Configure Zone Transfers from the Master Server to Slave Server

In this exercise, you configure zone transfers from a master to a slave server.

In part I, you create a 128 bit MD5 key with the name zonetransfer.

In part II, you configure the master server to use this key for zone transfer. Create a file /etc/named.key where you enter the key zonetransfer options. This file is included into the /etc/named.conf

In part III, you configure the slave to server to use this key for zone transfer. Copy the file /etc/named.key from the master server to the client server and include it into the file /etc/named.conf.
Do the following:

■ Part I: Generate a Key
■ Part II: Configure the Master Server
■ Part III: Configure the Slave Server

Part I: Generate a Key

1. To stop the DNS server, enter
rcnamed stop
2. Change the directory by entering
cd /var/lib/named
3. To generate a key, enter (on one line)
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST zonetransfer
4. Record the file name of the key in the space below:

Part II: Configure the Master Server

Do the following:
1. Create a new file /etc/named.key with the following content:
key zonetransfer {
algorithm HMAC-MD5;
secret “key”;
};
Instead of key insert the key you created in part I.
2. Change the owner of the file to named by entering
chgrp named /etc/named.key
3. Remove the read permission for others from the file by entering
chmod o-r /etc/named.key
4. On the master server, open the /etc/named.conf file with a text editor.
5. Add the following line at the beginning of the file:
include “/etc/named.key”;
6. Change the content of the zone description of digitalairlines.com as follows:
zone "digitalairlines.com" in {
type master;
file "master/digitalairlines.com.zone";
allow-transfer {
key zonetransfer;
};
};
7. Change the content of the zone description of 0.0.10.in-addr.arpa as follows:
zone “0.0.10.in-addr.arpa” in {
type master;
file “master/10.0.0.zone”;
allow-transfer {
key zonetransfer;
};
};
8. Save the file and exit the text editor.
9. Open a second terminal window and enter su - to get root permissions.
10. When prompted, enter the root password novell.
11. Enter the command
tail -f /var/log/messages
12. Switch to the first terminal window and start bind by entering
rcnamed start
13. From the second terminal window, watch the log output of bind when the slave server is started.

Part III: Configure the Slave Server

Do the following:
1. Copy the file /etc/named.key from the master server to the slave server.
2. Change the owner of the file to named by entering
chgrp named /etc/named.key
3. Remove the read permission for others from the file by entering
chmod o-r /etc/named.key
4. On the slave server, open the /etc/named.conf file with a text editor.
5. Add the following line at the beginning of the file:
include “/etc/named.key”;
6. Add the following lines after the option section:
key zonetransfer {
algorithm HMAC-MD5;
secret “key”;
};
server IP_address_of_the_master_server {
keys {
zonetransfer;
};
};
In the secret option, enter the key of the master server.
7. Save the file and exit the text editor.
8. Remove the files in the directory /var/lib/named/slave/ by entering:
rm /var/lib/named/slave/*
9. Open a second terminal window and enter su - to get root
permissions.
10. When prompted, enter the root password novell.
11. Enter the command
tail -f /var/log/messages
12. Switch to the first terminal window and start bind by entering
rcnamed start
13. From the second terminal window, watch the log output of bind to see if the zone transfer will be done.