In this exercise you will setup security1.setenforce.com machine as DNS master for the setenforce.com domain. Your security2.setenforce.com machine will be configured as a slave security1 for setenforce.com domain. First, you will need to install bind packages.

[root@security1 ~]# yum -y install bind bind-utils caching-nameserver system-config-bind
[root@security2 ~]# yum -y install bind bind-utils caching-nameserver system-config-bind

We will setup master security1 first. Change /etc/named.conf and add:

zone "setenforce.com." IN {
type master;
file "setenforce.com.zone";
allow-transfer {192.168.100.20;};
};
zone "100.168.192.in-addr.arpa." IN {
type master;
file "100.168.192.in-addr.arpa.zone";
allow-transfer {192.168.100.20;};
};

You will need to make this file. Files are located in /var/named directory. A record you setup only once for IP address. If you want to have more records in DNS for some IP address you will use CNAME

[root@security1 named]# cat setenforce.com.zone
$TTL     86400
@ IN SOA  ns.setenforce.com.       root.localhost. (
                            44      ;serial
                            3H      ;refresh
                            15M      ; retry
                            1W      ; expiry
                            1D )     ;minimum
IN NS ns.setenforce.com.
ns IN A 192.168.100.120
security1 IN CNAME ns
security2 IN A 192.168.100.20
[root@security1 named]# cat 100.168.192.in-addr.arpa.zone
$TTL     86400
@ IN SOA ns.setenforce.com. root.localhost. (
                            44      ; serial
                            3H      ;refresh
                            15M      ; retry
                            1W      ; expiry
                            1D )     ; minimum
100.168.192.in-addr.arpa. IN NS ns.setenforce.com.
120.100.168.192.in-addr.arpa. IN PTR ns.setenforce.com.
20.100.168.192.in-addr.arpa. IN PTR security2.setenforce.com.

Add firewall rules:

[root@security1 named]# iptables -A INPUT -p tcp -s 192.168.100.0/24 --dport 53 -j ACCEPT
[root@security1 named]# iptables -A INPUT -p udp -s 192.168.100.0/24 --dport 53 -j ACCEPT

Restart named service, save and restart iptables. Now it is time to set up slave security1. Edit /etc/named.conf, and on end of file add this:

zone "setenforce.com." IN {
type slave;
file "slaves/setenforce.com.zone";
masters {192.168.100.120;};
};

Also open ports in firewall, like in example for master. OK, now, when yo setup master-slave DNS configuration, it is a time to set some permissions for someone which you doesn't want to give info's about your DNS domain. You need to chroot your environment, so we need to install bind-chroot on both server. Now, default directory for editing will be /var/named/chroot . SELinux type for directory /var/named/chroot/var/named/slaves should be named_cache_t Probably you wan't to give users permission to take version of bind. So change /var/named/chroot/etc/named.conf , and in options part add next:

version "No version for you!";
After this restart named service, and you can try to start version search, on next way:
[root@security1 ~]# dig version.bind chaos txt @security1