Arief Yudhawarman

Masih belajar buat blog

Konfigurasi DNS dengan Bind

with 5 comments


Prolog
Konfigurasi DNS perlu dilakukan sebelum instalasi Server Mail dengan Zimbra Collocation Server. Di sini kita menggunakan Operating System Linux CentOS 5.4 yang sudah diinstal mengikuti panduan Instalasi Server Linux CLI dengan CentOS 5.4

Konfigurasi Domain & Hostname:

  • Domain : centos.org
  • Hostname : vbox-server.centos.org
  • Zimbra(*) : server.centos.org
  • MX (Mail Exchanger): mail.centos.org
  • DNS forwarders: 192.168.87.97

(*)Ini adalah nama server zimbra yang akan diinstal di server linux.

Konfigurasi IP:

  • IP Address: 192.168.87.103
  • Gateway : 192.168.87.97

Edit file konfigurasi named.conf

  1. Pindah ke direktori /var/named/chroot/etc/. Kemudian buat file named.conf dengan vi atau nano.
    options {
    	directory "/var/named";
    	// If there is a firewall between you and nameservers you want
    	// to talk to, you may need to fix the firewall to allow multiple
    	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
    
    	// If your ISP provided one or more IP addresses for stable
    	// nameservers, you probably want to use them as forwarders.
    	// Uncomment the following block, and insert the addresses replacing
    	// the all-0's placeholder.
    
    	forwarders {
    	 	192.168.87.97;
    	};
            forward only;
    	auth-nxdomain no;    # conform to RFC1035
    	listen-on-v6 { any; };
                                  // version statement - inhibited for security
                                  // (avoids hacking any known weaknesses)
                                  version "not currently available";
                                  // disables all zone transfer requests
                                  allow-transfer { "none"; };
    };
    
    view "localnet"
    {
        // This view sets up named to be a localhost resolver
        // (caching only nameserver).
        // If all you want is a caching-only nameserver,
        // then you need only define this view:
        match-clients           { 127.0.0.1;
                                  192.168.86.0/24;
                                  192.168.87.0/24; };
    
        // prime the server with knowledge of the root servers
        zone "." {
        	type hint;
        	file "db.root";
        };
        // be authoritative for the localhost forward and reverse zones, and for
        // broadcast zones as per RFC 1912
        zone "localhost" {
        	type master;
        	file "db.local";
                                  allow-update { "none" ; };
        };
    
        zone "127.in-addr.arpa" {
        	type master;
        	file "db.127";
                                  allow-update { "none" ; };
        };
    
        zone "0.in-addr.arpa" {
        	type master;
        	file "db.0";
                                  allow-update { "none" ; };
        };
    
        zone "255.in-addr.arpa" {
        	type master;
        	file "db.255";
                                  allow-update { "none" ; };
        };
    
        zone "87.168.192.in-addr.arpa" {
        	type master;
        	file "db.192.168.87";
                                  allow-update { "none" ; };
        };
    
        zone "centos.org" {
        	type master;
        	file "db.centos.org";
        };
    };
  2. Buat symbolic link /etc/named.conf
    ln -s /var/named/chroot/etc/named.conf /etc/named.conf


Edit file-file zone

  1. Pindah ke direktori /var/named/chroot/var/named/. Buat file-file zone:
    • db.0
    • db.127
    • db.255
    • db.192.168.87
    • db.local
    • db.root
    • db.centos.org

    File-file yang perlu diedit (disesuaikan dengan domain) adalah db.192.168.87 dan db.centos.org.

    • /var/named/chroot/var/named/db.0
      ; BIND reverse data file for broadcast zone 
      ; 
      $TTL	604800 
      @	IN	SOA	localhost. root.localhost. ( 
      			      1		; Serial 
      			 604800		; Refresh 
      			  86400		; Retry 
      			2419200		; Expire 
      			 604800 )	; Negative Cache TTL 
      ; 
      @	IN	NS	localhost.

       

    • /var/named/chroot/var/named/db.127
      ; 
      ; BIND reverse data file for local loopback interface 
      ; 
      $TTL	604800 
      @	IN	SOA	localhost. root.localhost. ( 
      			      1		; Serial 
      			 604800		; Refresh 
      			  86400		; Retry 
      			2419200		; Expire 
      			 604800 )	; Negative Cache TTL 
      ; 
      @	IN	NS	localhost. 
      1.0.0	IN	PTR	localhost.

       

    • /var/named/chroot/var/named/db.255
      ; 
      ; BIND reverse data file for broadcast zone 
      ; 
      $TTL	604800 
      @	IN	SOA	localhost. root.localhost. ( 
      			      1		; Serial 
      			 604800		; Refresh 
      			  86400		; Retry 
      			2419200		; Expire 
      			 604800 )	; Negative Cache TTL 
      ; 
      @	IN	NS	localhost.

       

    • /var/named/chroot/var/named/db.192.168.87
      $TTL	604800 
      @	IN	SOA	ns1.centos.org. hostmaster.centos.org. ( 
      			      2		; Serial 
      			 604800		; Refresh 
      			  86400		; Retry 
      			2419200		; Expire 
      			 604800 )	; Negative Cache TTL 
      ; 
      @	IN	NS	ns1.centos.org. 
      103	IN	PTR	server.centos.org.

       

    • /var/named/chroot/var/named/db.local
      ; 
      ; BIND data file for local loopback interface 
      ; 
      $TTL	604800 
      @	IN	SOA	localhost. root.localhost. ( 
      			      2		; Serial 
      			 604800		; Refresh 
      			  86400		; Retry 
      			2419200		; Expire 
      			 604800 )	; Negative Cache TTL 
      ; 
      @	IN	NS	localhost. 
      @	IN	A	127.0.0.1 
      @	IN	AAAA	::1

       

    • /var/named/chroot/var/named/db.root
      ;       This file holds the information on root name servers needed to 
      ;       initialize cache of Internet domain name servers 
      ;       (e.g. reference this file in the "cache  .  " 
      ;       configuration file of BIND domain name servers). 
      ; 
      ;       This file is made available by InterNIC 
      ;       under anonymous FTP as 
      ;           file                /domain/named.root 
      ;           on server           FTP.INTERNIC.NET 
      ;       -OR-                    RS.INTERNIC.NET 
      ; 
      ;       last update:    Dec 12, 2008 
      ;       related version of root zone:   2008121200 
      ; 
      ; formerly NS.INTERNIC.NET 
      ; 
      .                        3600000  IN  NS    A.ROOT-SERVERS.NET. 
      A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4 
      A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30 
      ; 
      ; FORMERLY NS1.ISI.EDU 
      ; 
      .                        3600000      NS    B.ROOT-SERVERS.NET. 
      B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201 
      ; 
      ; FORMERLY C.PSI.NET 
      ; 
      .                        3600000      NS    C.ROOT-SERVERS.NET. 
      C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12 
      ; 
      ; FORMERLY TERP.UMD.EDU 
      ; 
      .                        3600000      NS    D.ROOT-SERVERS.NET. 
      D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90 
      ; 
      ; FORMERLY NS.NASA.GOV 
      ; 
      .                        3600000      NS    E.ROOT-SERVERS.NET. 
      E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10 
      ; 
      ; FORMERLY NS.ISC.ORG 
      ; 
      .                        3600000      NS    F.ROOT-SERVERS.NET. 
      F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241 
      F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F 
      ; 
      ; FORMERLY NS.NIC.DDN.MIL 
      ; 
      .                        3600000      NS    G.ROOT-SERVERS.NET. 
      G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4 
      ; 
      ; FORMERLY AOS.ARL.ARMY.MIL 
      ; 
      .                        3600000      NS    H.ROOT-SERVERS.NET. 
      H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53 
      H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235 
      ; 
      ; FORMERLY NIC.NORDU.NET 
      ; 
      .                        3600000      NS    I.ROOT-SERVERS.NET. 
      I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17 
      ; 
      ; OPERATED BY VERISIGN, INC. 
      ; 
      .                        3600000      NS    J.ROOT-SERVERS.NET. 
      J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30 
      J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30 
      ; 
      ; OPERATED BY RIPE NCC 
      ; 
      .                        3600000      NS    K.ROOT-SERVERS.NET. 
      K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129 
      K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1 
      ; 
      ; OPERATED BY ICANN 
      ; 
      .                        3600000      NS    L.ROOT-SERVERS.NET. 
      L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42 
      L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42   
      ; 
      ; OPERATED BY WIDE 
      ; 
      .                        3600000      NS    M.ROOT-SERVERS.NET. 
      M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33 
      M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35 
      ; End of File

       

    • /var/named/chroot/var/named/db.centos.org
      ; 
      ; BIND data file for local loopback interface 
      ; 
      $TTL	604800 
      @	IN	SOA	ns1.centos.org. hostmaster.centos.org. ( 
      			      2		; Serial 
      			 604800		; Refresh 
      			  86400		; Retry 
      			2419200		; Expire 
      			 604800 )	; Negative Cache TTL 
      ; 
      @	IN	NS	ns1.centos.org. 
      @	IN	A	192.168.87.103 
      @	IN	AAAA	::1 
      @	IN	MX	10 mail.centos.org. 
      ns1	IN	A	192.168.87.103 
      mail	IN	A	192.168.87.103 
      server  IN	CNAME	ns1

       

  2. Sebelum service named dijalankan. Cek dulu file konfigurasi named.conf dan file-file zona dengan perintah named-checkconf -t /var/named/chroot -z
    [root@vbox-server ~]# named-checkconf -t /var/named/chroot -z
    zone localhost/IN: loaded serial 2
    zone 127.in-addr.arpa/IN: loaded serial 1
    zone 0.in-addr.arpa/IN: loaded serial 1
    zone 255.in-addr.arpa/IN: loaded serial 1
    zone 87.168.192.in-addr.arpa/IN: loaded serial 2
    zone centos.org/IN: loaded serial 2
  3. Jika tidak ada masalah lanjutkan dengan aktifkan service named dan instal servicenya dengan chkconfig agar setiap kali server booting service named selalu dijalankan.
    [root@vbox-server ~]# /etc/init.d/named start
    Starting named:                                            [  OK  ]
    [root@vbox-server ~]# cd /etc/init.d
    [root@vbox-server init.d]# chkconfig --level 2345 named on
  4. Cek log /var/log/messages apakah ada kesalahan dalam starting service named.
    [root@vbox-server ~]# less /var/log/messages
    Mar  6 14:27:38 vbox named[17280]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5 -u named -t  /var/named/chroot
    Mar  6 14:27:38 vbox named[17280]: adjusted limit on open files from 1024 to 1048576
    Mar  6 14:27:38 vbox named[17280]: found 1 CPU, using 1 worker thread
    Mar  6 14:27:38 vbox named[17280]: using up to 4096 sockets
    Mar  6 14:27:38 vbox named[17280]: loading configuration from '/etc/named.conf'
    Mar  6 14:27:38 vbox named[17280]: using default UDP/IPv4 port range: [1024, 65535]
    Mar  6 14:27:38 vbox named[17280]: using default UDP/IPv6 port range: [1024, 65535]
    Mar  6 14:27:38 vbox named[17280]: listening on IPv6 interfaces, port 53
    Mar  6 14:27:38 vbox named[17280]: listening on IPv4 interface lo, 127.0.0.1#53
    Mar  6 14:27:38 vbox named[17280]: listening on IPv4 interface eth0, 192.168.87.103#53
    Mar  6 14:27:38 vbox named[17280]: command channel listening on 127.0.0.1#953
    Mar  6 14:27:38 vbox named[17280]: command channel listening on ::1#953
    Mar  6 14:27:38 vbox named[17280]: the working directory is not writable
    Mar  6 14:27:38 vbox named[17280]: zone 0.in-addr.arpa/IN/localnet: loaded serial 1
    Mar  6 14:27:38 vbox named[17280]: zone 127.in-addr.arpa/IN/localnet: loaded serial 1
    Mar  6 14:27:38 vbox named[17280]: zone 87.168.192.in-addr.arpa/IN/localnet: loaded serial 2
    Mar  6 14:27:38 vbox named[17280]: zone 255.in-addr.arpa/IN/localnet: loaded serial 1
    Mar  6 14:27:38 vbox named[17280]: zone localhost/IN/localnet: loaded serial 2
    Mar  6 14:27:38 vbox named[17280]: zone centos.org/IN/localnet: loaded serial 2
    Mar  6 14:27:38 vbox named[17280]: running
  5. Edit file /etc/hosts dan /etc/resolv.conf.
    [root@vbox-server ~]# cat /etc/hosts
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1       localhost.localdomain localhost
    192.168.87.103  vbox-server.centos.org vbox-server
    #::1		localhost6.localdomain6 localhost6
    
    [root@vbox-server ~]# cat /etc/resolv.conf
    nameserver 127.0.0.1
  6. Lakukan test untuk domain lokal dan internet.
    [root@vbox-server ~]# host server.centos.org
    server.centos.org is an alias for ns1.centos.org.
    ns1.centos.org has address 192.168.87.103
    
    [root@vbox-server ~]# host -t mx centos.org
    centos.org mail is handled by 10 mail.centos.org.
    
    [root@vbox-server ~]# host www.yahoo.com
    www.yahoo.com is an alias for fd-fp3.wg1.b.yahoo.com.
    fd-fp3.wg1.b.yahoo.com is an alias for ds-fp3.wg1.b.yahoo.com.
    ds-fp3.wg1.b.yahoo.com is an alias for ds-sg-fp3-lfb.wg1.b.yahoo.com.
    ds-sg-fp3-lfb.wg1.b.yahoo.com is an alias for ds-sg-fp3.wg1.b.yahoo.com.
    ds-sg-fp3.wg1.b.yahoo.com has address 106.10.170.118
    ds-sg-fp3.wg1.b.yahoo.com has IPv6 address 2406:2000:ac:8::c:9102
    ds-sg-fp3.wg1.b.yahoo.com has IPv6 address 2406:2000:ac:8::c:9101


Set Folder Ownership
Jika di /var/log/messages muncul baris seperti ini:


May 1 10:15:58 vbox-server named[2296]: the working directory is not writable

Maka set folder ownership /var/named/chroot/var/named


[root@vbox-server ~]# chmod 775 /var/named/chroot/var/named



Last update: 2013-05-01 11:00 +07:00

About these ads

Written by awarmanf

February 17, 2013 at 2:13 am

Posted in Linux, Setup

Tagged with ,

5 Responses

Subscribe to comments with RSS.

  1. Makasih atas share ilmunya mas.
    tentunya ini sangat membantu.

    saya sangat senang belajar linux. tapi mas. saya biasanya saya setting hanya untuk lokal. seperti gateway, dns, web server, samba squid etc. ok lah untuk gateway dan squid udah di implementasikan ke warnet dan kantor.tapi mas kalo untuk email server kira2 gimana ya settinganya untuk perusahaan biar server kita bisa betul2 menjadi server email. dan syaratnya apa2 apa? maklum masih newbi. saya bisa cuman biasanya setting lokal. aja. mohon penjelasannya mas.?

    Makasih sebelumnya
    ijaldmi

    Dumai (daerah pesisir kepulauan)

    Abu Fauzan

    February 18, 2013 at 12:43 am

  2. [...] DNS sudah dikonfigurasi mengikuti manual Konfigurasi DNS dengan Bind [...]

  3. […] Konfigurasi DNS Untuk konfigurasi DNS silahkan ikuti panduan Konfigurasi DNS dengan Bind […]

  4. Greetings from Ohio! I’m bored to tears at work so I decided to check out your website on my
    iphone during lunch break. I really like the info you provide here and can’t wait to take a look when I get home.
    I’m surprised at how quick your blog loaded
    on my phone .. I’m not even using WIFI, just 3G .. Anyways, awesome site!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: