Installation and Configuration of a Bind9 Secondary (Slave) Server
Introduction
When you want to set up your own DNS server, you must have a secondary server. If you don't have other machines, you can use Gandi, otherwise follow this guide.
Don't forget to declare the secondary server on the primary server.
For OpenBSD, nothing to do, it's already installed by default.
Configuration
Before beginning, declare your secondary servers in your domain name records (update NS records + ACL in named.conf), otherwise notifications won't work.
Configuration of Permissions
If you want a chrooted environment, proceed as follows, otherwise skip this step:
options{directory"/var/cache/bind";pid-file"/var/run/bind/run/named.pid";//Ifthereisafirewallbetweenyouandnameserversyouwant
//totalkto,youmightneedtouncommentthequery-source
//directivebelow.PreviousversionsofBINDalwaysasked
//questionsusingport53,butBIND8.1andlateruseanunprivileged
//portbydefault.
query-sourceaddress*port53;//IfyourISPprovidedoneormoreIPaddressesforstable//nameservers,youprobablywanttousethemasforwarders.//Uncommentthefollowingblock,andinserttheaddressesreplacing//theall-0'splaceholder.
//forwarders{//0.0.0.0;//};//Fordialupconnections
dialupyes;allow-query{any;};//Securityversion
version"Microsoft 2000 DNS Server";auth-nxdomainno;# conform to RFC1035};
rndc.conf
We're using exactly the same file again as for the primary server: