Tahap awal untuk melakukan instalasi DNS adalah memeriksa apakah daemon yang dibutuhkan untuk domain sudah terinstall atau belum. Dalam kasus ini kita menggunakan bind daemon.Untuk mengeceknya gunakan perintah
#rpm –qa | grep bind
Sebagai contoh kita akan konfig
urasi BIND dengan named.conf.Studi kasus menggunakan global IP adddress 173.16.0.80/29 dan Private address 192.168.0.0/24, Domain name [fedora.net.id].
a. Konfigurasi
#vi /var/named/chroot/etc/named.conf
options { directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
allow-query { localhost; 192.168.0.0/24; };
allow-transfer { localhost; 192.168.0.0/24; };
allow-recursion { localhost; 192.168.0.0/24; };
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
// ini untuk ip private di lokal
view "internal" {
match-clients {
localhost; 192.168.0.0/24;
};
zone "." IN {
type hint;
file "named.ca";
};
zone "net.id" IN {
type master;
file "fedora.net.id.db";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "0.168.192.db";
allow-update { none; };
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
};
// ini untuk menghubungkan dengan jaringan luar. Catatan : jangan dibuat jika tidak ada
view "external" {
match-clients {
any;
};
zone "." IN {
type hint;
file "named.ca";
};
zone "net.id" IN {
type master;
file "fedora.net.id.wan.db";
allow-update { none; };
};
zone "80.0.16.173.in-addr.arpa" IN {
type master;
file "80.0.16.173.db";
allow-update { none; };
};
};
include "/etc/rndc.key";
Langkah berikutnya adalah bagaimana membuat file zone.
alamat 192.168.0.0/24
network address ⇒ 192.168.0.0
range of network ⇒ 192.168.0.0 - 192.168.0.255
bagaimana membuat ⇒ 0.168.192.in-addr.arpa
alamat 173.16.0.80/29
network address ⇒ 173.16.0.80
range of network ⇒ 173.16.0.80 - 173.16.0.87
bagaimana membuat ⇒ 80.0.16.173.in-addr.arpa
b. Zones
#vi /var/named/chroot/var/named/fedora.net.id.db
$TTL 1H
@ IN SOA fedora.net.id. root.fedora.net.id. (
21
3H
1H
1W
1H )
IN NS fedora.net.id.
IN A 192.168.0.2
IN MX 20 mail.fedora.net.id.
fedora IN A 192.168.0.2
mail IN A 192.168.0.2
www IN A 192.168.0.2
lan IN A 192.168.0.2
www.fedora.net.id. IN CNAME fedora.net.id.
ftp.fedora.net.id. IN CNAME fedora.net.id.
nfs.fedora.net.id. IN CNAME fedora.net.id.
mail.fedora.net.id. IN CNAME mx.fedora.net.id.
lan.fedora.net.id. IN CNAME fedora.net.id.
mx.fedora.net.id. IN A 192.168.0.2
#vi /var/named/chroot/var/named/0.168.192.db
$TTL 1H
@ IN SOA fedora.net.id. root.fedora.net.id. (
16
3H
1H
1W
1H )
IN NS fedora.net.id.
IN PTR fedora.net.id.
IN A 255.255.255.0
2 IN PTR fedora.net.id.
#vi /var/named/chroot/var/named/fedora.net.id.wan.db (dijelaskan berikutnya)
#vi /var/named/chroot/var/named/80.0.16.173.db (dijelaskan berikutnya)
Postingan
Tidak ada komentar:
Posting Komentar