.10.in-addr.arpa" IN {
    type master;
    file "test1.com.local";  // reverse zone file
};

Create the zone files by copying templates and adjusting records:

# cd /var/named
# cp -a named.localhost test1.com.zone
# cp -a named.loopback test1.com.local
# cat test1.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
    0 ; serial
    1D ; refresh
    1H ; retry
    1W ; expire
    3H ) ; minimum
    NS @
    A 10.0.0.62
www IN A 10.0.0.62
ftp IN A 10.0.0.62
mail IN CNAME www
# cat test1.com.local
$TTL 1D
@ IN SOA test1.com. rname.invalid. (
    0 ; serial
    1D ; refresh
    1H ; retry
    1W ; expire
    3H ) ; minimum
    NS test1.com.
    A 10.0.0.62
10 IN PTR www.test1.com.
11 IN PTR ftp.test1.com.

Configure the slave server

Modify only the IP address in /etc/named.conf to point to the slave’s own address (e.g., 10.0.0.63) and keep the rest unchanged.

# vim /etc/named.conf   (change listen‑on to 10.0.0.63)
# Add slave zones at the end of /etc/named.rfc1912.zones
zone "test1.com" IN {
    type slave;
    masters { 10.0.0.62; };
    allow‑notify { 10.0.0.62; };
    file "slaves/test1.com.zone";
};
zone "0.0.10.in-addr.arpa" IN {
    type slave;
    masters { 10.0.0.62; };
    allow‑notify { 10.0.0.62; };
    file "slaves/test1.com.local";
};
# systemctl start named

After starting, the slave automatically receives the zone files from the master:

# ll /var/named/slaves/
‑rw‑r‑‑‑‑‑‑‑‑ 1 named named 336 Sep 5 20:02 test1.com.local
‑rw‑r‑‑‑‑‑‑‑‑ 1 named named 319 Sep 5 20:02 test1.com.zone

Client verification

Configure the client network interface to use both DNS servers (master 10.0.0.62 and slave 10.0.0.63) and restart the network.

# cat /etc/sysconfig/network-scripts/ifcfg-ens33
IPADDR=10.0.0.61
PREFIX=24
GATEWAY=10.0.0.2
DNS1=10.0.0.62
DNS2=10.0.0.63
# systemctl restart network
# nslookup www.test1.com
Server: 10.0.0.62
Address: 10.0.0.62#53
Name: www.test1.com
Address: 10.0.0.62
# nslookup ftp.test1.com
Server: 10.0.0.62
Address: 10.0.0.62#53
Name: ftp.test1.com
Address: 10.0.0.62

Fail‑over test

Stop the master DNS service and query from the client again. The response now comes from the slave, confirming that the slave takes over when the master is unavailable.

# systemctl stop named   # on master
# nslookup www.test1.com   # from client
Server: 10.0.0.63
Address: 10.0.0.63#53
Name: www.test1.com
Address: 10.0.0.62

The experiment shows that after the master is stopped, the client continues to resolve the domain because the slave DNS server has been activated.

Linuxmaster‑slaveDNSBINDnamed
Linux Tech Enthusiast
Written by

Linux Tech Enthusiast

Focused on sharing practical Linux technology content, covering Linux fundamentals, applications, tools, as well as databases, operating systems, network security, and other technical knowledge.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment