BIND: Konfigurasi sebagai private DNS

From OnnoWiki
Jump to navigation Jump to search

Sumber: https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-14-04


Install BIND

install BIND

sudo su
apt update
apt install bind9 bind9utils bind9-doc

Setup hanya untuk IPv4 (-4) jika dibutuhkan

vi /etc/default/bind9

Tambahkan (-4)

OPTIONS="-4 -u bind"

Konfigurasi Primary DNS Server

Edit

sudo vi /etc/bind/named.conf.options

Jika dibutuhkan kita bisa menambahkan trusted client

acl "trusted" {
        10.128.10.11;    # ns1 - can be set to localhost
        10.128.20.12;    # ns2
        10.128.100.101;  # host1
        10.128.200.102;  # host2
};

Ubah ns1 IP address yang benar, misalnya,

options {
        directory "/var/cache/bind";

        recursion yes;                 # enables resursive queries
        allow-recursion { trusted; };  # allows recursive queries from "trusted" clients
        listen-on { 10.128.10.11; };   # ns1 private IP address - listen on private network only
        allow-transfer { none; };      # disable zone transfers by default

        forwarders {
                8.8.8.8;
                8.8.4.4;
         };
...
};

Konfigurasi Local File

Edit

sudo vi /etc/bind/named.conf.local

Di file ini kita bisa tambahkan forward dan revese zone dari sebuah domain, contoh

zone "nyc3.example.com" {
    type master;
    file "/etc/bind/zones/db.nyc3.example.com"; # zone file path
    allow-transfer { 10.128.20.12; };         # ns2 private IP address - secondary
};

Asumsi private subnet 10.128.0.0/16, reverse zone- adalah,

zone "128.10.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.10.128";  # 10.128.0.0/16 subnet
    allow-transfer { 10.128.20.12; };  # ns2 private IP address - secondary
};


Buat Forward Zone File

Buat dan edit

sudo mkdir /etc/bind/zones
cd /etc/bind/zones
sudo cp ../db.local ./db.nyc3.example.com
sudo vi /etc/bind/zones/db.nyc3.example.com

Isi awalnya kira-kira

$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.      ; delete this line
@       IN      A       127.0.0.1       ; delete this line
@       IN      AAAA    ::1             ; delete this line

Dapat kita ubah menjadi, misalnya,

$TTL    604800
@       IN      SOA     ns1.nyc3.example.com. admin.nyc3.example.com. (
                  3       ; Serial
             604800     ; Refresh
              86400     ; Retry
            2419200     ; Expire
             604800 )   ; Negative Cache TTL
;
; name servers - NS records
     IN      NS      ns1.nyc3.example.com.
     IN      NS      ns2.nyc3.example.com. 

; name servers - A records
ns1.nyc3.example.com.          IN      A       10.128.10.11
ns2.nyc3.example.com.          IN      A       10.128.20.12

; 10.128.0.0/16 - A records
host1.nyc3.example.com.        IN      A      10.128.100.101
host2.nyc3.example.com.        IN      A      10.128.200.102

Buat Reverse Zone File

Buat dan edit

   cd /etc/bind/zones
   sudo cp ../db.127 ./db.10.128
   sudo vi /etc/bind/zones/db.10.128

Awalnya akan berisi kira-kira

$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.      ; delete this line
1.0.0   IN      PTR     localhost.      ; delete this line

Ubah menjadi kira-kira,

$TTL    604800
@       IN      SOA     nyc3.example.com. admin.nyc3.example.com. (
                              3         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
; name servers
      IN      NS      ns1.nyc3.example.com.
      IN      NS      ns2.nyc3.example.com.

; PTR Records
11.10   IN      PTR     ns1.nyc3.example.com.    ; 10.128.10.11
12.20   IN      PTR     ns2.nyc3.example.com.    ; 10.128.20.12
101.100 IN      PTR     host1.nyc3.example.com.  ; 10.128.100.101
102.200 IN      PTR     host2.nyc3.example.com.  ; 10.128.200.102

Cek Syntax Konfigurasi BIND

Jalankan perintah

sudo named-checkconf

Cek zone tertentu

sudo named-checkzone nyc3.example.com db.nyc3.example.com
sudo named-checkzone 128.10.in-addr.arpa /etc/bind/zones/db.10.128

Pastikan tidak ada error

Restart BIND

Restart

   sudo service bind9 restart

Konfigurasi Secondary DNS Server

Lakukan ini di mesin Secondary DNS Server

Edit

sudo vi /etc/bind/named.conf.options

Tambahkan

acl "trusted" {
        10.128.10.11;   # ns1
        10.128.20.12;   # ns2 - can be set to localhost
        10.128.100.101;  # host1
        10.128.200.102;  # host2
};

Tambahkan

recursion yes;
allow-recursion { trusted; };
listen-on { 10.128.20.12; };      # ns2 private IP address
allow-transfer { none; };          # disable zone transfers by default

forwarders {
     8.8.8.8;
     8.8.4.4;
};

Edit named.conf.local

sudo vi /etc/bind/named.conf.local

Buat slave zone,

zone "nyc3.example.com" {
    type slave;
    file "slaves/db.nyc3.example.com";
    masters { 10.128.10.11; };  # ns1 private IP
};

zone "128.10.in-addr.arpa" {
    type slave;
    file "slaves/db.10.128";
    masters { 10.128.10.11; };  # ns1 private IP
};

Cek

Now save and exit named.conf.local.

sudo named-checkconf

Restart

sudo service bind9 restart

Konfigurasi DNS Client

Edit head file

sudo vi /etc/resolvconf/resolv.conf.d/head

Tambahkan

search nyc3.example.com  # your private domain
nameserver 10.128.10.11  # ns1 private IP address
nameserver 10.128.20.12  # ns2 private IP address

Jalankan

sudo resolvconf -u

Test Client

Test forward

nslookup host1

Akan keluar

Output:
Server:     10.128.10.11
Address:    10.128.10.11#53

Name:   host1.nyc3.example.com
Address: 10.128.100.101

Test reverse

nslookup 10.128.100.101

Akan keluar

Output:
Server:     10.128.10.11
Address:    10.128.10.11#53

11.10.128.10.in-addr.arpa   name = host1.nyc3.example.com.

Maintain DNS Record

Menambahkan Host ke DNS, tambahkan ke Primary NameServer,

  • Forward zone file: Tambahkan "A" record untuk host / mesin baru, naikan nilai "Serial"
  • Reverse zone file: Tambahkan "PTR" record untuk host / mesin baru, naikan nilai "Serial"
  • Tambahkan private IP address mesin / host tersebut ke "trusted" ACL (named.conf.options)

Reload BIND:

sudo service bind9 reload

Secondary Nameserver

  • Tambahkan private IP address host / mesin baru ke "trusted" ACL (named.conf.options)

Reload BIND:

sudo service bind9 reload

Konfigurasi Client

  • Konfigurasi resolv.conf untuk menggunakan DNS server anda
  • Test dengan nslookup

Pranala Menarik

Referensi