For some public sites under my supervision, I host the authorized DNS service. To ensure configuration and uptime, there's one master and three slave DNS servers.
All servers run bind in a FreeBSD 11 jail. Quick setup:
* Install, run pkg install -y bind99
.
* Enable it to start on boot: sysrc -f /etc/rc.conf.local named_enable="YES"
* Since these are running in jails, the listen-on
setting keeps the DNS service from listening on all IP addresses (i.e. 0.0.0.0
).
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS bind named 273 1 udp4 172.16.3.2:53 *:*
- Master
- The start of the config file (
/usr/local/etc/namedb/named.conf
):options { directory "/usr/local/etc/namedb/working"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; listen-on { 172.16.1.2; }; allow-recursion { 172.16.1.0/24; 127.0.0.1; }; allow-transfer { 172.16.1.3; 172.16.1.4; 172.16.1.5;}; allow-update { none; }; allow-query { any; }; version none; hostname none; server-id none; <truncated output>
- At the end of the config file, include the following as needed:
zone "example.com" IN { type master; file "/usr/local/etc/namedb/example.com"; };
- The start of the config file (
- Slave
- The start of the config file (
/usr/local/etc/namedb/named.conf
):options { directory "/usr/local/etc/namedb/working"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; listen-on { 172.16.1.3; }; allow-recursion { 172.16.1.0/24; 127.0.0.1; }; allow-transfer { none; }; allow-update { none; }; allow-query { any; }; version none; hostname none; server-id none; <truncated output>
- At the end of the config file, include the following as needed:
zone "example.com" IN { type slave; masters { 172.16.1.2; }; file "/usr/local/etc/namedb/example.com"; };
- The start of the config file (