DNS Server Dengan bind-chroot di Centos ~ Informatics Education Blog

BIND (singkatan dari bahasa Inggris: Berkeley Internet Name Domain) adalah server DNS yang paling umum digunakan di Internet, khususnya pada sistem operasi bertipe Unix yang secara de facto merupakan standar. BIND awalnya dibuat oleh empat orang mahasiswa di CSRG Universitas California Berkeley dan pertama kali dirilis di dalam 4.3BSD. Paul Vixie kemudian meneruskan pengembangannya pada tahun 1988 saat bekerja di DEC. (http://idwikipedia.com)

Meinstall dan mensetting DNS Server dengan bind-chroot.

a. Melakukan installasi melalui terminal.

# yum install bind bind-chroot -y

b. Memindahkan file-file dari lokasi default ke dalam directory “chroot” ke dalam pathnya masing-masing karena akan dikonfigurasi dengan mode “chroot”.

# grep ROOTDIR /etc/sysconfig/named

# ROOTDIR="/var/named/chroot" -- will run named in a chroot environment.

#empty in the ROOTDIR directory. It will simplify maintenance of your

#at startup. Don't add -t here, use ROOTDIR instead.

ROOTDIR=/var/named/chroot

#mv /etc/named* /var/named/chroot/etc/

#cp /etc/rndc.key /var/named/chroot/etc/

# mv /var/named/* /var/named/chroot/var/named/

#mv /usr/lib/bind /var/named/chroot/usr/lib/

c. Masuk ke direktori bind chroot.

#cd /var/named/chroot/etc/

#nano named.conf

Konfigurasi :

include "/etc/rndc.key";

// assume our server has the IP 192.168.10.5 serving the 192.168.10.0/24

subnet

controls {

inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndc-key"; };

inet 192.168.20.2 allow { 192.168.20.0/24; } keys {"rndc-key"; };

};

options {

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

pid-file "/var/run/named/named.pid";

memstatistics-file "/var/named/data/named_mem_stats.txt";

recursion yes;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

allow-recursion {

localhost;

127.0.0.1;

192.168.20.0/24;

};

// these are the opendns servers (optional)

forwarders {

8.8.8.8;

8.8.4.4;

};

listen-on {

localhost;

127.0.0.1;

192.168.20.2;

};

* If there is a firewall between you and nameservers you want

* to talk to, you might need to uncomment the query-source

* directive below. Previous versions of BIND alwaysasked

* questions using port 53, but BIND 8.1 uses an unprivileged

* port by default.

// query-source address * port 53;

// so people can't try to guess what version you're running

version "REFUSED";

allow-query {

localhost;

127.0.0.1;

192.168.20.0/24;

};

server 192.168.20.2 {

keys { rndc-key; };

};

zone "." IN {

type hint;

file "named.ca";

};

include "/etc/named.rfc1912.zones";

//forward zone

zone "swalt.info" IN {

type master;

file "swalt.info.zone";

//allow-update { none; };

// we assume we have a slave dns server with the IP192.168.10.6

allow-transfer { 192.168.20.2; };

notify yes;

also-notify { 192.168.20.2; };

};

//reserve zone

zone "20.168.192.in-addr.arpa" IN {

type master;

file "192.168.20.zone";

//allow-update { none; };

// we assume we have a slave dns server with the IP 192.168.10.6

allow-transfer { 192.168.20.2; };

notify yes;

also-notify { 192.168.20.2; };

};

Menyimpan konfiguras dengan ctrl+o dan ctrl+x untuk keluar.

d. Membuat file zone.

a) Membuat swalt.info.zone yang terletak di

/var/named/chroot/var/named/

#nano /var/named/chroot/var/named/swalt.info.zone

Konfigurasi :

$ttl 38400

swalt.info. IN SOA ns.swalt.info. admin.swalt.info. (

2012041401 ; Serial

10800 ; Refresh after 3 hours

3600 ; Retry after 1 hour

604800 ; Expire after 1 week

86400 ) ; Minimum TTL of 1 day;

swalt.info. IN NS ns.swalt.info.

ns.swalt.info. IN A 192.168.20.2

www.swalt.info. IN CNAME ns.swalt.info.

cumi.swalt.info. IN CNAME ns.swalt.info.

mail.swalt.info. IN A 192.168.20.1

kalkun.swalt.info. IN A 192.168.20.3

file.swalt.info. IN A 192.168.20.4

db.swalt.info. IN A 192.168.20.5

b) Membuat file 192.168.20.zone yang terletak di

/var/named/chroot/var/named/

#nano /var/named/chroot/var/192.168.20.zone

Konfigurasi :

$TTL 86400

20.168.192.in-addr.arpa. IN SOA ns.swalt.info.admin.swalt.info. (

2012041402

10800

900

604800

3600 )

20.168.192.in-addr.arpa. IN NS ns.swalt.info.

2.20.168.192.in-addr.arpa. IN PTR www.swalt.info

1.20.168.192.in-addr.arpa. IN PTR mail.swalt.info.

2.20.168.192.in-addr.arpa. IN PTR cumi.swalt.info.

3.20.168.192.in-addr.arpa. IN PTR kalkun.swalt.info.

4.20.168.192.in-addr.arpa. IN PTR file.swalt.info.

5.20.168.192.in-addr.arpa. IN PTR db.swalt.info.

e. Mengedit resolv.conf

#nano /etc/resolv.conf

f. Membuka port 53 untuk DNS server.

#iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT

#iptables -I INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT

g. Melakukan restart service named.

# service named restart

h. Melakukan pengetesan kecil untuk DNS server.

#nslookup ns.swalt.info

Saturday, 22 October 2016

DNS Server Dengan bind-chroot di Centos

0 komentar:

Post a Comment

Translate

About Me

Blog Archive

Comment

Labels

Blogroll