Setting up a Secondary DNS (slave) server under Fedora Core 6

(Need to do primary DNS? Check here.)

1. Get named:

   yum install caching-nameserver
   

2. Get some fonts: (I had to do this because this server doesn't have a complete X environment and I didn't want to install the whole thing)

   yum install xorg-x11-fonts-base
   yum install xorg-x11-font-utils
   yum install xorg-x11-fonts-truetype
   yum install xorg-x11-utils
   yum install xorg-x11-fonts-Type1
   

3. Update the font cache:

   fc-cache -f -v
   

4. Run (in X environment):

   system-config-bind 
   

   Do nothing; just exit. This creates the dummy config files.

5. Fix permissions:

   cd /var/named
   chown named.named slaves
   chown named.named .
   

6. Edit 2ndary's /etc/named.conf, leave defaults. Scroll down and, just above the "include rndc.key" line, add section like the following:

   zone "your.domain.com" {
   	type slave;
   	file "named.hosts";
   	masters {
   		ip.of.primary.dns;
   	};
   };
   zone "ip.range.of.your.network.in-addr.arpa" {
   	type slave;
   	file "named.rev";
   	masters {
   		ip.of.primary.dns;
   	};
   };
   

   If you have multiple VLSM'd IP ranges, add another .rev block for each.

7. Optional: Allow zone transfers from 2ndary to some range (in our case, rest of campus network) -- edit 2ndary's /etc/named.conf and under options block, add:

   	allow-transfer {
   		129.170.0.0/16;
   	};
   

8. Firewall issues:

   - Make sure firewall on 2ndary allows UDP 53 from the world for basic lookups; TCP/53 if you want to enable zone transfers from it to other servers.

   - Make sure firewall on primary allows TCP/53 from the 2ndary, and of course UDP 53 from the world.

   - Make sure firewall in between the two lets them do same as above, and lets them both connect outbound to TCP and UDP 53.

9. (re)start named and check /var/log/messages for errors:

   service named restart
   

   If no errors, done!