BIND: Konfigurasi sebagai private DNS
Jump to navigation
Jump to search
Install BIND
install BIND
sudo su apt update apt install bind9 bind9utils bind9-doc
Setup hanya untuk IPv4 (-4) jika dibutuhkan
vi /etc/default/bind9
Tambahkan (-4)
OPTIONS="-4 -u bind"
Konfigurasi Primary DNS Server
Edit
sudo vi /etc/bind/named.conf.options
Jika dibutuhkan kita bisa menambahkan trusted client
acl "trusted" {
10.128.10.11; # ns1 - can be set to localhost
10.128.20.12; # ns2
10.128.100.101; # host1
10.128.200.102; # host2
};
Ubah ns1 IP address yang benar, misalnya,
options {
directory "/var/cache/bind";
recursion yes; # enables resursive queries
allow-recursion { trusted; }; # allows recursive queries from "trusted" clients
listen-on { 10.128.10.11; }; # ns1 private IP address - listen on private network only
allow-transfer { none; }; # disable zone transfers by default
forwarders {
8.8.8.8;
8.8.4.4;
};
...
};
Konfigurasi Local File
Edit
sudo vi /etc/bind/named.conf.local
Di file ini kita bisa tambahkan forward dan revese zone dari sebuah domain, contoh
zone "nyc3.example.com" {
type master;
file "/etc/bind/zones/db.nyc3.example.com"; # zone file path
allow-transfer { 10.128.20.12; }; # ns2 private IP address - secondary
};
Asumsi private subnet 10.128.0.0/16, reverse zone- adalah,
zone "128.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.10.128"; # 10.128.0.0/16 subnet
allow-transfer { 10.128.20.12; }; # ns2 private IP address - secondary
};
Buat Forward Zone File
Buat dan edit
sudo mkdir /etc/bind/zones cd /etc/bind/zones sudo cp ../db.local ./db.nyc3.example.com sudo vi /etc/bind/zones/db.nyc3.example.com
Isi awalnya kira-kira
$TTL 604800
@ IN SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost. ; delete this line
@ IN A 127.0.0.1 ; delete this line
@ IN AAAA ::1 ; delete this line
Dapat kita ubah menjadi, misalnya,
$TTL 604800
@ IN SOA ns1.nyc3.example.com. admin.nyc3.example.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns1.nyc3.example.com.
IN NS ns2.nyc3.example.com.
; name servers - A records
ns1.nyc3.example.com. IN A 10.128.10.11
ns2.nyc3.example.com. IN A 10.128.20.12
; 10.128.0.0/16 - A records
host1.nyc3.example.com. IN A 10.128.100.101
host2.nyc3.example.com. IN A 10.128.200.102
Buat Reverse Zone File
Buat dan edit
cd /etc/bind/zones sudo cp ../db.127 ./db.10.128 sudo vi /etc/bind/zones/db.10.128
Awalnya akan berisi kira-kira
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost. ; delete this line
1.0.0 IN PTR localhost. ; delete this line
Ubah menjadi kira-kira,
$TTL 604800
@ IN SOA nyc3.example.com. admin.nyc3.example.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; name servers
IN NS ns1.nyc3.example.com.
IN NS ns2.nyc3.example.com.
; PTR Records
11.10 IN PTR ns1.nyc3.example.com. ; 10.128.10.11
12.20 IN PTR ns2.nyc3.example.com. ; 10.128.20.12
101.100 IN PTR host1.nyc3.example.com. ; 10.128.100.101
102.200 IN PTR host2.nyc3.example.com. ; 10.128.200.102
Cek Syntax Konfigurasi BIND
Jalankan perintah
sudo named-checkconf
Cek zone tertentu
sudo named-checkzone nyc3.example.com db.nyc3.example.com sudo named-checkzone 128.10.in-addr.arpa /etc/bind/zones/db.10.128
Pastikan tidak ada error
Restart BIND
Restart
sudo service bind9 restart
Konfigurasi Secondary DNS Server
Lakukan ini di mesin Secondary DNS Server
Edit
sudo vi /etc/bind/named.conf.options
Tambahkan
acl "trusted" {
10.128.10.11; # ns1
10.128.20.12; # ns2 - can be set to localhost
10.128.100.101; # host1
10.128.200.102; # host2
};
Tambahkan
recursion yes;
allow-recursion { trusted; };
listen-on { 10.128.20.12; }; # ns2 private IP address
allow-transfer { none; }; # disable zone transfers by default
forwarders {
8.8.8.8;
8.8.4.4;
};
Edit named.conf.local
sudo vi /etc/bind/named.conf.local
Buat slave zone,
zone "nyc3.example.com" {
type slave;
file "slaves/db.nyc3.example.com";
masters { 10.128.10.11; }; # ns1 private IP
};
zone "128.10.in-addr.arpa" {
type slave;
file "slaves/db.10.128";
masters { 10.128.10.11; }; # ns1 private IP
};
Cek
Now save and exit named.conf.local.
sudo named-checkconf
Restart
sudo service bind9 restart
Konfigurasi DNS Client
Edit head file
sudo vi /etc/resolvconf/resolv.conf.d/head
Tambahkan
search nyc3.example.com # your private domain nameserver 10.128.10.11 # ns1 private IP address nameserver 10.128.20.12 # ns2 private IP address
Jalankan
sudo resolvconf -u
Test Client
Test forward
nslookup host1
Akan keluar
Output: Server: 10.128.10.11 Address: 10.128.10.11#53 Name: host1.nyc3.example.com Address: 10.128.100.101
Test reverse
nslookup 10.128.100.101
Akan keluar
Output: Server: 10.128.10.11 Address: 10.128.10.11#53 11.10.128.10.in-addr.arpa name = host1.nyc3.example.com.
Maintain DNS Record
Menambahkan Host ke DNS, tambahkan ke Primary NameServer,
- Forward zone file: Tambahkan "A" record untuk host / mesin baru, naikan nilai "Serial"
- Reverse zone file: Tambahkan "PTR" record untuk host / mesin baru, naikan nilai "Serial"
- Tambahkan private IP address mesin / host tersebut ke "trusted" ACL (named.conf.options)
Reload BIND:
sudo service bind9 reload
Secondary Nameserver
- Tambahkan private IP address host / mesin baru ke "trusted" ACL (named.conf.options)
Reload BIND:
sudo service bind9 reload
Konfigurasi Client
- Konfigurasi resolv.conf untuk menggunakan DNS server anda
- Test dengan nslookup