.png)
Instalasi dan Konfigurasi Master - Slave DNS BIND di Centos 8
Pada panduan kali ini saya asumsikan anda sudah menginstall 2 buah server dengan os Centos 8. Serta telah melakukan setting IP Address ditiap server, baik Master maupun Slave.
Berikut IP Address dan Domain yang saya gunakan:
- 103.123.236.236 - Master DNS
- 103.123.236.237 - Slave DNS
- serverbaik.xyz - Zone (Domain Name)
Langkah selanjutnya kita lakukan installasi bind pada server master dan server slave dengan perintah sebagai berikut.
$ sudo yum install bind bind-utils vim
Selanjutnya kita akan lakukan konfigurasi pada file /etc/named.conf seperti dibawah ini.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // named.conf | |
| // | |
| // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS | |
| // server as a caching only nameserver (as a localhost DNS resolver only). | |
| // | |
| // See /usr/share/doc/bind*/sample/ for example named configuration files. | |
| // | |
| options { | |
| listen-on port 53 { any; }; | |
| listen-on-v6 port 53 { any; }; | |
| directory "/var/named"; | |
| dump-file "/var/named/data/cache_dump.db"; | |
| statistics-file "/var/named/data/named_stats.txt"; | |
| memstatistics-file "/var/named/data/named_mem_stats.txt"; | |
| secroots-file "/var/named/data/named.secroots"; | |
| recursing-file "/var/named/data/named.recursing"; | |
| allow-query { any; }; | |
| allow-transfer { 103.123.236.237; }; //Isi dengan IP Address DNS Master | |
| /* | |
| - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. | |
| - If you are building a RECURSIVE (caching) DNS server, you need to enable | |
| recursion. | |
| - If your recursive DNS server has a public IP address, you MUST enable access | |
| control to limit queries to your legitimate users. Failing to do so will | |
| cause your server to become part of large scale DNS amplification | |
| attacks. Implementing BCP38 within your network would greatly | |
| reduce such attack surface | |
| */ | |
| recursion no; //Ubah jadi no | |
| dnssec-enable yes; | |
| dnssec-validation yes; | |
| managed-keys-directory "/var/named/dynamic"; | |
| pid-file "/run/named/named.pid"; | |
| session-keyfile "/run/named/session.key"; | |
| /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */ | |
| include "/etc/crypto-policies/back-ends/bind.config"; | |
| }; | |
| logging { | |
| channel default_debug { | |
| file "data/named.run"; | |
| severity dynamic; | |
| }; | |
| }; | |
| zone "." IN { | |
| type hint; | |
| file "named.ca"; | |
| }; | |
| include "/etc/named.rfc1912.zones"; | |
| include "/etc/named.root.key"; | |
| // Tambahkan Zone Record | |
| zone "serverbaik.xyz" IN { // Isi dengan domain anda | |
| type master; | |
| file "serverbaik.forward"; // Nama file boleh disesuaikan | |
| allow-update { none; }; | |
| }; | |
| zone "236.123.103.in-addr.arpa" IN { // Isi dengan 3 oktet ip address tapi dibalik | |
| type master; | |
| file "serverbaik.reverse"; // nama file boleh disesuaikan | |
| allow-update { none; }; | |
| }; |
Buat file zone untuk forward, sesuaikan nama file dengan konfigurasi named.conf, pastikan owner dari file ini adalah named.
$ sudo vim /var/named/serverbaik.forward
Kemudian isi dengan file berikut.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $TTL 1D | |
| @ IN SOA aku.serverbaik.xyz. root.serverbaik.xyz. ( | |
| 2019022400 ; serial | |
| 1D ; refresh | |
| 1H ; retry | |
| 1W ; expire | |
| 3H ) ; minimum | |
| ;Name Servers Record | |
| IN NS aku.serverbaik.xyz. | |
| IN NS kamu.serverbaik.xyz. | |
| ;A Record | |
| aku.serverbaik.xyz. IN A 103.123.236.236 | |
| kamu.serverbaik.xyz. IN A 103.123.236.237 | |
| serverbaik.xyz. IN A 103.123.236.15 |
$ sudo vim /var/named/serverbaik.reverse
Kemudian isi dengan file berikut.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $TTL 1D | |
| @ IN SOA aku.serverbaik.xyz. root.serverbaik.xyz. ( | |
| 2019022400 ; serial | |
| 1D ; refresh | |
| 1H ; retry | |
| 1W ; expire | |
| 3H ) ; minimum | |
| ;Name Servers Record | |
| IN NS aku.serverbaik.xyz. | |
| IN NS kamu.serverbaik.xyz. | |
| ;A Record | |
| 236 IN PTR aku.serverbaik.xyz. | |
| 237 IN PTR kamu.serverbaik.xyz. | |
| 15 IN PTR serverbaik.xyz. |
$ sudo firewall-cmd --add-service=dns --permanent
$ sudo firewall-cmd --reload
kemudian cek konfigurasi dns dan start service named dengan perintah
$ sudo named-checkconf
$ sudo systemctl start named
$ sudo systemctl enable named
Konfigurasi untuk DNS Master selesai, selanjutnya kita akan konfigurasi DNS Slave.
Buka file file named.conf yang berada di /etc.
$ sudo vim /etc/named.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| / | |
| // named.conf | |
| // | |
| // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS | |
| // server as a caching only nameserver (as a localhost DNS resolver only). | |
| // | |
| // See /usr/share/doc/bind*/sample/ for example named configuration files. | |
| // | |
| options { | |
| listen-on port 53 { any; }; | |
| listen-on-v6 port 53 { any; }; | |
| directory "/var/named"; | |
| dump-file "/var/named/data/cache_dump.db"; | |
| statistics-file "/var/named/data/named_stats.txt"; | |
| memstatistics-file "/var/named/data/named_mem_stats.txt"; | |
| secroots-file "/var/named/data/named.secroots"; | |
| recursing-file "/var/named/data/named.recursing"; | |
| allow-query { any; }; | |
| allow-transfer { none; }; | |
| /* | |
| - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. | |
| - If you are building a RECURSIVE (caching) DNS server, you need to enable | |
| recursion. | |
| - If your recursive DNS server has a public IP address, you MUST enable access | |
| control to limit queries to your legitimate users. Failing to do so will | |
| cause your server to become part of large scale DNS amplification | |
| attacks. Implementing BCP38 within your network would greatly | |
| reduce such attack surface | |
| */ | |
| recursion yes; | |
| dnssec-enable yes; | |
| dnssec-validation yes; | |
| managed-keys-directory "/var/named/dynamic"; | |
| pid-file "/run/named/named.pid"; | |
| session-keyfile "/run/named/session.key"; | |
| /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */ | |
| include "/etc/crypto-policies/back-ends/bind.config"; | |
| }; | |
| logging { | |
| channel default_debug { | |
| file "data/named.run"; | |
| severity dynamic; | |
| }; | |
| }; | |
| zone "." IN { | |
| type hint; | |
| file "named.ca"; | |
| }; | |
| include "/etc/named.rfc1912.zones"; | |
| include "/etc/named.root.key"; | |
| // Zone | |
| zone "serverbaik.xyz" IN { | |
| type slave; | |
| file "slaves/serverbaik.forward"; //nama samakan dengan file zone di master | |
| masters { 103.123.236.236; }; //Isi dengan ip master | |
| }; | |
| zone "236.123.103.in-addr.arpa" IN { | |
| type slave; | |
| file "slaves/serverbaik.reverse"; | |
| masters { 103.123.236.236; }; | |
| }; |
Setelah itu kita setting firewall supaya mengijinkan service dns
$ sudo firewall-cmd --add-service=dns --permanent
$ sudo firewall-cmd --reload
kemudian cek konfigurasi dns dan start service named dengan perintah
$ sudo named-checkconf
$ sudo systemctl start named
$ sudo systemctl enable named
setelah selesai silakan cek folder /var/named/slaves harusnya sudah ada file zone disitu.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ll /var//named/slaves | |
| total 8 | |
| -rw-r--r--. 1 named named 339 Dec 3 20:18 serverbaik.forward | |
| -rw-r--r--. 1 named named 436 Dec 3 20:18 serverbaik.reverse |
Jika ada error mari kita diskusikan di kolom komentar :D
0 comments: