Firmware version 8.4.12 and later allow an Ecessa device to be configured as a slave DNS server. This article will show the configuration settings required on the slave and master servers (assuming the master is another Ecessa device).
Both the Master and Slave will need the domain(s) added under Domain Management:
On the Master: Click on [Configure] for the domain to update. Confirm that the “Enable zone transfers to” setting is enabled and the text field has the appropriate WAN IP addresses for the slave DNS server (make sure to include the addresses from every WAN the slave server answers DNS requests on).
Here is the zone as configured on the Master:
$ORIGIN .
$TTL 1d
example.com. 3600 IN SOA ns1.example.com. hostmaster@example.com. 2013061901 360 60 1209600 300
example.com. 900 IN NS ns1.example.com.
example.com. 900 IN NS ns2.example.com.
example.com. 900 IN NS ns3.example.com.
example.com. 900 IN NS ns4.example.com.
ns1.example.com. 900 IN A 10.10.20.2
ns2.example.com. 900 IN A 10.10.40.2
ns3.example.com. 900 IN A 10.10.30.2
ns4.example.com. 900 IN A 10.10.50.2
www1.example.com. 30 IN A 10.10.20.20
www2.example.com. 30 IN A 10.10.40.20
ftp1.example.com. 30 IN A 10.10.20.21
ftp2.example.com. 30 IN A 10.10.40.21
www.example.com. 30 IN A 10.10.20.20
example.com. 30 IN A 10.10.20.20
www.example.com. 30 IN A 10.10.40.20
example.com. 30 IN A 10.10.40.20
ftp.example.com. 30 IN A 10.10.20.21
ftp.example.com. 30 IN A 10.10.40.21
example.com. 360 IN TXT "\"this is a TXT record on the Master\""
On the Slave: Click on [Configure] for the domain to update. Confirm the “Enable as DNS slave” setting is enabled and the text field to the right has the WAN IP addresses for the Master server (make sure to include all WAN addresses the master answers DNS requests on). Also make sure that the Serial Number under the SOA Record section is lower than the serial number on the master. If the serial number is higher, the slave will not request a zone transfer.
The Slave server does not require any further configuration changes though it is recommended to update the NS records for clarity (locally configured NS records, A records, etc will not be used).
Here is the zone as configured on the Slave:
$ORIGIN .
$TTL 1d
example.com. 3600 IN SOA ns1.example.com. hostmaster@example.com. 2013061900 360 60 1209600 30
example.com. 900 IN NS ns1.example.com.
example.com. 900 IN NS ns2.example.com.
ns3.example.com. 900 IN A 10.10.30.2
ns4.example.com. 900 IN A 10.10.50.2
wan1.example.com. 30 IN A 10.10.30.2
wan2.example.com. 30 IN A 10.10.50.2
As you can see, the slave does not show the same records as the master server. However, when testing DNS resolution the slave will answer with the transferred zone information like so:
C:\>nslookup -type=soa example.com. 10.10.30.2
Server: UnKnown
Address: 10.10.30.2
example.com
primary name server = ns1.example.com
responsible mail addr = hostmaster@example.com
serial = 2013061901
refresh = 360 (6 mins)
retry = 60 (1 min)
expire = 1209600 (14 days)
default TTL = 30 (30 secs)
example.com nameserver = ns1.example.com
example.com nameserver = ns2.example.com
example.com nameserver = ns3.example.com
example.com nameserver = ns4.example.com
ns1.example.com internet address = 10.10.20.2
ns2.example.com internet address = 10.10.40.2
ns3.example.com internet address = 10.10.30.2
ns4.example.com internet address = 10.10.50.2
C:\>nslookup -type=TXT example.com. 10.10.30.2
Server: UnKnown
Address: 10.10.30.2
example.com text =
""this is a TXT record on the Master""
example.com nameserver = ns1.example.com
example.com nameserver = ns2.example.com
example.com nameserver = ns3.example.com
example.com nameserver = ns4.example.com
ns1.example.com internet address = 10.10.20.2
ns2.example.com internet address = 10.10.40.2
ns3.example.com internet address = 10.10.30.2
ns4.example.com internet address = 10.10.50.2
C:\>nslookup www.example.com. 10.10.30.2
Server: UnKnown
Address: 10.10.30.2
Name: www.example.com
Addresses: 10.10.40.20
10.10.20.20
0 Comments