IT Tips and Trik: Build DNS Slave on CentOS 5.3

Dalam kasus ini penulis mempunyai internet gateway dengan ip 192.168.1.5 dan DNS server 192.168.1.90, untuk install DNS server di CentOS kita menggunakan package ;

bind-libs-9.3.4-10.P1.el5
bind-utils-9.3.4-10.P1.el5
bind-9.3.4-10.P1.el5

Instal bind dengan perintah :
# yum install bind bind-utils bind-libs

Setelah package terinstall, kita set konfigurasi file bind di /etc/named.conf ;

# vi /etc/named.conf
options {
directory "/var/named";
forwarders { masukkan ip dns isp sebagai pemisah tandai dgn ; };
};
zone "localhost.com" in {
type slave;
file "slaves/localhost.com";
masters { 192.168.0.6; };
};
# Reverse Zone for 192.168.1 iprange.
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
file "192.168.1.zone";
};
zone "." in {
type hint;
file "named.cache";
};

simpan file,huruf tebal sesuaikan dengan jaringan.

Sekarang kita buat zone untuk DMZ dari 192.168.1.6 sampai 192.168.1.99, buat file dengan nama 192.168.1.zone di folder /var/named/192.168.1.zone ;

$TTL 1D
@       IN      SOA     ns1.localhost.com. hostmaster.localhost.com. (
200705111 ; serial
21600      ; refresh after 6 hours
3600       ; retry after 1 hour
604800     ; expire after 1 week
86400 )    ; minimum TTL of 1 day
IN      NS      ns1.nfsint.com.
6   IN PTR pc006.localhost.com.
7   IN PTR pc007.localhost.com.
... (sampai dengan)
98  IN PTR pc098.localhost.com.
99  IN PTR pc099.localhost.com.

simpan file zone.

Setting Cache-nya di /var/named/named.cache ;

;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  "
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC
;       under anonymous FTP as
;           file                /domain/named.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:    Jan 29, 2004
;       related version of root zone:   2004012900
;
;
; formerly NS.INTERNIC.NET
;
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
;
; formerly NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
;
; formerly C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
;
; formerly TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     1 28.8.10.90
;
; formerly NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
;
; formerly NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
;
; formerly NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
;
; operated by VeriSign, Inc.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
;
; operated by RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
;
; operated by ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     198.32.64.12
;
; operated by WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
; End of File

simpan jika sudah selesai. lalu buat slave zone di /var/named/slave/localhost.com ;

$ORIGIN nfsint.com.
$TTL 86400
@       IN      SOA     ns1.localhost.com. hostmaster.localhost.com. (
200705291  ; serial
21600      ; refresh after 6 hours
3600       ; retry after 1 hour
604800     ; expire after 1 week
86400 )    ; minimum TTL of 1 day
IN      NS      ns1.nfsint.com.
ID31-ND001 IN   A       192.168.1.1
ID31-ND002 IN   A       192.168.1.2
...
ID31-ND098 IN   A       192.168.1.98
ID31-ND099 IN   A       192.168.1.99
ns1     IN      CNAME   pc006
i       IN      CNAME   pc010
backup1 IN      CNAME   pc012
prn1    IN      CNAME   pc015
t1      IN      CNAME   pc020
www      IN      CNAME   pc021

simpan filenya, sekarang jalankan bind-nya ;
# /etc/init.d/named start

agar setiap boot dns jalan tambahkan service-nya ;
# chkconfig --level 345 named on

sekarang kita test apakah dns sudah benar atau belum ;

# dig www.google.com
; <> DiG 9.2.4 <> www.google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42912
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 6, ADDITIONAL: 6
;; QUESTION SECTION:
;www.google.com.                        IN      A
;; ANSWER SECTION:
www.google.com.         458561  IN      CNAME   www.l.google.com.
www.l.google.com.       174     IN      A       216.239.61.104
;; AUTHORITY SECTION:
l.google.com.           26557   IN      NS      b.l.google.com.
l.google.com.           26557   IN      NS      d.l.google.com.
l.google.com.           26557   IN      NS      e.l.google.com.
l.google.com.           26557   IN      NS      f.l.google.com.
l.google.com.           26557   IN      NS      g.l.google.com.
l.google.com.           26557   IN      NS      a.l.google.com.
;; ADDITIONAL SECTION:
a.l.google.com.         143935  IN      A       74.125.53.9
b.l.google.com.         143935  IN      A       74.125.45.9
d.l.google.com.         28098   IN      A       74.125.77.9
e.l.google.com.         30216   IN      A       209.85.137.9
f.l.google.com.         143937  IN      A       72.14.203.9
g.l.google.com.         50915   IN      A       74.125.95.9
;; Query time: 420 msec
;; SERVER: 10.62.31.90#53(10.62.31.90)
;; WHEN: Fri Aug  7 10:07:43 2009
;; MSG SIZE  rcvd: 260

Untuk DNS ISP sudah benar, skrg kita test untuk lokal saya ingin mengetes pada webserver lokal dengan nama domain www.localhost.com, dengan perintah ;

# dig www.localhost.com
; <> DiG 9.2.4 <> www.nfsint.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63984
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.localhost.com.                        IN      A
;; ANSWER SECTION:
www.localhost.com.         86400   IN      CNAME   www.localhost.com.
pc021.localhost.com.  86400   IN      A       192.168.1.21
;; AUTHORITY SECTION:
localhost.com.             86400   IN      NS      ns1.localhost.com.
;; Query time: 2 msec
;; SERVER: 192.168.1.90#53(192.168.1.90)
;; WHEN: Fri Aug  7 10:08:42 2009
;; MSG SIZE  rcvd: 91

jika tampilan seperti di atas berarti dns sudah berjalan sudah benar, smoga bermanfaat.

IT Tips and Trik

Friday, August 7, 2009

Build DNS Slave on CentOS 5.3

1 comment:

Pages