Difference between revisions of "BIND: Konfigurasi sebagai private DNS"
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
(One intermediate revision by the same user not shown) | |||
Line 158: | Line 158: | ||
102.200 IN PTR host2.nyc3.example.com. ; 10.128.200.102 | 102.200 IN PTR host2.nyc3.example.com. ; 10.128.200.102 | ||
− | ==Cek Syntax Konfigurasi BIND | + | ==Cek Syntax Konfigurasi BIND== |
Jalankan perintah | Jalankan perintah | ||
Line 281: | Line 281: | ||
Menambahkan Host ke DNS, tambahkan ke Primary NameServer, | Menambahkan Host ke DNS, tambahkan ke Primary NameServer, | ||
− | * Forward zone file: | + | * Forward zone file: Tambahkan "A" record untuk host / mesin baru, naikan nilai "Serial" |
− | * Reverse zone file: | + | * Reverse zone file: Tambahkan "PTR" record untuk host / mesin baru, naikan nilai "Serial" |
− | * | + | * Tambahkan private IP address mesin / host tersebut ke "trusted" ACL (named.conf.options) |
Reload BIND: | Reload BIND: | ||
Line 291: | Line 291: | ||
Secondary Nameserver | Secondary Nameserver | ||
− | + | * Tambahkan private IP address host / mesin baru ke "trusted" ACL (named.conf.options) | |
Reload BIND: | Reload BIND: | ||
Line 299: | Line 299: | ||
Konfigurasi Client | Konfigurasi Client | ||
− | * | + | * Konfigurasi resolv.conf untuk menggunakan DNS server anda |
− | * Test | + | * Test dengan nslookup |
− | |||
==Pranala Menarik== | ==Pranala Menarik== |
Latest revision as of 13:50, 10 October 2018
Install BIND
install BIND
sudo su apt update apt install bind9 bind9utils bind9-doc
Setup hanya untuk IPv4 (-4) jika dibutuhkan
vi /etc/default/bind9
Tambahkan (-4)
OPTIONS="-4 -u bind"
Konfigurasi Primary DNS Server
Edit
sudo vi /etc/bind/named.conf.options
Jika dibutuhkan kita bisa menambahkan trusted client
acl "trusted" { 10.128.10.11; # ns1 - can be set to localhost 10.128.20.12; # ns2 10.128.100.101; # host1 10.128.200.102; # host2 };
Ubah ns1 IP address yang benar, misalnya,
options { directory "/var/cache/bind"; recursion yes; # enables resursive queries allow-recursion { trusted; }; # allows recursive queries from "trusted" clients listen-on { 10.128.10.11; }; # ns1 private IP address - listen on private network only allow-transfer { none; }; # disable zone transfers by default forwarders { 8.8.8.8; 8.8.4.4; }; ... };
Konfigurasi Local File
Edit
sudo vi /etc/bind/named.conf.local
Di file ini kita bisa tambahkan forward dan revese zone dari sebuah domain, contoh
zone "nyc3.example.com" { type master; file "/etc/bind/zones/db.nyc3.example.com"; # zone file path allow-transfer { 10.128.20.12; }; # ns2 private IP address - secondary };
Asumsi private subnet 10.128.0.0/16, reverse zone- adalah,
zone "128.10.in-addr.arpa" { type master; file "/etc/bind/zones/db.10.128"; # 10.128.0.0/16 subnet allow-transfer { 10.128.20.12; }; # ns2 private IP address - secondary };
Buat Forward Zone File
Buat dan edit
sudo mkdir /etc/bind/zones cd /etc/bind/zones sudo cp ../db.local ./db.nyc3.example.com sudo vi /etc/bind/zones/db.nyc3.example.com
Isi awalnya kira-kira
$TTL 604800 @ IN SOA localhost. root.localhost. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. ; delete this line @ IN A 127.0.0.1 ; delete this line @ IN AAAA ::1 ; delete this line
Dapat kita ubah menjadi, misalnya,
$TTL 604800 @ IN SOA ns1.nyc3.example.com. admin.nyc3.example.com. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; ; name servers - NS records IN NS ns1.nyc3.example.com. IN NS ns2.nyc3.example.com. ; name servers - A records ns1.nyc3.example.com. IN A 10.128.10.11 ns2.nyc3.example.com. IN A 10.128.20.12 ; 10.128.0.0/16 - A records host1.nyc3.example.com. IN A 10.128.100.101 host2.nyc3.example.com. IN A 10.128.200.102
Buat Reverse Zone File
Buat dan edit
cd /etc/bind/zones sudo cp ../db.127 ./db.10.128 sudo vi /etc/bind/zones/db.10.128
Awalnya akan berisi kira-kira
$TTL 604800 @ IN SOA localhost. root.localhost. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. ; delete this line 1.0.0 IN PTR localhost. ; delete this line
Ubah menjadi kira-kira,
$TTL 604800 @ IN SOA nyc3.example.com. admin.nyc3.example.com. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; name servers IN NS ns1.nyc3.example.com. IN NS ns2.nyc3.example.com. ; PTR Records 11.10 IN PTR ns1.nyc3.example.com. ; 10.128.10.11 12.20 IN PTR ns2.nyc3.example.com. ; 10.128.20.12 101.100 IN PTR host1.nyc3.example.com. ; 10.128.100.101 102.200 IN PTR host2.nyc3.example.com. ; 10.128.200.102
Cek Syntax Konfigurasi BIND
Jalankan perintah
sudo named-checkconf
Cek zone tertentu
sudo named-checkzone nyc3.example.com db.nyc3.example.com sudo named-checkzone 128.10.in-addr.arpa /etc/bind/zones/db.10.128
Pastikan tidak ada error
Restart BIND
Restart
sudo service bind9 restart
Konfigurasi Secondary DNS Server
Lakukan ini di mesin Secondary DNS Server
Edit
sudo vi /etc/bind/named.conf.options
Tambahkan
acl "trusted" { 10.128.10.11; # ns1 10.128.20.12; # ns2 - can be set to localhost 10.128.100.101; # host1 10.128.200.102; # host2 };
Tambahkan
recursion yes; allow-recursion { trusted; }; listen-on { 10.128.20.12; }; # ns2 private IP address allow-transfer { none; }; # disable zone transfers by default forwarders { 8.8.8.8; 8.8.4.4; };
Edit named.conf.local
sudo vi /etc/bind/named.conf.local
Buat slave zone,
zone "nyc3.example.com" { type slave; file "slaves/db.nyc3.example.com"; masters { 10.128.10.11; }; # ns1 private IP }; zone "128.10.in-addr.arpa" { type slave; file "slaves/db.10.128"; masters { 10.128.10.11; }; # ns1 private IP };
Cek
Now save and exit named.conf.local.
sudo named-checkconf
Restart
sudo service bind9 restart
Konfigurasi DNS Client
Edit head file
sudo vi /etc/resolvconf/resolv.conf.d/head
Tambahkan
search nyc3.example.com # your private domain nameserver 10.128.10.11 # ns1 private IP address nameserver 10.128.20.12 # ns2 private IP address
Jalankan
sudo resolvconf -u
Test Client
Test forward
nslookup host1
Akan keluar
Output: Server: 10.128.10.11 Address: 10.128.10.11#53 Name: host1.nyc3.example.com Address: 10.128.100.101
Test reverse
nslookup 10.128.100.101
Akan keluar
Output: Server: 10.128.10.11 Address: 10.128.10.11#53 11.10.128.10.in-addr.arpa name = host1.nyc3.example.com.
Maintain DNS Record
Menambahkan Host ke DNS, tambahkan ke Primary NameServer,
- Forward zone file: Tambahkan "A" record untuk host / mesin baru, naikan nilai "Serial"
- Reverse zone file: Tambahkan "PTR" record untuk host / mesin baru, naikan nilai "Serial"
- Tambahkan private IP address mesin / host tersebut ke "trusted" ACL (named.conf.options)
Reload BIND:
sudo service bind9 reload
Secondary Nameserver
- Tambahkan private IP address host / mesin baru ke "trusted" ACL (named.conf.options)
Reload BIND:
sudo service bind9 reload
Konfigurasi Client
- Konfigurasi resolv.conf untuk menggunakan DNS server anda
- Test dengan nslookup