Menentukan Nama Domain , IP
Primary(Master) DNS Server Details:
Operating System : CentOS 6.5 64 bit (Minimal Server)
Hostname : masterdns.jst-indonesia.com
IP Address : 192.9.18.25/24
install bind service
yum install bind* -y
1.Configure DNS Server
vim /etc/named.conf
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.9.18.25; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.9.18.0/24; };
allow-transfer { localhost; 192.9.18.26; }; #for slavedns
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "jst-indonesia.com" IN {
type master;
file "fwd.jst-indonesia.com";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "rev.jst-indonesia.com";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2. Create Zone files
sekarnag kita akan membuat foreard dan reverse zone .
[A] Forward Zone
Buat file "fwd.jst-indonesia.com" dalam direktory "/var/named" dan tambahkan forward zone seperti berikut:
vim /var/named/fwd.jst-indonesia.com
$TTL 86400
@ IN SOA masterdns.jst-indonesia.com. root.jst-indonesia.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS masterdns.jst-indonesia.com.
@ IN NS slavedns.jst-indonesia.com.
masterdns IN A 192.9.18.25
slavedns IN A 192.9.18.26
[B] Reverse Zone
buat file ‘rev.jst-indonesia.com’ pada direktory ‘/var/named’ dan tambahkan reverse zone seperti berikut ini:
vim /var/named/rev.jst-indonesia.com
$TTL 86400
@ IN SOA masterdns.jst-indonesia.com. root.jst-indonesia.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS masterdns.jst-indonesia.com.
@ IN NS slavedns.jst-indonesia.com.
masterdns IN A 192.9.18.25
slavedns IN A 192.9.18.26
200 IN PTR masterdns.jst-indonesia.com.
201 IN PTR slavedns.jst-indonesia.com.
3.Start the bind service
service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
set auto start when startup
chkconfig named on
4. Allow DNS Server through iptables
vim /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
#firewall bind service
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
COMMIT
5. Start Firewall / iptables
service iptables start
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
6. Test syntax errors of DNS configuration and zone files
[A] Check DNS Config file
named-checkconf /etc/named.conf
named-checkconf /etc/named.rfc1912.zones
[B] Check zone files
named-checkzone jst-indonesia.com /var/named/fwd.jst-indonesia.comzone
jst-indonesia.com/IN: loaded serial 2011071001
OK
named-checkzone jst-indonesia.com /var/named/rev.jst-indonesia.com
zone jst-indonesia.com/IN: loaded serial 2011071001
OK
7. Test DNS Server
Method [A]:
dig masterdns.jst-indonesia.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> masterdns.jst-indonesia.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37297
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.jst-indonesia.com. IN A
;; ANSWER SECTION:
masterdns.jst-indonesia.com. 86400 IN A 192.9.18.25
;; AUTHORITY SECTION:
jst-indonesia.com. 86400 IN NS masterdns.jst-indonesia.com.
jst-indonesia.com. 86400 IN NS slavedns.jst-indonesia.com.
;; ADDITIONAL SECTION:
slavedns.jst-indonesia.com. 86400 IN A 192.9.18.26
;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Oct 28 09:29:13 2014
;; MSG SIZE rcvd: 114
Method [b]:
dig -x 192.9.18.25
or
Method [C]:
nslookup masterdns
No comments:
Post a Comment