Recipe 24.19. Building a BIND Secondary Server

24.19.1 Problem

You have your public BIND server configured and running smoothly. Now you want to have a secondary BIND server in place.

24.19.2 Solution

There are four steps:

1. Configure the primary's named.conf so that it will transfer zone file changes to the secondary.

2. Configure the zone and reverse pointer files for the local domain so that the secondary is listed as one of the authoritative name servers for the domain.

3. Get a caching name server running on the host that will serve as secondary, and then configure it so that it is aware of its role as secondary.

4. Update client configurations.

The first step is accomplished by adding an also-notify directive to the zone blocks in named.conf on the primary. This example makes henbane the secondary to catmint (see Recipe Recipe 24.18):

zone "windbag.net" IN {   type master;   file "zone.net.windbag";   // tell henbane when changes get made   also-notify { 208.201.239.46; } };     zone "239.201.208.in-addr.arpa" {   type master;   file "revp.208.201.239 ";   also-notify { 208.201.239.46; } };

Next, add henbane as a second name server in zone.net.windbag:

// zone.net.windbag // public dns zone for for windbag.net .... .... ; define the authoritative name servers                 NS      catmint                 NS      henbane

Remember to advance your serial number after making changes to a zone file!

Don't forget to add henbane to revp.208.201.239, and mind your trailing dots:

;  revp.208.201.239 ; reverse pointers for 208.201.239 subnet .... .... ; define the authoritative name servers               NS      catmint.windbag.net.               NS      henbane.windbag.net.

Remember to advance your serial number!

That takes care of steps 1 and 2. To complete step 3, set up a caching name server according to Recipe Recipe 24.15. Make it exactly the same. The only difference, other than being on a different machine, is in named.conf on the secondary. You'll add a type slave directive for both the zone blocks:

// serve as secondary for windbag.net domain zone "windbag.net" IN {   type slave;   file "zone.net.windbag";   // where the primary nameserver lives   masters { 208.201.239.45; } };     // serve as secondary for 208.201.239.45 net info zone "239.201.208.in-addr.arpa" {   type slave;   file "revp.208.201.239 ";   masters { 208.201.239.45; } };

Restart BIND, add the second name server to your client PCs or DHCP server, and you're done.

24.19.3 Discussion

To really be useful as a secondary, the server should be at a different physical location and not right next to your primary, as in this recipe. Exchanging secondaries with friends is a good strategy, or you might get an account on a shared server in a data center; the cost is reasonable, and they have all the hardware and bandwidth headaches. All you have to do is make sure your configurations are correct.

The also-notify directive insures that when changes are made to zone files on the primary server, they will automatically be pushed out to the secondary. Remember to advance your serial number, or nothing will happen!

24.19.4 See Also

• named(5), named(8)

• Chapter 6 of The Bind 9 Administrator's Reference Manual (http://www.bind9.net/Bv9ARM.html)

• Appendix C of TCP/IP Network Administration, Third Edition