Follow

How do I configure an Ecessa appliance to act as a DNS slave server?

Firmware version 8.4.12 and later allow an Ecessa device to be configured as a slave DNS server. This article will show the configuration settings required on the slave and master servers (assuming the master is another Ecessa device).

Both the Master and Slave will need the domain(s) added under Domain Management:

 auth_dns_main.png

On the Master: Click on [Configure] for the domain to update. Confirm that the “Enable zone transfers to” setting is enabled and the text field has the appropriate WAN IP addresses for the slave DNS server (make sure to include the addresses from every WAN the slave server answers DNS requests on).

 master_dns_allow_zone_transfer.png

Here is the zone as configured on the Master:

$ORIGIN .

$TTL 1d

example.com. 3600 IN SOA ns1.example.com. hostmaster@example.com. 2013061901 360 60 1209600 300

example.com. 900 IN NS ns1.example.com.

example.com. 900 IN NS ns2.example.com.

example.com. 900 IN NS ns3.example.com.

example.com. 900 IN NS ns4.example.com.

ns1.example.com. 900 IN A 10.10.20.2

ns2.example.com. 900 IN A 10.10.40.2

ns3.example.com. 900 IN A 10.10.30.2

ns4.example.com. 900 IN A 10.10.50.2

www1.example.com. 30 IN A 10.10.20.20

www2.example.com. 30 IN A 10.10.40.20

ftp1.example.com. 30 IN A 10.10.20.21

ftp2.example.com. 30 IN A 10.10.40.21

www.example.com. 30 IN A 10.10.20.20

example.com. 30 IN A 10.10.20.20

www.example.com. 30 IN A 10.10.40.20

example.com. 30 IN A 10.10.40.20

ftp.example.com. 30 IN A 10.10.20.21

ftp.example.com. 30 IN A 10.10.40.21

example.com. 360 IN TXT "\"this is a TXT record on the Master\""

 

On the Slave: Click on [Configure] for the domain to update. Confirm the “Enable as DNS slave” setting is enabled and the text field to the right has the WAN IP addresses for the Master server (make sure to include all WAN addresses the master answers DNS requests on). Also make sure that the Serial Number under the SOA Record section is lower than the serial number on the master. If the serial number is higher, the slave will not request a zone transfer.

slave_dns_enable_slave_mode.png

The Slave server does not require any further configuration changes though it is recommended to update the NS records for clarity (locally configured NS records, A records, etc will not be used).

Here is the zone as configured on the Slave:

$ORIGIN .

$TTL 1d

example.com.    3600 IN   SOA  ns1.example.com. hostmaster@example.com. 2013061900 360 60 1209600 30

example.com.    900  IN   NS   ns1.example.com.

example.com.    900  IN   NS   ns2.example.com.

ns3.example.com.     900  IN   A    10.10.30.2

ns4.example.com.     900  IN   A    10.10.50.2

wan1.example.com.    30   IN   A    10.10.30.2

wan2.example.com.    30   IN   A    10.10.50.2

 

As you can see, the slave does not show the same records as the master server. However, when testing DNS resolution the slave will answer with the transferred zone information like so:

C:\>nslookup -type=soa example.com. 10.10.30.2

Server:  UnKnown

Address:  10.10.30.2

example.com

        primary name server = ns1.example.com

        responsible mail addr = hostmaster@example.com

        serial  = 2013061901

        refresh = 360 (6 mins)

        retry   = 60 (1 min)

        expire  = 1209600 (14 days)

        default TTL = 30 (30 secs)

example.com     nameserver = ns1.example.com

example.com     nameserver = ns2.example.com

example.com     nameserver = ns3.example.com

example.com     nameserver = ns4.example.com

ns1.example.com internet address = 10.10.20.2

ns2.example.com internet address = 10.10.40.2

ns3.example.com internet address = 10.10.30.2

ns4.example.com internet address = 10.10.50.2

 

C:\>nslookup -type=TXT example.com. 10.10.30.2

Server:  UnKnown

Address:  10.10.30.2

 

example.com     text =

        ""this is a TXT record on the Master""

example.com     nameserver = ns1.example.com

example.com     nameserver = ns2.example.com

example.com     nameserver = ns3.example.com

example.com     nameserver = ns4.example.com

ns1.example.com internet address = 10.10.20.2

ns2.example.com internet address = 10.10.40.2

ns3.example.com internet address = 10.10.30.2

ns4.example.com internet address = 10.10.50.2

 

C:\>nslookup www.example.com. 10.10.30.2

Server:  UnKnown

Address:  10.10.30.2

Name:    www.example.com

Addresses:  10.10.40.20

          10.10.20.20

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.