DNS ?
DNS (Domain Name System) adalah komponen inti dari infrastruktur jaringan. Fungsi utama DNS adalah meresolve hostname ke alamat ip dan sebaliknya alamat ip ke hostname. Sebagai contoh jika kita mengetikkan http://www.bowzblackhat.com di browser, server DNS menerjemahkan nama domain ke alamat ip yang sesuai. Sehingga membuat kita mudah untuk mengingat nama domain bukan alamat ip-nya.
apabila sudah mengerti apa itu DNS beserta fungsinya, mari kita lanjutkan terhadap installasi DNS di Centos 6.
Skenario :
Disini kita mempunyai 2 buat server yaitu Primary DNS Server dan Secondary DNS Server
[A] Primary/Master DNS Server:
Operating System : CentOS 6.5 32 bit (Minimal Server)
Hostname : ns1.bowzblackhat.com
IP Address : 192.168.1.200/24
[B] Secondary/Slave DNS Server:
Operating System : CentOS 6.5 32 bit (Minimal Server)
Hostname : ns2.bowzblackhat.com
IP Address : 192.168.1.201/24
Installasi dan Konfigurasi Primary(Master) DNS Server
[root@ns1~]# yum install bind* -y
1. Konfigurasi DNS Server
konfigurasi dapat di lihat di bawah ini, ubah tulisan yang cetak tebal sesuai dengan nama dan alamat server yang anda miliki
[root@masterdns ~]# vi /etc/named.conf
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
/options {
listen-on port 53 { 127.0.0.1; 192.168.1.200;}; ## Master DNS IP ##
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; }; ## IP Range ##
allow-transfer{ localhost; 192.168.1.201; }; ## Slave DNS IP ##
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN { type hint; file "named.ca";
};
zone"bowzblackhat.com" IN { type master; file "fwd.bbh.com";
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN { type master; file "rev.bbh.com";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";2. Buat Zone File
Buat file 'fwd.bbh.com' dalam direktori 'var/named' seperti di bawah ini
- Forward Zone
[root@ns1~]# vi /var/named/fwd.bbh.com
$TTL 86400
@ IN SOA ns1.bowzblackhat.com. root.ostechnix.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@IN NS ns1.bowzblackhat.com.
@IN NS ns2.bowzblackhat.com.masterdns
@IN A 192.168.1.200
ns2 IN A 192.168.1.201Buat file 'rev.bbh.com' dalam direktori 'var/named' seperti di bawah ini
- Reverse Zone
[root@ns1~]# vi /var/named/rev.bbh.com
$TTL 86400
@ IN SOA ns1.bowzblackhat.com. root.bowzblackhat.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@IN NS ns1.bowzblackhat.com.
@IN NS ns2.bowzblackhat.com.
ns1 IN A 192.168.1.200
ns2 IN A 192.168.1.201
200 IN PTR ns1.bowzblackhat.com.
201 IN PTR ns2.bowzblackhat.com.3. Start Bind Service
[root@ns1~]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[root@ns1~]# chkconfig named on4. Memberikan izin untuk DNS server Melalui iptables
tambahkan baris code di bawah ini pada file '/etc/sysconfig/iptables, ini di lakukan agar semua client dapat akes untuk ke DNS server.
[root@ns1~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT5. Cek Error syntak terhadap file yang di konfigurasi
Cek DNS config file
[root@masterdns ~]# named-checkconf /etc/named.conf
[root@masterdns ~]# named-checkconf /etc/named.rfc1912.zones
Cek Zone file
[root@masterdns ~]# named-checkzone bowzblackhat.com /var/named/fwd.bowzblackhat.com
zone bowzblackhat.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]# named-checkzone bowzblackhat.com /var/named/rev.bowzblackhat.com
zone bowzblackhat.com/IN: loaded serial 2011071001
OK6. Test DNS Server
[root@ns1~]# dig ns1.bowzblackhat.com
NB: Apabila telah sukses sampai dengan step 6 maka pembuatan primary DNS server telah sukses di buat, apabila memiliki pertanyaan silahkan langsung tanyakan di tempat tanya jawab.
Selanjut nya yu kita pindah ke page Konfigurasi DNS Server (Secondary/NS2) di CentOS 6
EmoticonEmoticon