Install Bind 9.11.1 di CentOS 7 dengan Master-Slave

Di sini penulis menganggap instalasi OS CentOS 7 sudah selesai dan rapi…

Sebagain contoh kita akan membuat 2  DNS Server, NS1 sebagai Master dan NS2 sebagai Slave.
ns1.opikdesign.com     ip 192.168.56.18
ns2.opikdesign.com     ip 172.16.57.11

Config hosts dan hostname…

[root@ns1 ~]# nano /etc/hosts
192.168.56.18 ns1.opikdesign.com ns1
172.16.57.11  ns2.opikdesign.com ns2
127.0.0.1 localhost.ns1.opikdesign.com localhost
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

 

[root@ns1 ~]# nano /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=ns1.opikdesign.com

 

Atur Firewall, Open Port yang diperlukan

Buka port sebagai berikut…
1. UDP/TCP 953 untuk RNDC
2. UDP/TCP 53 untuk DNS
3. TCP 22 untuk SSH (sebaiknya dirubah)

 

Tunning system….

[root@ns1 ~]# nano /etc/sysctl.conf

pada paling bawah tambahkan…

net.ipv4.tcp_fin_timeout=15
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle=1
vm.swappiness=1

Lakukan matikan yang tidak perlu maupun hapus bind*, update system, dan dan restart…

[root@ns1 ~]# yum remove bind-libs bind-utils -y
[root@ns1 ~]# systemctl disable postfix
[root@ns1 ~]# systemctl disable rpcbind.socket && systemctl disable rpcbind
[root@ns1 ~]# yum upgrade -y
[root@ns1 ~]# reboot

 

Instalasi Dependencies dibutuhkan

Disini cukup melakukan instalasi dengan yum namun menggunakan reprository epel dari Fedora,  sebelum memasang repository, install epel-release

[root@ns1 ~]# yum install -y epel-release

check repository…

[root@ns1 ~]# yum repolist Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * epel: mirror.smartmedia.net.id
repo id repo name status
!base/7/x86_64                       CentOS-7 - Base 9,363
!epel/x86_64                         Extra Packages for Enterprise Linux 7 - x86_64 11,483
!extras/7/x86_64                     CentOS-7 - Extras 311
!updates/7/x86_64                    CentOS-7 - Updates 1,126
repolist: 22,283

Install Dependencies dan aplikasi lainnya yang akan dibutuhkan dalam proses peng-install-an…

[root@ns1 ~]# yum install gcc make net-tools patch tar unzip bzip2 wget nmap lsb

 

Proses Install Bind…

Download source code dan patching-nya

[root@ns1 ~]# wget ftp://ftp.isc.org/isc/bind9/9.11.1/bind-9.11.1.tar.gz
[root@ns1 ~]# wget http://www.linuxfromscratch.org/patches/blfs/svn/bind-9.11.1-use_iproute2-1.patch

Decompress dan masuk folder source code

[root@ns1 ~]# tar zxvf bind-9.11.1.tar.gz && cd bind-9.11.1

Proses patching

[root@ns1 ~]# patch -Np1 -i ../bind-9.11.1-use_iproute2-1.patch

Config installation

[root@ns1 ~]# ./configure --prefix=/usr \
                          --sysconfdir=/etc \
                          --localstatedir=/var \
                          --mandir=/usr/share/man \
                          --enable-threads \
                          --with-libtool \
                          --disable-static \
                          --without-openssl \
                          --with-randomdev=/dev/urandom

Proses install…

[root@ns1 ~]# make && make install
[root@ns1 ~]# install -v -m755 -d /usr/share/doc/bind-9.11.1/{arm,misc}
[root@ns1 ~]# install -v -m644 doc/arm/*.html /usr/share/doc/bind-9.11.1/arm
[root@ns1 ~]# install -v -m644 doc/misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} /usr/share/doc/bind-9.11.1/misc

Buat UID dan GID dengan folder permission-nya

[root@ns1 ~]# groupadd -g 25 named
[root@ns1 ~]#  useradd -c named -g named -s /bin/false -u 25 named
[root@ns1 ~]#  install -d -m770 -o named -g named /var/named/chroot
[root@ns1 ~]#  mkdir /var/named && mkdir /var/named/chroot
[root@ns1 ~]#  cd /var/named/chroot
[root@ns1 ~]#  mkdir -p dev etc/namedb/{master,slave,pz} usr/lib/engines var/run/named
[root@ns1 ~]#  mknod /var/named/chroot/dev/null c 1 3
[root@ns1 ~]#  mknod /var/named/chroot/dev/urandom c 1 9
[root@ns1 ~]#  chmod 666 /var/named/chroot/dev/{null,urandom}
[root@ns1 ~]#  cp /etc/localtime etc
[root@ns1 ~]#  touch /var/named/chroot/managed-keys.bind
[root@ns1 ~]#  touch /var/named/chroot/var/run/named.stats
[root@ns1 ~]#  chown named.named /var/named/chroot -R

membuat loading script…

[root@ns1 ~]#  nano /usr/lib/systemd/system/named.service
[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Before=nss-lookup.target
After=network.target

[Service]
Type=forking
EnvironmentFile=/etc/sysconfig/named
PIDFile=/var/named/chroot/var/run/named.pid
ExecStartPre=/bin/sh -c '/usr/sbin/named-rndc > /var/named/chroot/dev/null 2>&1'
ExecStartPre=/usr/sbin/named-checkconf -z /var/named/chroot/etc/named.conf
ExecStart=/usr/sbin/named -u named $OPTIONS
ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /var/named/chroot/dev/null 2>&1 || /bin/kill -HUP $MAINPID'
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /var/named/chroot/dev/null 2>&1 || /bin/kill -TERM $MAINPID'
PrivateTmp=true

[Install]
WantedBy=multi-user.target

 

[root@ns1 ~]#  nano /usr/sbin/named-rndc
rndc-confgen -r /dev/urandom -b 512 > /etc/rndc.conf
sed '/conf/d;/^#/!d;s:^# ::' /etc/rndc.conf > /var/named/chroot/etc/named.root.key
chown named.named /var/named/chroot/etc/named.root.key

 

[root@ns1 ~]#  nano /etc/sysconfig/named
OPTIONS="-c /var/named/chroot/etc/named.conf.options"

Loding script agar bisa di panggil langusng dan saat booting juga bisa memanggil service tersebut

[root@ns1 ~]#  chmod +x /usr/sbin/named-rndc
[root@ns1 ~]#  systemctl daemon-reload
[root@ns1 ~]#  systemctl enable named.service

Check versi hasil instalasi…

[root@ns1 ~]# named -v
BIND 9.11.1

 

[root@ns2 ~]# named-checkconf -v
9.11.1

 

[root@ns1 ~]# named-checkzone -v
9.11.1

 

[root@ns1 ~]# dig -v
DiG 9.11.1

 

 

Config pada Master Server (NS1)

Generate RNDC

[root@ns1 ~]#  rndc-confgen -r /dev/urandom -b 512 > /etc/named.root.key
[root@ns1 ~]#  sed '/conf/d;/^#/!d;s:^# ::' /etc/named.root.key > /var/named/chroot/etc/named.root.key

Config named.conf.options

[root@ns1 ~]#  nano /var/named/chroot/etc/named.conf.options
options {
    directory "/var/named/chroot/etc/namedb";
    pid-file "/var/named/chroot/var/run/named.pid";
    statistics-file "/var/named/chroot/var/run/named.stats";
    dump-file "/var/named/chroot/var/run/cache_dump.db";

    allow-query { any; };
    auth-nxdomain no;    // conform to RFC1035
    listen-on-v6 { any; };

    allow-transfer { 172.16.57.11; };
};

acl trusted-servers  {
        192.168.56.18;  //ns1
        172.16.57.11;   //ns2
};

logging {
    category default { default_syslog; default_debug; };
    category unmatched { null; };

  channel default_syslog {
      syslog daemon;
      severity info;
  };

  channel default_debug {
      file "named.run";
      severity dynamic;
  };

  channel default_stderr {
      stderr;
      severity info;
  };

  channel null {
      null;
  };
};

include "/var/named/chroot/etc/named.root.key";
include "/var/named/chroot/etc/named.rfc1912.zones";
include "/var/named/chroot/etc/named.zones";

Config named.rfc192.zones yang berisi zona localhost maupun forward ke server dns sedunia

[root@ns1 ~]#  nano /var/named/chroot/etc/named.rfc1912.zones
zone "." {
    type hint;
        file "root.hints";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "pz/127.0.0";
        allow-update { none; };
        allow-transfer { trusted-servers; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "pz/named.ip6.local";
        allow-update { none; };
        allow-transfer { trusted-servers; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "pz/named.broadcast";
        allow-update { none; };
        allow-transfer { trusted-servers; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "pz/named.zero";
        allow-update { none; };
        allow-transfer { trusted-servers; };
};

zone "localdomain" IN {
        type master;
        file "pz/localdomain.zone";
        allow-update { none; };
        allow-transfer { trusted-servers; };
};

zone "localhost" IN {
        type master;
        file "pz/localhost.zone";
        allow-update { none; };
        allow-transfer { trusted-servers; };
};

Buat zone localhost/localdomain dan PTR-nya tersebut…

[root@ns1 ~]#  nano /var/named/chroot/etc/namedb/pz/localdomain.zone
$TTL    86400
@               IN SOA  localhost root (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
                IN NS           localhost
localhost       IN A            127.0.0.1
localhost       IN AAAA         ::1
[root@ns1 ~]#  nano /var/named/chroot/etc/namedb/pz/localhost.zone
$TTL    86400
@               IN SOA  @       root (
                                        42              ; serial
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

                IN NS           @
                IN A            127.0.0.1
                IN AAAA         ::1
[root@ns1 ~]#  nano /var/named/chroot/etc/namedb/pz/named.broadcast
$TTL    86400
$TTL    86400
@               IN SOA  localhost.      root.localhost. (
                                        42              ; serial
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
        IN      NS      localhost.
[root@ns1 ~]#  nano /var/named/chroot/etc/namedb/pz/named.ip6.local
$TTL    86400
@       IN      SOA     localhost. root.localhost.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
       IN      NS      localhost.
1      IN      PTR     localhost.
[root@ns1 ~]#  nano /var/named/chroot/etc/namedb/pz/named.zero
$TTL    86400
@               IN SOA  localhost.      root.localhost. (
                                        42              ; serial
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
        IN      NS      localhost.
[root@ns1 ~]#  nano /var/named/chroot/etc/namedb/pz/127.0.0
$TTL 3D
@      IN      SOA     ns.local.domain. hostmaster.local.domain. (
                        1       ; Serial
                        8H      ; Refresh
                        2H      ; Retry
                        4W      ; Expire
                        1D)     ; Minimum TTL
                NS      ns.local.domain.
1               PTR     localhost.

Generate forward ke DNS Server sedunia…

[root@ns1 ~]#  dig +bufsize=1200 +norec NS . @a.root-servers.net > /var/named/chroot/etc/namedb/root.hints

Membuat zone domain…

[root@ns1 ~]#  nano /var/named/chroot/etc/named.zones
zone "56.168.192.in-addr.arpa" IN {
        type master;
        file "master/56.168.192.rev";
        allow-update { trusted-servers; };
        allow-transfer { trusted-servers; };
};

zone "57.16.172.in-addr.arpa" IN {
        type master;
        file "master/57.16.172.rev";
        allow-update { trusted-servers; };
        allow-transfer { trusted-servers; };
};

zone "opikdesign.com" IN {
        type master;
        file "master/opikdesign.com.zone";
        allow-update { trusted-servers; };
        allow-transfer { trusted-servers; };
};

sebagai contoh, hosting web server www.opikdesign.com berada di IP 192.168.56.10; sedangkan mail hosting IP 172.16.57.200

[root@ns1 ~]#  nano /var/named/chroot/etc/namedb/master/opikdesign.com.zone
$TTL 3600      ; 1 hour
@                  IN    SOA  ns1.opikdesign.com. admin.opikdesign.com. (
                                2016030230 ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                1209600     ; expire (2 week)
                                86400      ; minimum (1 day)
                                )
;
                    IN          NS      ns1.opikdesign.com.
                    IN          NS      ns2.opikdesign.com.

                    IN          MX      10 mail.opikdesign.com.

ns1                 IN          A       192.168.56.18
ns2                 IN          A       172.16.57.11

                    IN          A       192.168.56.10
mail                IN          A       172.16.57.200

smtp                IN          CNAME   mail.opikdesign.com.
smtps               IN          CNAME   mail.opikdesign.com.
pop3                IN          CNAME   mail.opikdesign.com.
pop3s               IN          CNAME   mail.opikdesign.com.
imap                IN          CNAME   mail.opikdesign.com.
imaps               IN          CNAME   mail.opikdesign.com.

www                 IN          CNAME   opikdesign.com.

_dmarc.opikdesign.com. IN       TXT     "v=DMARC1; p=none; rua=mailto:admin@opikdesign.com; ruf=mailto:admin@opikdesign.com; fo=1; rf=afrf; pct=100; ri=86400"

opikdesign.com.     IN          TXT     "v=spf1 include:mail.opikdesign.com ~all"
mail.opikdesign.com. IN         TXT     "v=spf1 ip4:172.16.57.200/32 ~all"
[root@ns1 ~]#  nano /var/named/chroot/etc/namedb/master/56.168.192.rev
$TTL 3600      ; 1 hour
@                  IN    SOA  ns1.opikdesign.com. admin.opikdesign.com. (
                                2016030230 ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                1209600     ; expire (2 week)
                                86400      ; minimum (1 day)
                                )
;
                    IN          NS      ns1.opikdesign.com.
                    IN          NS      ns2.opikdesign.com.

10                  IN          PTR     opikdesign.com.
18                  IN          PTR     ns1.opikdesign.com.
[root@ns1 ~]#  nano /var/named/chroot/etc/namedb/master/57.16.172.rev
$TTL 3600      ; 1 hour
@                  IN    SOA  ns1.opikdesign.com. admin.opikdesign.com. (
                                2016030230 ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                1209600     ; expire (2 week)
                                86400      ; minimum (1 day)
                                )
;
                    IN          NS      ns1.opikdesign.com.
                    IN          NS      ns2.opikdesign.com.

11                  IN          PTR     ns2.opikdesign.com.
200                 IN          PTR     mail.opikdesign.com.

setiap config atau merubah config biasakan rubah user kepemilikkan folder config…

[root@ns1 ~]#   chown named.named /var/named/chroot -R

selanjutnya jalankan service named-nya

[root@ns1 ~]#   systemctl start named.service

check service-nya jalan tidak…

[root@ns1 ~]#   systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2017-04-26 11:45:07 WIB; 4h 49min ago
  Process: 7902 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /var/named/chroot/dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
  Process: 7923 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 7919 ExecStartPre=/usr/sbin/named-checkconf -z /var/named/chroot/etc/named.conf.options (code=exited, status=0/SUCCESS)
  Process: 7911 ExecStartPre=/bin/sh -c /usr/sbin/named-rndc > /var/named/chroot/dev/null 2>&1 (code=exited, status=0/SUCCESS)
 Main PID: 7924 (named)
   CGroup: /system.slice/named.service
           └─7924 /usr/sbin/named -u named -c /var/named/chroot/etc/named.conf.options

test, rubah nameserver-nya… kemudian tester dengan nslookup ke semua domain

[root@ns1 ~]#   nano /etc/resolv.conf
search ns1.opikdesign.com
nameserver 127.0.0.1
[root@ns1 ~]#   nslookup google.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   google.cOm
Address: 74.125.24.138
Name:   google.cOm
Address: 74.125.24.100
Name:   google.cOm
Address: 74.125.24.139
Name:   google.cOm
Address: 74.125.24.101
Name:   google.cOm
Address: 74.125.24.113
Name:   google.cOm
Address: 74.125.24.102
Name:   google.cOm
Address: 2404:6800:4003:c03::8b

 

Config pada Slave Server (NS2)

Config hosts dan hostname…

[root@ns2 ~]# nano /etc/hosts
192.168.56.18 ns1.opikdesign.com ns1
172.16.57.11  ns2.opikdesign.com ns2
127.0.0.1 localhost.ns2.opikdesign.com localhost
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

 

[root@ns2 ~]# nano /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=ns2.opikdesign.com

Generate RNDC

[root@ns2 ~]#  rndc-confgen -r /dev/urandom -b 512 > /etc/named.root.key
[root@ns2 ~]#  sed '/conf/d;/^#/!d;s:^# ::' /etc/named.root.key > /var/named/chroot/etc/named.root.key

Config named.conf.options

[root@ns2 ~]#  nano /var/named/chroot/etc/named.conf.options
options {
    directory "/var/named/chroot/etc/namedb";
    pid-file "/var/named/chroot/var/run/named.pid";
    statistics-file "/var/named/chroot/var/run/named.stats";
    dump-file "/var/named/chroot/var/run/cache_dump.db";

    allow-query { any; };
    auth-nxdomain no;    // conform to RFC1035
    listen-on-v6 { any; };

    allow-transfer { 192.168.56.18; };
};

acl trusted-servers  {
        192.168.56.18;  //ns1
        172.16.57.11;   //ns2
};

logging {
    category default { default_syslog; default_debug; };
    category unmatched { null; };

  channel default_syslog {
      syslog daemon;
      severity info;
  };

  channel default_debug {
      file "named.run";
      severity dynamic;
  };

  channel default_stderr {
      stderr;
      severity info;
  };

  channel null {
      null;
  };
};

include "/var/named/chroot/etc/named.root.key";
include "/var/named/chroot/etc/named.rfc1912.zones";
include "/var/named/chroot/etc/named.zones";

Config named.rfc192.zones yang berisi zona localhost maupun forward ke server dns sedunia

[root@ns2 ~]#  nano /var/named/chroot/etc/named.rfc1912.zones
zone "." {
    type hint;
        file "root.hints";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "pz/127.0.0";
        allow-update { none; };
        allow-transfer { trusted-servers; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "pz/named.ip6.local";
        allow-update { none; };
        allow-transfer { trusted-servers; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "pz/named.broadcast";
        allow-update { none; };
        allow-transfer { trusted-servers; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "pz/named.zero";
        allow-update { none; };
        allow-transfer { trusted-servers; };
};

zone "localdomain" IN {
        type master;
        file "pz/localdomain.zone";
        allow-update { none; };
        allow-transfer { trusted-servers; };
};

zone "localhost" IN {
        type master;
        file "pz/localhost.zone";
        allow-update { none; };
        allow-transfer { trusted-servers; };
};

Buat zone localhost/localdomain dan PTR-nya tersebut…

[root@ns2 ~]#  nano /var/named/chroot/etc/namedb/pz/localdomain.zone
$TTL    86400
@               IN SOA  localhost root (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
                IN NS           localhost
localhost       IN A            127.0.0.1
localhost       IN AAAA         ::1
[root@ns2 ~]#  nano /var/named/chroot/etc/namedb/pz/localhost.zone
$TTL    86400
@               IN SOA  @       root (
                                        42              ; serial
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

                IN NS           @
                IN A            127.0.0.1
                IN AAAA         ::1
[root@ns2 ~]#  nano /var/named/chroot/etc/namedb/pz/named.broadcast
$TTL    86400
$TTL    86400
@               IN SOA  localhost.      root.localhost. (
                                        42              ; serial
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
        IN      NS      localhost.
[root@ns2 ~]#  nano /var/named/chroot/etc/namedb/pz/named.ip6.local
$TTL    86400
@       IN      SOA     localhost. root.localhost.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
       IN      NS      localhost.
1      IN      PTR     localhost.
[root@ns2 ~]#  nano /var/named/chroot/etc/namedb/pz/named.zero
$TTL    86400
@               IN SOA  localhost.      root.localhost. (
                                        42              ; serial
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
        IN      NS      localhost.
[root@ns2 ~]#  nano /var/named/chroot/etc/namedb/pz/127.0.0
$TTL 3D
@      IN      SOA     ns.local.domain. hostmaster.local.domain. (
                        1       ; Serial
                        8H      ; Refresh
                        2H      ; Retry
                        4W      ; Expire
                        1D)     ; Minimum TTL
                NS      ns.local.domain.
1               PTR     localhost.

Generate forward ke DNS Server sedunia…

[root@ns2 ~]#  dig +bufsize=1200 +norec NS . @a.root-servers.net > /var/named/chroot/etc/namedb/root.hints

Membuat zone domain…

[root@ns2 ~]#  nano /var/named/chroot/etc/named.zones
zone "56.168.192.in-addr.arpa" IN {
        type slave;
        file "slave/56.168.192.rev";
        masters { 192.168.56.18; };
        allow-transfer { trusted-servers; };
};

zone "57.16.172.in-addr.arpa" IN {
        type slave;
        file "slave/57.16.172.rev";
        masters { 192.168.56.18; };
        allow-transfer { trusted-servers; };
};

zone "opikdesign.com" IN {
        type slave;
        file "slave/opikdesign.com.zone";
        masters { 192.168.56.18; };
        allow-transfer { trusted-servers; };
};

Semenjak bind versi 9.9.8, slave akan membuat file db zones sendiri dengan meniru master-nya, jadi tiap kali merubah record domain maupun menambah domain cukup dilakukan di server master saja.

Jangan lupa setiap config atau merubah config biasakan rubah user kepemilikkan folder config…

[root@ns2 ~]#   chown named.named /var/named/chroot -R

selanjutnya jalankan service named-nya

[root@ns2 ~]#   systemctl start named.service

check service-nya jalan tidak…

[root@ns2 ~]#   systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2017-04-26 11:48:07 WIB; 4h 49min ago
  Process: 7902 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /var/named/chroot/dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
  Process: 7923 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 7919 ExecStartPre=/usr/sbin/named-checkconf -z /var/named/chroot/etc/named.conf.options (code=exited, status=0/SUCCESS)
  Process: 7911 ExecStartPre=/bin/sh -c /usr/sbin/named-rndc > /var/named/chroot/dev/null 2>&1 (code=exited, status=0/SUCCESS)
 Main PID: 7924 (named)
   CGroup: /system.slice/named.service
           └─7924 /usr/sbin/named -u named -c /var/named/chroot/etc/named.conf.options

test, rubah nameserver-nya… kemudian tester dengan nslookup ke semua domain

[root@ns2 ~]#   nano /etc/resolv.conf
search ns1.opikdesign.com
nameserver 127.0.0.1
[root@ns2 ~]#   nslookup google.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   google.com
Address: 74.125.24.138
Name:   google.com
Address: 74.125.24.100
Name:   google.com
Address: 74.125.24.139
Name:   google.com
Address: 74.125.24.101
Name:   google.com
Address: 74.125.24.113
Name:   google.com
Address: 74.125.24.102
Name:   google.com
Address: 2404:6800:4003:c03::8b