I know it is strange to set up this type of configuration on an Ubuntu Desktop, but we had to do it for Internet Services class, and it gave problems to me and most of my class.

I am going to use two virtual machines, both running Ubuntu Desktop. First step is installing bind9.

# apt -get install bind9

The test domain will be “etg.local”

• Master dns:
• IP:  192.168.7.1
• name: dns1
• Slave dns:
• IP: 192.168.7.2
• name: pc02 (with dns2 CNAME)

Be careful with using underscore on names.

MASTER

We are going to start by editing /etc/bind/named.conf.local, to define our zone. I am going to define just one zone. You may want to define also a reverse zone.

named.conf.local

Notice that the “type” of this host is master, that is important. We also can see that I used absolute path to the file, because I did not specified any directory on the options.

Allow-transfer, allow-update and also-notify are allowing our slave dns to transfer the zone(s) file(s).

This is my zone file:

Zone file

We must pay attention to thenames to be fully qualified if they include domain name, and both servers must be declared with NS register.

Finally we configure our DNS, this is my configuration file /etc/resolv.conf

/etc/resolv.conf

SLAVE

Here comes the tricky part, at least with Ubuntu Desktop.

First, we configure /etc/resolv.conf to be equally as in master. Search parameter must be “etg.local” and nameserver “127.0.0.1″

Now, we declare our zone, pay attention:

Zone declaration on slave

As you may see, we declared the type of this server as slave, and we set who is its master(s).

Now it should replicate our zone from master server, but it won’t until we do a couple more of steps to avoid errors of writing permission.

We have to edit the file /etc/apparmor.d/usr.sbin.named

Default usr.sbin.named

We have to find the line highlighted in red.

r stands for read, read permission. So we can deduce that it does not have permission to write the zone, that is the because it gives us permission errors.

We change that line to this:

Modified usr.sbin.named

And the last step is giving all permissions to the the bind group in the bind folder:

# chmod -R 775 /etc/bind

Now we restart first the bind server of the master and then the slave with:

# /etc/init.d/bind9 restart

Then if we want to check the log file to see if everything went fine (slave):

# tail -f /var/log/syslog

Syslog

I highlighted some important messages. It tells us that the zone transfer went fine. Now we finally take a look to our recently replicated zone file.

Note: In the next screenshot you will se that the serial is 2. You can transfer with serial, I just added another register (see www) to show you that it really works

Replicated zone

And that’s all, it should work now.