Secondary DNS Server in CentOS 6

Please consult this article to check how the primary DNS Server is configured in chroot environment.

A secondary DNS Server is used as a backup DNS Server in case the primary fails. The configuration is almost identical.

Here are the details:
Domain: testdom.inv
Primary: ns1.testdom.inv (
Secondary: ns2.testdom.inv (


Secondary DNS Server


Again, the host names must be properly specified. We have to modify the following lines in the mentioned files -

[root@centu ~]# vim /etc/sysconfig/network


[root@ns2 ~]# vim /etc/hosts    ns2.testdom.inv   ns2

Finally, we set the resolver IP to the primary DNS Server

[root@ns2 ~]# vim /etc/resolv.conf


 Phase 2:

Now we set up necessary packages -

[root@ns2 ~]# yum install bind bind-chroot
Loaded plugins: fastestmirror, presto
Determining fastest mirrors
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind.i686 32:9.7.0-5.P2.el6 set to be updated
---> Package bind-chroot.i686 32:9.7.0-5.P2.el6 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

 Package                     Arch                 Version                           Repository             Size
 bind                        i686                 32:9.7.0-5.P2.el6                 myyum                 3.5 M
 bind-chroot                 i686                 32:9.7.0-5.P2.el6                 myyum                  65 k

Transaction Summary
Install       2 Package(s)
Upgrade       0 Package(s)

Total download size: 3.5 M
Installed size: 6.4 M
Is this ok [y/N]: y
Downloading Packages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download: 3.5 M
Total                                                                            22 MB/s | 3.5 MB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : 32:bind-9.7.0-5.P2.el6.i686                                                              1/2 
  Installing     : 32:bind-chroot-9.7.0-5.P2.el6.i686                                                       2/2 

  bind.i686 32:9.7.0-5.P2.el6                         bind-chroot.i686 32:9.7.0-5.P2.el6                        


Phase 3:

Preparing the configuration file -

[root@ns2 ~]# cp /usr/share/doc/bind-9.7.0/sample/etc/named.rfc1912.zones /var/named/chroot/etc/named.conf 
[root@ns2 ~]# vim /var/named/chroot/etc/named.conf 


options {
        directory "/var/named";
        forwarders {; };


zone "testdom.inv" IN {
        type slave;
        file "testdom-fz";
        //allow-update { none; };
        allow-transfer {; };  //the primary server
        masters {; };

zone "" IN {
        type slave;
        file "testdom-rz";
//      allow-update { none; };
        allow-transfer {; };  //the primary server
        masters {; };

And we set necessary permissions to the directory /var/named/chroot/var/named

[root@ns2 ~]# chmod 770 /var/named/chroot/var/named

Phase 4:

Time to start the service.

[root@ns2 ~]# service named restart; chkconfig named on
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]
[root@ns2 ~]# 

Now the secondary DNS Server is ready. The zone files from the primary server will be automatically copied to the secondary server.


To test, we could do the following-
  1. In the client, we can set the primary and the secondary DNS IP as the IP addresses of servers ns1 and ns2
  2. Stop the named service in the primary server.
  3. Checking from client whether the DNS query gets answered or not. If there queries are answered, we could check which server answered the query.


While configuring the secondary DNS Server, the following should be kept in mind -
  1. We don't need to define the zone files in the secondary DNS Server. It will automatically be transferred from primary DNS Server.
  2. While updating the zone files in the primay DNS Server, the serial number has to be updated. The secondary DNS Server will transfer zone files only if the serial number is different.


  1. Check /var/log/messages. It may provide useful clue such as whether there is a permission issue i.e. the working directory is not writable.
  2. Check whether the named service is listening to the necessary ports by using the command netstat  -tulpn

Hope this helps ^_^



  1. That was a great help... Thanks. keep up the good work...


Post a Comment