Saya sendiri menginstallnya sebagai sebuah VM di Citrix XenServer 6.2 dengan ukuran hardisk Virtual sebesar 80 GB dan 2,5 GB RAM jika dilihat dari Xen Center. Perhatikan baris-baris perintah berikut ini, saya mengetikkannya didalam OS Ubuntu 12.04.3 (VM Guest) :
root@gnr-srv:/home/it# cat /etc/os-release NAME="Ubuntu" VERSION="12.04.3 LTS, Precise Pangolin" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu precise (12.04.3 LTS)" VERSION_ID="12.04" root@gnr-srv:/home/it# uname -a Linux gnr-srv 3.8.0-29-generic #42~precise1-Ubuntu SMP Wed Aug 14 16:19:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux root@gnr-srv:/home/it# top top - 10:30:48 up 4 min, 1 user, load average: 0.03, 0.28, 0.18 Tasks: 90 total, 1 running, 89 sleeping, 0 stopped, 0 zombie Cpu(s): 0.2%us, 0.0%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 2556592k total, 131916k used, 2424676k free, 9924k buffers Swap: 976892k total, 0k used, 976892k free, 43964k cached . . root@gnr-srv:/home/it# fdisk -l Disk /dev/xvda: 85.9 GB, 85899345920 bytes 255 heads, 63 sectors/track, 10443 cylinders, total 167772160 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x000eb1c2 Device Boot Start End Blocks Id System /dev/xvda1 2048 85938175 42968064 83 Linux /dev/xvda2 85938176 87891967 976896 82 Linux swap / Solaris /dev/xvda3 87891968 166017023 39062528 83 Linux root@gnr-srv:/home/it# blkid /dev/xvda1: UUID="7df45e6d-8250-4f1a-b6fd-41565bd21f46" TYPE="ext4" /dev/xvda2: UUID="80b88f74-8c9e-418c-974e-f10d0ad815d3" TYPE="swap" /dev/xvda3: UUID="8a82492e-7071-4db0-a6c2-6518f71dcfab" UUID_SUB="44c6ef49-7f81-434f-852b-f1601a5beab5" TYPE="btrfs" root@gnr-srv:/home/it# df -h | grep /dev/xvda /dev/xvda1 41G 793M 38G 3% / /dev/xvda3 38G 56K 36G 1% /proxy-cache
Saya menggunakan format "btrfs" pada partisi "/proxy-cache", karena dibagian lain dari artikel ini kita juga akan membangun sebuah proxy server. Langkah selanjutnya adalah menggunakan server repository lokal agar mendapatkan kecepatan yang tinggi pada saat menginstall paket-paket yang diperlukan.
root@gnr-srv:/home/it# mv /etc/apt/sources.list /etc/apt/sources.list.asli root@gnr-srv:/home/it# vi /etc/apt/sources.list deb http://kambing.ui.ac.id/ubuntu/ precise-proposed main restricted universe multiverse deb http://kambing.ui.ac.id/ubuntu/ precise-security main restricted universe multiverse deb http://kambing.ui.ac.id/ubuntu/ precise-updates main restricted universe multiverse deb http://kambing.ui.ac.id/ubuntu/ precise main restricted universe multiverse
Kemudian lakukan proses update dan upgrade.
root@gnr-srv:/home/it# apt-get update root@gnr-srv:/home/it# apt-get upgrade
Setelah upgrade, versi ubuntu akan naik menjadi versi 12.04.5.
root@gnr-srv:/home/it# cat /etc/os-release NAME="Ubuntu" VERSION="12.04.5 LTS, Precise Pangolin" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu precise (12.04.5 LTS)" VERSION_ID="12.04"
Remove apparmor.
root@gnr-srv:/home/it# /etc/init.d/apparmor stop * Clearing AppArmor profiles cache [ OK ] All profile caches have been cleared, but no profiles have been unloaded. Unloading profiles will leave already running processes permanently unconfined, which can lead to unexpected situations. To set a process to complain mode, use the command line tool 'aa-complain'. To really tear down all profiles, run the init script with the 'teardown' option." root@gnr-srv:/home/it# /etc/init.d/apparmor teardown * Unloading AppArmor profiles [ OK ] root@gnr-srv:/home/it# update-rc.d -f apparmor remove Removing any system startup links for /etc/init.d/apparmor ... /etc/rcS.d/S37apparmor root@gnr-srv:/home/it# aptitude remove apparmor apparmor-utils
Adapun DNS Server yang akan dibuat berada dalam jaringan dengan alokasi IP Address seperti berikut ini.
DMZ Area : 172.16.16.0/24Lakukan instalasi paket bind9 dengan perintah berikut ini.
Clients IP : 192.168.0.0/16
DNS Master : 172.16.16.100
DNS Slave : 192.168.1.196, 192.168.99.126, 192.168.100.26
root@gnr-srv:/home/it# apt-get install bind9 root@gnr-srv:/home/it# dpkg -l | grep bind9 ii bind9 1:9.8.1.dfsg.P1-4ubuntu0.10 Internet Domain Name Server ii bind9-doc 1:9.8.1.dfsg.P1-4ubuntu0.10 Documentation for BIND ii bind9-host 1:9.8.1.dfsg.P1-4ubuntu0.10 Version of 'host' bundled with BIND 9.X ii bind9utils 1:9.8.1.dfsg.P1-4ubuntu0.10 Utilities for BIND ii libbind9-80 1:9.8.1.dfsg.P1-4ubuntu0.10 BIND9 Shared Library used by BIND
Sebelum mulai melakukan perubahan pada file-file konfigurasi bind9, backup terlebih dahulu file-file tersebut. Dan juga buat file-file zona yang akan digunakan. Kali ini saya akan membuat server DNS yang dapat melayani internal domain "wanasl.lcl".
root@gnr-srv:/home/it# cp /etc/bind/named.conf /etc/bind/named.conf.asli root@gnr-srv:/home/it# cp /etc/bind/named.conf.options /etc/bind/named.conf.options.asli root@gnr-srv:/home/it# cp /etc/bind/named.conf.local /etc/bind/named.conf.local.asli root@gnr-srv:/home/it# cp /etc/bind/named.conf.default-zones /etc/bind/named.conf.default-zones.asli root@gnr-srv:/home/it# touch /var/cache/bind/db.wanasl.lcl root@gnr-srv:/home/it# touch /var/cache/bind/db.16.16.172.in-addr.arpa root@gnr-srv:/home/it# touch /var/cache/bind/db.168.192.in-addr.arpa root@gnr-srv:/home/it# /etc/init.d/bind9 stop * Stopping domain name service... bind9
Konfigurasi file untuk keperluan logging bind9.
root@gnr-srv:/home/it# vim /etc/bind/named.conf // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; logging { channel my_syslog { syslog daemon; severity info; }; channel my_query { file "/var/log/bind/query.log"; severity dynamic; }; channel my_sec { file "/var/log/bind/sec.log"; severity dynamic; }; category default { null; }; category security { my_syslog; my_sec; }; category queries { my_query; }; }; root@gnr-srv:/home/it# mkdir /var/log/bind root@gnr-srv:/home/it# touch /var/log/bind/query.log root@gnr-srv:/home/it# touch /var/log/bind/sec.log root@gnr-srv:/home/it# chown bind /var/log/bind/* root@gnr-srv:/home/it# ls -l /var/log/bind/ total 0 -rw-r--r-- 1 bind root 0 May 6 12:09 query.log -rw-r--r-- 1 bind root 0 May 6 12:09 sec.log
Konfigurasi bind9 agar menjadi Cache DNS dan bersifat rekursif bagi jaringan lokal / internal.
root@gnr-srv:/home/it# vim /etc/bind/named.conf.options acl internals-recursion { 127.0.0.0/8; # Untuk localhost 192.168.0.0/16; # Untuk client internal 172.16.16.0/24; # Untuk host DMZ }; options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; #auth-nxdomain no; # conform to RFC1035 auth-nxdomain yes; # Menjawab query atas domain apapun listen-on-v6 { any; }; allow-recursion { "internals-recursion;" }; # Jaringan Lokal yang boleh mengakses fungsi rekursif
empty-zones-enable yes;
};
Deklarasikan file untuk zona forward dan zona reverse dan gunakan fitur view untuk membangun server DNS dengan kemampuan split dns. Jika query berasal dari jaringan internal / lokal maka dijawab dengan IP Internal / IP Private. Sedangkan jika query berasal dari luar jaringan internal (alias jaringan public), maka dijawab dengan IP Public.
root@gnr-srv:/home/it# vim /etc/bind/named.conf.local // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; acl internals { 127.0.0.0/8; # Untuk localhost 192.168.0.0/16; # Untuk client internal 172.16.16.0/24; # Untuk host DMZ }; view "internal" { match-clients { internals; }; recursion yes; zone "wanasl.lcl" { type master; file "/var/cache/bind/db.wanasl.lcl";
allow-transfer { 192.168.99.126; 192.168.1.196; 192.168.100.126; };
also-notify { 192.168.99.126; 192.168.1.196; 192.168.100.126; };
}; zone "16.16.172.in-addr.arpa" { type master; file "/var/cache/bind/db.16.16.172.in-addr.arpa";
allow-transfer { 192.168.99.126; 192.168.1.196; 192.168.100.126; };
also-notify { 192.168.99.126; 192.168.1.196; 192.168.100.126; };
}; zone "168.192.in-addr.arpa" { type master; file "/var/cache/bind/db.168.192.in-addr.arpa";
allow-transfer { 192.168.99.126; 192.168.1.196; 192.168.100.126; };
also-notify { 192.168.99.126; 192.168.1.196; 192.168.100.126; };
}; }; view "external" { match-clients { any; }; recursion no; zone "wanasl.lcl" { type master; file "/var/cache/bind/db.wanasl.lcl.external"; };
zone "215.137.95.202.in-addr.arpa"
{
type master;
file "/var/cache/bind/db.215.137.95.202.in-addr.arpa";
};
};
Ingat bahwa view "external" berada diurutan paling bawah, karena parameter yang digunakan "match-clients" adalah "any", yang berarti query dari alamat IP manapun. Jika kita meletakkannya diurutan pertama, maka view "internal" tidak akan pernah dibaca oleh bind. Jadi aturan Top To Bottom juga berlaku dalam konfigurasi bind ini.
Kemudian selanjutnya buat file-file zona yang telah dideklarasikan diatas.
root@gnr-srv:/home/it# vim /var/cache/bind/db.wanasl.lcl ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA ns.wanasl.lcl. havizul.wanasl.lcl. ( 1505061730 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; ;@ IN NS 172.16.16.101. @ IN NS ns.wanasl.lcl. IN MX 10 mail.wanasl.lcl. ns IN A 172.16.16.101 mail IN A 172.16.16.103 prox1 IN A 172.16.16.110
cStorage IN A 172.16.16.111 vmWare1 IN A 172.16.16.114 xeroxFileSrv IN A 172.16.16.115 attXP IN A 172.16.16.116 itXP IN A 172.16.16.123 Plan-FileSrv IN A 192.168.99.126 Acc-FileSrv IN A 192.168.1.239 Lgt-FileSrv IN A 192.168.100.126
root@gnr-srv:/home/it# vim /var/cache/bind/db.16.16.172.in-addr.arpa ; ; BIND reverse data file for broadcast zone ; $TTL 604800 @ IN SOA ns.wanasl.lcl. havizul.wanasl.lcl. ( 1505061738 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ NS ns.wanasl.lcl. 103 PTR mail.wanasl.lcl. 101 PTR ns.wanasl.lcl. 110 PTR prox1.wanasl.lcl. 111 PTR cstorage.wanasl.lcl. 114 PTR vmWare1.wanasl.lcl. 115 PTR xeroxFileSrv.wanasl.lcl. 116 PTR attXP.wanasl.lcl. 123 PTR itXP.wanasl.lcl.
root@gnr-srv:/home/it# vim /var/cache/bind/db.168.192.in-addr.arpa ; ; BIND reverse data file for broadcast zone ; $TTL 604800 @ IN SOA ns.wanasl.lcl. havizul.wanasl.lcl. ( 1505061745 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns.wanasl.lcl. 126.99 IN PTR Plan-FileSrv.wanasl.lcl. 239.1 IN PTR Acc-FileSrv.wanasl.lcl. 126.100 IN PTR Lgt-FileSrv.wanasl.lcl.
root@gnr-srv:/home/it# vim /var/cache/bind/db.wanasl.lcl.external ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA ns.wanasl.lcl. havizul.wanasl.lcl. ( 1504011551 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; ;@ IN NS 172.16.16.103. @ IN NS ns.wanasl.lcl. IN MX 10 mail.wanasl.lcl. IN A 202.95.137.215 mail IN A 202.95.137.215 cStorage IN A 202.95.137.215
Selanjutnya konfigurasi juga view pada file default-zones.
root@gnr-srv:/home/it# vim /etc/bind/named.conf.default-zones acl internals-default { 127.0.0.0/8; # Untuk localhost 192.168.0.0/16; # Untuk client internal 172.16.16.0/24; # Untuk host DMZ }; view "internal-default" {
match-clients { internals-default; };
recursion yes;
// prime the server with knowledge of the root servers zone "." { type hint; file "/etc/bind/db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; };
Pastikan kepemilikan file-file zona dan hak aksesnya telah benar, kemudian start service bind.
root@gnr-srv:/home/it# chown root:bind /var/cache/bind/db.* root@gnr-srv:/home/it# chmod 0644 /var/cache/bind/db.* root@gnr-srv:/home/it# ls -l /var/cache/bind/ total 48 -rw-r--r-- 1 root bind 638 May 6 17:38 db.16.16.172.in-addr.arpa -rw-r--r-- 1 root bind 372 May 6 17:46 db.168.192.in-addr.arpa -rw-r--r-- 1 root bind 919 May 6 17:34 db.wanasl.lcl -rw-r--r-- 1 root bind 563 May 6 17:52 db.wanasl.lcl.external root@gnr-srv:/home/it# /etc/init.d/bind9 start * Starting domain name service... bind9
Untuk mengecek apakah file-file zona yang telah kita buat telah berisi dengan nilai-nilai yang benar dan sesuai dengan kaidah penulisan yang telah ditentukan, maka gunakan perintah berikut ini.
root@gnr-srv:/home/it# named-checkzone wanasl.lcl /var/cache/bind/db.wanasl.lcl zone wanasl.lcl/IN: loaded serial 1505061730 OK root@gnr-srv:/home/it# named-checkzone 16.16.172.in-addr.arpa /var/cache/bind/db.16.16.172.in-addr.arpa zone 16.16.172.in-addr.arpa/IN: loaded serial 1505061738 OK root@gnr-srv:/home/it# named-checkzone db.168.192.in-addr.arpa /var/cache/bind/db.168.192.in-addr.arpa zone db.168.192.in-addr.arpa/IN: loaded serial 1505061745 OK root@gnr-srv:/home/it# named-checkzone db.wanasl.lcl /var/cache/bind/db.wanasl.lcl.external zone db.wanasl.lcl/IN: loaded serial 1504011551
Cek apakah DNS Server dapat bekerja dengan benar menggunakan perintah "dig" dan "nslookup".
root@gnr-srv:/home/it# dig wanasl.lcl mx ; <<>> DiG 9.8.1-P1 <<>> wanasl.lcl mx ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43506 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;wanasl.lcl. IN MX ;; ANSWER SECTION: wanasl.lcl. 604800 IN MX 10 mail.wanasl.lcl. ;; AUTHORITY SECTION: wanasl.lcl. 604800 IN NS ns.wanasl.lcl. ;; ADDITIONAL SECTION: mail.wanasl.lcl. 604800 IN A 172.16.16.103 ns.wanasl.lcl. 604800 IN A 172.16.16.101 ;; Query time: 1 msec ;; SERVER: 172.16.16.101#53(172.16.16.101) ;; WHEN: Thu May 7 10:07:48 2015 ;; MSG SIZE rcvd: 98 root@gnr-srv:/home/it# dig wanasl.lcl ns ; <<>> DiG 9.8.1-P1 <<>> wanasl.lcl ns ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43091 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;wanasl.lcl. IN NS ;; ANSWER SECTION: wanasl.lcl. 604800 IN NS ns.wanasl.lcl. ;; ADDITIONAL SECTION: ns.wanasl.lcl. 604800 IN A 172.16.16.101 ;; Query time: 0 msec ;; SERVER: 172.16.16.101#53(172.16.16.101) ;; WHEN: Thu May 7 10:08:00 2015 ;; MSG SIZE rcvd: 61 root@gnr-srv:/home/it# nslookup mail.wanasl.lcl Server: 172.16.16.101 Address: 172.16.16.101#53 Name: mail.wanasl.lcl Address: 172.16.16.103 root@gnr-srv:/home/it# nslookup cstorage.wanasl.lcl Server: 172.16.16.101 Address: 172.16.16.101#53 Name: cstorage.wanasl.lcl Address: 172.16.16.111 root@gnr-srv:/home/it# nslookup plan-filesrv.wanasl.lcl Server: 172.16.16.101 Address: 172.16.16.101#53 Name: plan-filesrv.wanasl.lcl Address: 192.168.99.126 root@gnr-srv:/home/it# nslookup 172.16.16.110 Server: 172.16.16.101 Address: 172.16.16.101#53 110.16.16.172.in-addr.arpa name = prox1.wanasl.lcl. root@gnr-srv:/home/it# nslookup 192.168.99.126 Server: 172.16.16.101 Address: 172.16.16.101#53 126.99.168.192.in-addr.arpa name = Plan-FileSrv.wanasl.lcl. root@gnr-srv:/home/it# nslookup 172.16.16.101 Server: 172.16.16.101 Address: 172.16.16.101#53 101.16.16.172.in-addr.arpa name = ns.wanasl.lcl.
Sekarang DNS Server kita sudah berfungsi dengan baik sebagai Cache Name Server dan Authoritative Name Server. Dan DNS Server ini juga membuka fungsi rekursif hanya bagi jaringan internal. Fitur "view" juga digunakan dalam konfigurasi ini. Query dari jaringan internal akan diarahkan ke "view internal", sedangkan query dari internet akan diarahkan ke "view external".
Untuk membuktikan apakah DNS Server ini benar-benar menghubungi root name server saat bekerja sebagai Cache Name Server, maka saya melakukan tahapan seperti gambar dibawah ini.
Ketika ada query ke DNS Server agar memberikan ip address dari domain "cyberciti.biz", maka DNS Server akan langsung menghubungi salah satu root-name-server, yaitu 193.0.14.129 (atau jika anda lihat di file zona root : K.ROOT-SERVERS.NET) pada port 53. Kemudian query akan dilakukan secara berjenjang dari root-name-server hingga ke DNS Server terbawah yang mengelola domain "cyberciti.biz". Sehingga didapatlah domain "cyberciti.biz" memiliki alamat ip 74.86.144.194, seperti terlihat pada gambar dibawah ini.
Konfigurasi DNS Server Master telah selesai. Sekarang kita lanjutkan mengkonfigurasi DNS Server Slave. Berikut ini konfigurasi DNS Server Slave pada host 192.168.1.196.
it@Acc-FileSrv:~$ cat /etc/bind/named.conf // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; logging { channel my_syslog { syslog daemon; severity info; }; channel my_query { file "/var/log/bind/query.log"; severity dynamic; }; channel my_sec { file "/var/log/bind/sec.log"; severity dynamic; }; category default { null; }; category security { my_syslog; my_sec; }; category queries { my_query; }; };
it@Acc-FileSrv:~$ cat /etc/bind/named.conf.options acl internals-recursion { 127.0.0.0/8; # Untuk localhost 192.168.0.0/16; # Untuk client internal 172.16.16.0/24; # Untuk host DMZ }; options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; auth-nxdomain yes; # conform to RFC1035 listen-on-v6 { any; }; allow-recursion { "internals-recursion"; }; empty-zones-enable yes; };
it@Acc-FileSrv:~$ cat /etc/bind/named.conf.local acl internals { 127.0.0.0/8; # Untuk localhost 192.168.0.0/16; # Untuk client internal 172.16.16.0/24; # Untuk host DMZ }; view "internal" { match-clients { internals; }; recursion yes; zone "wanasl.lcl" { type slave; file "/var/cache/bind/db.wanasl.lcl"; masters { 172.16.16.106; }; allow-notify { 172.16.16.106; }; }; zone "16.16.172.in-addr.arpa" { type slave; file "/var/cache/bind/db.16.16.172.in-addr.arpa"; masters { 172.16.16.106; }; allow-notify { 172.16.16.106; }; }; zone "168.192.in-addr.arpa" { type slave; file "/var/cache/bind/db.168.192.in-addr.arpa"; masters { 172.16.16.106; }; allow-notify { 172.16.16.106; }; }; };
it@Acc-FileSrv:~$ cat /etc/bind/named.conf.default-zones acl internals-default { 127.0.0.0/8; # Untuk localhost 192.168.0.0/16; # Untuk client internal 172.16.16.0/24; # Untuk host DMZ }; view "internal-default" { match-clients { internals-default; }; recursion yes; // prime the server with knowledge of the root servers zone "." { type hint; file "/etc/bind/db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; };
root@Acc-FileSrv:~# mkdir /var/cache/bind root@Acc-FileSrv:~# chown root.bind /var/cache/bind root@Acc-FileSrv:~# chmod 0775 /var/cache/bind root@Acc-FileSrv:~# ls -l /var/cache/ total 36 drwxr-xr-x 3 root root 4096 May 11 10:08 apt drwxr-xr-x 3 root root 4096 Mar 26 06:30 apt-xapian-index drwxrwxr-x 2 root bind 4096 May 11 10:46 bind drwxrwxr-x 3 root lp 4096 May 11 10:46 cups drwxr-xr-x 2 root root 4096 May 11 09:01 debconf drwx------ 2 root root 4096 May 11 10:14 ldconfig drwxr-sr-x 34 man root 4096 May 11 09:55 man drwxr-xr-x 2 root root 4096 Mar 8 2013 pppconfig drwxr-xr-x 3 root root 4096 May 11 11:52 samba root@Acc-FileSrv:~# ls -l /var/cache/bind/ total 24 -rw-r--r-- 1 bind bind 720 May 11 08:12 3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f.mkeys -rw-r--r-- 1 bind bind 720 May 11 08:12 4aa7fb58c29ddddec18a776e8b0c92debe019418308fa9ee16850e65c6d1b895.mkeys -rw-r--r-- 1 bind bind 737 May 8 17:07 db.16.16.172.in-addr.arpa -rw-r--r-- 1 bind bind 408 May 8 17:06 db.168.192.in-addr.arpa -rw-r--r-- 1 bind bind 769 May 8 17:06 db.wanasl.lcl -rw-r--r-- 1 bind bind 720 May 8 13:55 managed-keys.bind
root@gnr-srv:/home/it# mkdir /var/log/bind root@gnr-srv:/home/it# touch /var/log/bind/query.log root@gnr-srv:/home/it# touch /var/log/bind/sec.log root@gnr-srv:/home/it# chown bind /var/log/bind/* root@gnr-srv:/home/it# ls -l /var/log/bind/ total 0 -rw-r--r-- 1 bind root 0 May 6 12:09 query.log -rw-r--r-- 1 bind root 0 May 6 12:09 sec.log
Lakukan hal yang sama pada DNS Server Slave 192.168.99.126 dan 192.168.100.126. Dalam membuat DNS Server Slave, kita tidak perlu membuat file-file zona forward maupun reverse secara manual, karena file-file tersebut akan dibuat secara otomatis oleh bind dengan cara mereplikasi file-file zona dari DNS Master.
Jika anda membutuhkan contoh file-file konfigurasi DNS Master yang saya gunakan, silahkan download disini.
Baiklah, sekian dulu tutorial kali ini. Jika ada kekeliruan atau kesalahan mohon dimaafkan dan agar berkenan untuk mengingatkan dan memperbaiki kesalahan yang ada, melalui kolom komentar juga boleh. He..he..
Sampai jumpa di tutorial berikutnya. Bye..
Sampai jumpa di tutorial berikutnya. Bye..
jempolll bozz C++...... gut jop....
BalasHapusThanks mas bro Anton.
HapusPepatah mengatakan : "Peliharalah ilmu dengan berbagi." :-D
Mas saya punya DNS public sendiri 222.124.1.242
BalasHapusdan saya mau bangun DNS dibawah NAT lagi.
jadi semua user mau saya arahkan ke dns local l tadi,
bisa gak ya dibuat seperti punya anda?
Insya Allah bisa.
HapusTinggal di DNAT aja request client pada port DNS (53) terhadap IP Public router mas, di DNAT ke IP Address host yang berada didalam jaringan lokal mas yang bertindak sebagai server DNS.
mas, IP dns saya 222.124.1.242 dan ip router saya 222.1241.245 berarti tinggal di di dnatkan di 222.124.1.245 ke ip dns server saya (192.168.1.2).
BalasHapusterimaksih mas
Misal sampean berlangganan Internet dan dapat IP Public static 222.124.1.245, IP ini nempel di interface router (interface yang mengarah ke public network. Maka di router nya tinggal di setting DNAT, jika ada request port 53 di IP Public tersebut, maka arahkan / forward ke host 192.168.1.2.
HapusSaya sudah ikutnya caranya tapi masih ada error sbb:
BalasHapus/etc/bind/named.conf:13: unknown option 'logging'
kira2 apa ya ?
coba tampilkan output perintah ini :
Hapuscat /etc/bind/named.conf
Komentar ini telah dihapus oleh pengarang.
BalasHapus// This is the primary configuration file for the BIND DNS server named.
BalasHapus//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
logging {
channel my_syslog {
syslog daemon;
severity info;
};
channel my_query {
file "/var/log/bind/query.log";
severity dynamic;
};
channel my_sec {
file "/var/log/bind/sec.log";
severity dynamic;
};
category default { null; };
category security { my_syslog; my_sec; };
category queries { my_query; };
};
};
Mas tanda ini -> "};" = kelebihan.
HapusIni contoh yang benar setelah diperbaiki :
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
logging {
channel my_syslog {
syslog daemon;
severity info;
};
channel my_query {
file "/var/log/bind/query.log";
severity dynamic;
};
channel my_sec {
file "/var/log/bind/sec.log";
severity dynamic;
};
category default { null; };
category security { my_syslog; my_sec; };
category queries { my_query; };
};
//}; --> Ini salah
kalu itu di hilangkan ada error lg sbb:
BalasHapusDec 8 10:14:28 dnstjg named[4325]: found 1 CPU, using 1 worker thread
Dec 8 10:14:28 dnstjg named[4325]: using 1 UDP listener per interface
Dec 8 10:14:28 dnstjg named[4325]: using up to 4096 sockets
Dec 8 10:14:28 dnstjg named[4325]: loading configuration from '/etc/bind/named. conf'
Dec 8 10:14:28 dnstjg named[4325]: /etc/bind/named.conf:15: unknown option 'log ging'
Dec 8 10:14:28 dnstjg named[4325]: /etc/bind/named.conf:36: '}' expected near e nd of file
Dec 8 10:14:28 dnstjg named[4325]: loading configuration: unexpected token
Dec 8 10:14:28 dnstjg named[4325]: exiting (due to fatal error)
dan ini isi named.conf:
9 include "/etc/bind/named.conf.options";
10 include "/etc/bind/named.conf.local";
11 include "/etc/bind/named.conf.default-zones";
12
13
14
15 logging {
16 channel my_syslog {
17 syslog daemon;
18 severity info;
19 };
20
21 channel my_query {
22 file "/var/log/bind/query.log";
23 severity dynamic;
24 };
25
26 channel my_sec {
27 file "/var/log/bind/sec.log";
28 severity dynamic;
29 };
30
31 category default { null; };
32 category security { my_syslog; my_sec; };
33 category queries { my_query; };
34 };
35
Coba di backup dan hapus file named.conf sampean. Kemudian copy paste script dibawah berikut.
Hapusroot@ns:~# mv /etc/bind/named.conf /etc/bind/named.conf.asli
root@ns:~# pico /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
logging {
channel my_syslog {
syslog daemon;
severity info;
};
channel my_query {
file "/var/log/bind/query.log";
severity dynamic;
};
channel my_sec {
file "/var/log/bind/sec.log";
severity dynamic;
};
category default { null; };
category security { my_syslog; my_sec; };
category queries { my_query; };
};
Atau cara lain pakai contoh file konfigurasi yang sudah jadi disini (nomor 24 - link file) :
http://havizul.blogspot.co.id/p/jaringan.html
error mas,"unknown option 'logging'" apakah logging gak dikenalin ya mas?
BalasHapuserror sbb berikut saya ambil langsung dari website sampean.
Dec 8 13:19:18 dnstjg named[4557]: adjusted limit on open files from 4096 to 1048576
Dec 8 13:19:18 dnstjg named[4557]: found 1 CPU, using 1 worker thread
Dec 8 13:19:18 dnstjg named[4557]: using 1 UDP listener per interface
Dec 8 13:19:18 dnstjg named[4557]: using up to 4096 sockets
Dec 8 13:19:18 dnstjg named[4557]: loading configuration from '/etc/bind/named.conf'
Dec 8 13:19:18 dnstjg named[4557]: /etc/bind/named.conf:13: unknown option 'logging'
Dec 8 13:19:18 dnstjg named[4557]: /etc/bind/named.conf:33: '}' expected near end of file
Dec 8 13:19:18 dnstjg named[4557]: loading configuration: unexpected token
Dec 8 13:19:18 dnstjg named[4557]: exiting (due to fatal error)
Pake Ubuntu dan Bind versi berapa ?
HapusSeperti tutorial diatas, saya menggunakan versi berikut :
root@gnr-srv:/home/it# cat /etc/os-release
NAME="Ubuntu"
VERSION="12.04.3 LTS, Precise Pangolin"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu precise (12.04.3 LTS)"
VERSION_ID="12.04"
root@gnr-srv:/home/it# dpkg -l | grep bind9
ii bind9 1:9.8.1.dfsg.P1-4ubuntu0.10 Internet Domain Name Server
ii bind9-doc 1:9.8.1.dfsg.P1-4ubuntu0.10 Documentation for BIND
ii bind9-host 1:9.8.1.dfsg.P1-4ubuntu0.10 Version of 'host' bundled with BIND 9.X
ii bind9utils 1:9.8.1.dfsg.P1-4ubuntu0.10 Utilities for BIND
ii libbind9-80 1:9.8.1.dfsg.P1-4ubuntu0.10 BIND9 Shared Library used by BIND
NAME="Ubuntu"
BalasHapusVERSION="14.04.3 LTS, Trusty Tahr"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 14.04.3 LTS"
VERSION_ID="14.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
dan ini:
ii bind9 1:9.9.5.dfsg-3ubuntu0.5 amd64 Internet Domain Name Server
ii bind9-host 1:9.9.5.dfsg-3ubuntu0.5 amd64 Version of 'host' bundled with BIND 9.X
ii bind9utils 1:9.9.5.dfsg-3ubuntu0.5 amd64 Utilities for BIND
ii libbind9-90 1:9.9.5.dfsg-3ubuntu0.5 amd64 BIND9 S
Kalau OS Ubuntu nya Fresh Install, Bind9 nya juga fresh install, seharusnya opsi "logging" bisa dikenali.
Hapusmas saya ganti pakai ubuntu yg sama dengan punya sampean,bisa jalan asal di /etc/bind/named.conf.default-zones harus dihilangkan zone2 seperti dibawah.
Hapuskalau tidak ditutup muncul error sbb:
"/etc/bind/named.conf.default-zones: when using 'view' statements, all zones must be in views"
acl internals-default
{
127.0.0.0/8; # Untuk localhost
192.168.31.0/16; # Untuk client internal
192.168.51.0/24; # Untuk host DMZ
};
// prime the server with knowledge of the root servers
//zone "." {
// type hint;
// file "/etc/bind/db.root";
//};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
//zone "localhost" {
// type master;
// file "/etc/bind/db.local";
//};
//zone "127.in-addr.arpa" {
// type master;
// file "/etc/bind/db.127";
//};
//zone "0.in-addr.arpa" {
// type master;
// file "/etc/bind/db.0";
// };
//zone "255.in-addr.arpa" {
// type master;
// file "/etc/bind/db.255";
//};
Tidak perlu di kasih tanda comment (//) file2 tersebut, karena disana terdapat zona root, localhost, dll yang masih diperlukan DNS Server.
HapusCoba baca lagi petunjuk diatas, saya menuliskan kalimat ini ;
"Selanjutnya konfigurasi juga view pada file default-zones."
Isi konfigurasi file default-zones seperti berikut ini :
root@gnr-srv:/home/it# vim /etc/bind/named.conf.default-zones
acl internals-default
{
127.0.0.0/8; # Untuk localhost
192.168.0.0/16; # Untuk client internal
172.16.16.0/24; # Untuk host DMZ
};
view "internal-default"
{
match-clients { internals-default; };
recursion yes;
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
};
Mas, jangan lupa untuk menambahkan "view" juga pada file konfigurasi default-zones, karena DNS Server yang kita buat memanfaatkan fitur view untuk query internal (LAN) atau query external (Internet).
Coba sampean baca lagi pesan error yang muncul :
Hapuswhen using 'view' statements, all zones must be in views"
Ketika kita menggunakan fitur view, maka seluruh zona harus berada didalam blok / statemen "views".
Maka zona-zona default, yang berada di file default-zones juga harus berada didalam statement/blok views.
mas ada contohnya gak?
BalasHapusaku download file sampean juga gak ada mas.
kutambahin errro melulu
Kalau mengikuti step-step diatas dengan benar, saya yakin insya Allah DNS Server nya akan jalan.
HapusDownload file2 nya disini :
https://drive.google.com/folderview?id=0B4QcBWHWqTXNfjZMMzV1UmxYcVFxUkIzNHZmMGoybmd6NnNUcXFDcHBCcUpqTWxUNHpRdTA&usp=sharing
Kalau sampean mau, saya juga gak keberatan nge-remote host ubuntu dns server sampean, he..he.. biar saya coba cari problemnya apa, he..he..