Set Up a Secondary Zone

this tutorial explains how to set up a secondary zone in by running a bind9 server on an ubuntu operating system target audience this tutorial is intended to help both developers and technical decision makers what will you learn by the end of the tutorial, you will learn how to set up the following set up a dedicated core server in configure a primary nameserver on a dedicated core server https //docs ionos com/support/general information/glossary of terms#dedicated core server in running a bind9 server on an ubuntu operating system create a secondary zone using dns api establish and verify the zone transfer between primary and secondary zones procedure step 1 set up a dedicated core server in note the user who creates the server has full root or administrator access rights a server, once provisioned, retains all its settings (resources, drive allocation, password, and so on), even after server restart at the operating system level the server will only be removed from your virtual data center once you delete it in the dcd to set up a dedicated core server in , follow these steps create a dedicated core server create a dedicated core server and configure the server in the settings tab by following the steps in create a dedicated core server https //docs ionos com/cloud/compute services/compute engine/how tos/set up dedicated core#create a dedicated core server create a server dedicated core server network settings in the dcd https //docs ionos com/cloud/set up ionos cloud/data center designer > inspector pane on the right, configure the following network details in the network tab 1 name choose a name unique to this virtual data center (vdc) https //docs ionos com/support/general information/glossary of terms#virtual data center vdc 2 mac assigned on vm creation 3 lan select the lan connection that is connected to the internet, by default lan 1 4 firewall by default, the firewall is disabled to enable firewall rules, make sure that incoming and outgoing traffic is allowed on port 53 for udp and tcp 5 ipv4 configuration leave to default values expected result the network settings for a dedicated core server are configured dedicated core server storage settings warning the storage type cannot be changed after provisioning in the dcd https //docs ionos com/cloud/set up ionos cloud/data center designer > inspector pane on the right, configure the following storage details in the storage tab 1 click ssd and a new pop up window create new attached storage appears 2 configure the following storage details name enter a name that is unique within your vdc availability zone leave on "auto" size in gb enter "30" which is sufficient for this tutorial performance select "standard" image you can select one of images or snapshots, or use your own for this tutorial, select ubuntu 24 04 server cloudimg amd64 under images password create a password for the "root" user of the server you will need this password to ssh and make changes ssh keys select an ssh key stored in the ssh key manager ad hoc ssh key if you have not created an ssh key, copy and paste the public part of your ssh key into this field cloud init user data leave on "no configuration" boot from device select this checkbox to make the ssd drive bootable 3 click create ssd storage to create the ssd storage expected result the storage settings for a dedicated core server are configured provision changes and start the dedicated core server 1 select the newly created dedicated core server 2 from the settings tab in the inspector pane, select power > start 3 click provision changes in the lower right corner and then click provision now expected result the dedicated core server is provisioned and started next steps after your changes are provisioned and the server is started, select your dedicated core server, click the network tab in the inspector pane and copy the ipv4 address expected result a dedicated core server is set up and started along with the configuration of settings , network , and storage setup step 2 configure a dedicated core server as a primary nameserver prerequisite a dedicated core server in needs to be set up and you must have the ipv4 address of the server to configure a dedicated core server and enable it to act as the primary nameserver, follow these steps ssh into the newly created dedicated core server ssh root@\<ip address> connect to the newly created server via ssh sudo i apt update y \[ ] apt install y bind9 bind9utils \[ ] proceed with configuring bind9 and your primary zone vi /etc/bind/named conf local configure notify to the dns anycast nameserver and allow zone update from localhost note for sending dns notify messages, dns uses the following anycast addresses ipv4 212 227 123 25 or ipv6 2001 8d8\ fe 53 5cd 25 logging { category xfer out { default syslog; }; category xfer in { default syslog; }; category notify { default syslog; }; category lame servers { default syslog; }; category general { default syslog; }; category default { default syslog; }; }; zone "primary zone de" in { type master; file "/var/cache/bind/primary zone de db"; notify explicit; also notify { 212 227 123 25; }; allow update { 127 0 0 1; }; }; create your primary zone vi /var/cache/bind/primary zone de db edit the zone file ; zone primary zone de ; exported mon aug 17 22 36 11 utc 2023 $origin primary zone de $ttl 3600 @ 3600 in soa primary zone de hostmaster primary zone de ( 2017060104 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 600 ) ; minimum @ 3600 in ns ns ui global dns com @ 3600 in ns ns ui global dns de @ 3600 in ns ns ui global dns org @ 3600 in ns ns ui global dns biz www 60 in a 127 0 0 1 www 60 in aaaa 1 save your changes and quit the vim editor check the configuration, reload bind, and verify that the configured primary zone is working named checkconf systemctl reload named dig +short primary zone de expected result the dedicated core server is configured as the primary nameserver in running a bind9 server on an ubuntu operating system step 3 create a secondary zone in dns prerequisite a dedicated core server in is set up as a primary nameserver to create a secondary zone in the dns by using the rest api, follow this step send a post request to the /secondaryzones endpoint curl location 'https //dns de fra ionos com/secondaryzones' \\ \ header 'content type application/json' \\ \ header 'authorization bearer eyj0exaioijkv1qilcjrawqio' \\ \ data '{ "properties" { "zonename" "primary zone de", "description" "this is a secondary zone for primary zone de in ionos cloud dns", "primaryips" \[ "\<ip address>" ] } }'{ "id" "bdae7da0 0363 49d7 929d 92992786efe1", "type" "secondaryzone", "href" "/secondaryzones/bdae7da0 0363 49d7 929d 92992786efe1", "metadata" { "createddate" "2023 08 06t19 36 58+00 00", "lastmodifieddate" "2023 08 06t19 36 59+00 00", "nameservers" \[ "nscs ui dns com", "nscs ui dns de", "nscs ui dns org", "nscs ui dns biz" ], "state" "available" }, "properties" { "description" "this is a secondary zone for test dns public info in ionos cloud dns", "primaryips" \[ "\<ip address>" ], "zonename" "test dns public info" } } expected result a secondary zone in dns is successfully created using a post request step 4 verify zone transfer on the primary nameserver, you can verify the zone transfer in the logs by executing the following command journalctl unit named follow aug 07 14 43 39 ubuntu named\[2666] client @0x7f467825b958 212 227 123 26#33308 (primary zone de) transfer of 'primary zone de/in' axfr started (serial 2017060104) aug 07 14 43 39 ubuntu named\[2666] client @0x7f467825b958 212 227 123 26#33308 (primary zone de) transfer of 'primary zone de/in' axfr ended 1 messages, 8 records, 299 bytes, 0 001 secs (299000 bytes/sec) (serial 2017060104) you can also verify zone transfer status using dns api curl location 'https //dns de fra ionos com/secondaryzones/bdae7da0 0363 49d7 929d 92992786efe1/axfr' \\ \ header 'authorization bearer eyj0exaioijkv1qilcjrawqio' on success response 200 ok { "items" \[ { "errormessage" "", "primaryip" "\<ip address>", "status" "ok" } ], "type" "collection" } expected result the zone transfer between primary and secondary zones is successfully verified step 5 add a record to add a record, follow these steps on the primary nameserver, update the zone with a new record setting—a record to a test net 3 ip address dig +short www primary zone de @ns ui global dns com 217 160 0 148 nsupdate \> server 127 0 0 1 \> zone primary zone de \> update add www2 primary zone de 600 in a 203 0 113 1 \> send \> quit resolve the new record locally dig +short www2 primary zone de @127 0 0 1 203 0 113 1 view the logs which show that a notification is sent to the secondary zone for the new record aug 07 16 00 22 ubuntu named\[2666] client @0x7f467000d0a8 127 0 0 1#34056 updating zone 'primary zone de/in' adding an rr at 'www2 primary zone de' a 203 0 113 1 aug 07 16 00 22 ubuntu named\[2666] zone primary zone de/in sending notifies (serial 2017060105) using cloud dns api, verify that the newly added record is transferred to the secondary zone curl location 'https //dns de fra ionos com/secondaryzones/bdae7da0 0363 49d7 929d 92992786efe1/records' \\ \ header 'authorization bearer eyj0exaioijkv1qilcjrawqio'{ "id" "bdae7da0 0363 49d7 929d 92992786efe1", "type" "collection", "href" "/secondaryzones/bdae7da0 0363 49d7 929d 92992786efe1/records?limit=100\&offset=0", "metadata" { "primaryips" \[ "\<ip address>" ] }, "items" \[ { "type" "record", "metadata" { "fqdn" "primary zone de", "zoneid" "bdae7da0 0363 49d7 929d 92992786efe1", "rootname" "primary zone de" }, "properties" { "content" "primary zone de hostmaster primary zone de 2017060105 28800 7200 604800 600", "enabled" true, "name" "", "priority" 0, "ttl" 3600, "type" "soa" } }, { "type" "record", "metadata" { "fqdn" "primary zone de", "zoneid" "bdae7da0 0363 49d7 929d 92992786efe1", "rootname" "primary zone de" }, "properties" { "content" "ns ui global dns de", "enabled" true, "name" "", "priority" 0, "ttl" 3600, "type" "ns" } }, { "type" "record", "metadata" { "fqdn" "primary zone de", "zoneid" "bdae7da0 0363 49d7 929d 92992786efe1", "rootname" "primary zone de" }, "properties" { "content" "ns ui global dns biz", "enabled" true, "name" "", "priority" 0, "ttl" 3600, "type" "ns" } }, { "type" "record", "metadata" { "fqdn" "primary zone de", "zoneid" "bdae7da0 0363 49d7 929d 92992786efe1", "rootname" "primary zone de" }, "properties" { "content" "ns ui global dns com", "enabled" true, "name" "", "priority" 0, "ttl" 3600, "type" "ns" } }, { "type" "record", "metadata" { "fqdn" "primary zone de", "zoneid" "bdae7da0 0363 49d7 929d 92992786efe1", "rootname" "primary zone de" }, "properties" { "content" "ns ui global dns org", "enabled" true, "name" "", "priority" 0, "ttl" 3600, "type" "ns" } }, { "type" "record", "metadata" { "fqdn" "www primary zone de", "zoneid" "bdae7da0 0363 49d7 929d 92992786efe1", "rootname" "primary zone de" }, "properties" { "content" "127 0 0 1", "enabled" true, "name" "www", "priority" 0, "ttl" 3600, "type" "a" } }, { "type" "record", "metadata" { "fqdn" "www primary zone de", "zoneid" "bdae7da0 0363 49d7 929d 92992786efe1", "rootname" "primary zone de" }, "properties" { "content" "0 0 0 0 0 0 0 1", "enabled" true, "name" "www", "priority" 0, "ttl" 3600, "type" "aaaa" } }, { "type" "record", "metadata" { "fqdn" "www2 primary zone de", "zoneid" "bdae7da0 0363 49d7 929d 92992786efe1", "rootname" "primary zone de" }, "properties" { "content" "203 0 113 1", "enabled" true, "name" "www2", "priority" 0, "ttl" 3600, "type" "a" } } ], "offset" 0, "limit" 100, " links" { "self" "/secondaryzones/bdae7da0 0363 49d7 929d 92992786efe1/records?limit=100\&offset=0", "next" "/secondaryzones/bdae7da0 0363 49d7 929d 92992786efe1/records?limit=100\&offset=100" } } globally resolve a new record from the dns anycast network by using the following command dig +short www2 primary zone de @ns ui global dns com final result by following this tutorial, you have successfully set up a secondary dns zone in using a bind9 server on ubuntu you can now manage dns records on your primary nameserver and ensure reliable zone transfers to the secondary zone conclusion in this tutorial, you learned how to set up a secondary dns zone in with bind9 on ubuntu by following the steps, you can efficiently manage dns records and automate zone transfers between primary and secondary servers