A master (sometimes called primary) DNS server is a DNS server that other DNS servers can automatically transfer zone files from. There are limitations to this way of transferring zone files; zone files transferred this way lose all comments and the ordering of records in the zone file is usually changed.
In other words, DNS has a mechanism for automatically having multiple different servers have the same zone file data. This is akin to the rsync program; this allows one to change a zone file on the master machine, then have the slave machines automatically transfer the zone file from the master machine.
This is useful when one wants to have multiple machines serving DNS data. This is also useful when one wants to register a domain, but only has a single IP on the internet. There are a number of free DNS secondary (slave) services out there that one can use to have a second IP for a DNS server of a domain.
To set this up, one needs to run the zoneserver daemon in addition to the maradns daemon. Both daemons use the same mararc configuration file; there are a few mararc variables that affect the zoneserver daemon but not the maradns daemon (and vice versa).
When setting up a master DNS server, only one additional mararc variable needs to be set up, zone_transfer_acl. This variable needs to list the IPs of the slave DNS servers that will transfer zones from the master server. For example, if the slave DNS servers have the IPs 192.168.72.34, 10.34.56.98, and 172.17.23.37, the line will look like this:
zone_transfer_acl = "192.168.72.34, 10.34.56.98, 172.17.23.37"If you do not know the IPs of the slave DNS servers, you can allow any computer on the internet to connect to your zone server thusly:
zone_transfer_acl = "0.0.0.0/0"Note that this will make potentially private information public.
Something like this can also be done:
zone_transfer_acl = "192.168.42.0/24, 10.0.0.0/8, 172.19.0.0/16"This will allow any IP starting with "192.168.42" to connect to the zone server, any IP starting with "10" to connect to the zone server, and any IP starting with "172.19" to connect to the zone server.
Here is a example mararc file which is on the ip 10.1.2.3, and serves the zone example.com to the IPs 192.168.72.34, 10.34.56.98, and 172.17.23.37:
ipv4_bind_addresses = "10.1.2.3"
chroot_dir = "/etc/maradns"
csv2 = {}
csv2["example.com."] = "db.example.com"
zone_transfer_acl = "192.168.72.34, 10.34.56.98, 172.17.23.37"
example.com. SOA example.com. hostmaster@example.com. 1 7200 3600 604800 1800The first field is the name of the zone this SOA record is for.
The second field tells the csv2 parser that this is a SOA record.
The third field is the name of the machine which is the DNS master server for this zone.
The fourth field is the email address for the person in charge of this zone.
The fifth field (first numeric field) is what is called the "serial" number. This number is used by slave DNS servers to see if the zone file has changed. This number should be increased every time a zone file is changed. MaraDNS, when generating a synthetic SOA record, looks to see when the zone file was last changed, and uses a time stamp which updates every six seconds as the SOA serial number.
The sixth field (second numeric field) is the "refresh" for the domain; this is how often (in seconds) a slave DNS server could check to see if the serial on the master DNS server has changed.
The seventh field (third numeric field) is the "retry" for the domain; when the master DNS server is down, this is how often the slave DNS server will check to see if the master DNS server is up again. This value, like all time values, is in seconds.
The eight field (fourth numeric field) is the "expire" for the domain; this is how long the slave server will wait before no longer attempting to get a zone from a master DNS server when the master DNS server is down. This should be a large value.
The ninth field (fifth numeric field) is the "minimum" for the domain; this does not affect how MaraDNS processes a zone file and is not used by slave DNS servers (it determines the default/minimum TTL with other DNS servers).