Konfigurasi DNS Server di Server 1
Alamat IP Server1: 172.23.0.26
Alamat IP Server2: 172.23.0.27
Install BIND
yum -y install bind bind-utilsDisini kita akan membuat dns server dengan domain sysidn.id
Kita perlu mengkonfigurasi file named.conf
vim /etc/named.conf
.......
options {
listen-on port 53 { any; }; ##Mengubah listen port ke semua IP
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; ##Mengizinkan semua host untuk melakukan query ke server kita
allow-transfer { localhost; 172.23.0.27; }; #Mengizinkan transfer dns record ke dns server slave yang beralamat IP 172.23.0.27
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion no; #Menonaktifkan fitur recursion
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
##Membuat Zone File untuk domain sysidn.id
#Forward Zone
#Filenya akan berisi database Domain di Mapping ke IP
zone "sysidn.id" IN {
type master;
file "sysidn.id";
allow-update { none; };
};
#Reverse Zone (Kebalikan dari Forward Zone)
#Filenya akan berisi database IP di Mapping ke Domain 0.23.172.in-addr.arpa merupakan subnet kebalikan dari subnet IP server1
zone "0.23.172.in-addr.arpa" IN {
type master;
file "sysidn.id.rev";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
.......Selanjutnya kita buat file berlokasi di direktori /var/named
Pertama kita buat file untuk forward zone
vim /var/named/sysidn.id
.......
$TTL 1D
@ IN SOA sysidn.id. root.sysidn.id. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.sysidn.id.
@ IN NS ns2.sysidn.id.
@ IN A 172.23.0.26
@ IN MX 5 mail.sysidn.id.
ns1 IN A 172.23.0.26
ns2 IN A 172.23.0.27
mail IN A 172.23.0.27
.......@ merupakan definisi yang kita lakukan di SOA, @ disini berarti domain sysidn.id
Kita wajib membuat catatan NS yang berfungsi untuk mendifinisikan server yang menghandle DNS kita jadi IP dari ns1 dan ns2 adalah IP server1 dan server2.
Disini saya buat juga catatan untuk Mail server(tidak wajib)
Selanjutnya kita buat file untuk reverse zone
vim /var/named/sysidn.id.rev
.......
$TTL 1D
@ IN SOA sysidn.id. root.sysidn.id. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.sysidn.id.
@ IN NS ns2.sysidn.id.
26 IN PTR sysidn.id.
26 IN PTR ns1.sysidn.id.
27 IN PTR ns2.sysidn.id.
27 IN PTR mail.sysidn.id.
.......Di PTR Record kita isi angka alamat IP paling belakang server1, untuk NS1 sama dan untuk NS2 kita isi angka alamat IP paling belakang server2. Selanjutnya kita perlu mengubah owner & group 2 file tadi.
chown root:named /var/named/sysidn.id
chown root:named /var/named/sysidn.id.revSelanjutnya lakukan pengecekan file yang kita konfigurasi tadi
Jika muncul loaded serial x berarti konfigurasi kita berhasil
Pengecekan file named.conf:
named-checkconf -z /etc/named.conf
zone sysidn.id/IN: loaded serial 1
zone 0.23.172.in-addr.arpa/IN: loaded serial 1
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0Pengecekan file forward zone:
named-chekconf sysidn.id /var/named/sysidn.id
zone sysidn.id/IN: loaded serial 1
OKPengecekan file reverse zone:
named-checkzone 172.23.0.26 /var/named/sysidn.id.rev
zone 172.23.0.26/IN: loaded serial 1
OKTerakhir kita lakukan restart service named
systemctl restart namedJangan lupa tambahkan rule firewall untuk DNS
firewall-cmd --add-port=53/udp --permanent
firewall-cmd --add-port=53/tcp --permanent
firewall-cmd --reloadPengecekan DNS dari server1
jika muncul jawaban pada answer section berarti konfigurasi dns kita berhasil
dig @172.23.0.26 sysidn.id
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 <<>> @localhost sysidn.id
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56114
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sysidn.id. IN A
;; ANSWER SECTION:
sysidn.id. 86400 IN A 172.23.0.26
;; AUTHORITY SECTION:
sysidn.id. 86400 IN NS ns1.sysidn.id.
sysidn.id. 86400 IN NS ns2.sysidn.id.
;; ADDITIONAL SECTION:
ns1.sysidn.id. 86400 IN A 172.23.0.26
ns2.sysidn.id. 86400 IN A 172.23.0.27
;; Query time: 1 msec
;; SERVER: 172.23.0.27#53(172.23.0.27)
;; WHEN: Tue Jun 21 11:57:48 WIB 2022
;; MSG SIZE rcvd: 122Konfigurasi DNS Server di Server2
Install BIND
yum -y install bind bind-utilsKonfigurasi file named.conf
lakukan konfigurasi seperti di server1
selanjutnya kita hanya perlu menambahkan zone dengan tipe slave di forward & reverse zone
IP dari masters adalah IP server1, untuk lokasi kita arahkan ke folder slaves dengan nama file bebas
vim /etc/named.conf
.......
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
allow-query {any; };
zone "sysidn.id" IN {
type slave;
masters { 172.23.0.26; };
file "slaves/sysidn.id";
notify no;
};
zone "0.23.172.in-addr.arpa" IN {
type slave;
masters { 172.23.0.26; };
file "slaves/sysidn.id.rev";
notify no;
};
.......Terakhir kita restart service named
systemctl restart namedCek file di direktori /var/named/slaves
ls /var/named/slaves/
sysidn.id sysidn.id.revTambahkan rule firewall
firewall-cmd --add-port=53/udp --permanent
firewall-cmd --add-port=53/tcp --permanent
firewall-cmd --reloadPengecekan di server2
dig @172.23.0.27 sysidn.id
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 <<>> @172.23.0.27 sysidn.id
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40248
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sysidn.id. IN A
;; ANSWER SECTION:
sysidn.id. 86400 IN A 172.23.0.26
;; AUTHORITY SECTION:
sysidn.id. 86400 IN NS ns1.sysidn.id.
sysidn.id. 86400 IN NS ns2.sysidn.id.
;; ADDITIONAL SECTION:
ns1.sysidn.id. 86400 IN A 172.23.0.26
ns2.sysidn.id. 86400 IN A 172.23.0.27
;; Query time: 0 msec
;; SERVER: 172.23.0.27#53(172.23.0.27)
;; WHEN: Tue Jun 21 13:02:45 WIB 2022
;; MSG SIZE rcvd: 122