Di sini penulis menganggap instalasi OS CentOS 7 sudah selesai dan rapi…<\/p>\n
Sebagain contoh kita akan membuat 2 \u00a0DNS Server, NS1 sebagai Master dan NS2 sebagai Slave.
\nns1.opikdesign.com \u00a0 \u00a0 ip 192.168.56.18
\nns2.opikdesign.com \u00a0 \u00a0 ip 172.16.57.11<\/p>\n
<\/p>\n
Config hosts dan hostname…<\/p>\n
[root@ns1 ~]# nano \/etc\/hosts<\/pre>\n192.168.56.18 ns1.opikdesign.com ns1\n172.16.57.11 ns2.opikdesign.com ns2\n127.0.0.1 localhost.ns1.opikdesign.com localhost\n::1 localhost localhost.localdomain localhost6 localhost6.localdomain6\n<\/pre>\n[root@ns1 ~]# nano \/etc\/sysconfig\/network<\/pre>\nNETWORKING=yes\nHOSTNAME=ns1.opikdesign.com\n<\/pre>\nAtur Firewall, Open Port yang diperlukan<\/h2>\n
Buka port sebagai berikut…
\n1. UDP\/TCP 953\u00a0untuk\u00a0RNDC
\n2. UDP\/TCP 53\u00a0untuk\u00a0DNS
\n3. TCP 22 untuk SSH (sebaiknya dirubah)<\/p>\nTunning system….<\/h2>\n
[root@ns1 ~]# nano \/etc\/sysctl.conf<\/pre>\npada paling bawah tambahkan…<\/p>\n
net.ipv4.tcp_fin_timeout=15\nnet.ipv4.tcp_tw_reuse=1\nnet.ipv4.tcp_tw_recycle=1\nvm.swappiness=1<\/pre>\nLakukan matikan yang tidak perlu maupun hapus bind*, update system, dan dan restart…<\/p>\n
[root@ns1 ~]# yum remove bind-libs bind-utils -y\n[root@ns1 ~]# systemctl disable postfix\n[root@ns1 ~]# systemctl disable rpcbind.socket && systemctl disable rpcbind\n[root@ns1 ~]# yum upgrade -y\n[root@ns1 ~]# reboot<\/pre>\nInstalasi Dependencies dibutuhkan<\/h2>\n
Disini cukup melakukan instalasi dengan yum namun menggunakan reprository epel<\/em>\u00a0dari Fedora,<\/em> \u00a0sebelum memasang\u00a0repository, install epel-release<\/em>…<\/p>\n
[root@ns1 ~]# yum install -y epel-release<\/pre>\ncheck\u00a0repository…<\/p>\n
[root@ns1 ~]# yum repolist Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * epel: mirror.smartmedia.net.id\nrepo id repo name status\n!base\/7\/x86_64 CentOS-7 - Base 9,363\n!epel\/x86_64 Extra Packages for Enterprise Linux 7 - x86_64 11,483\n!extras\/7\/x86_64 CentOS-7 - Extras 311\n!updates\/7\/x86_64 CentOS-7 - Updates 1,126\nrepolist: 22,283\n<\/pre>\nInstall Dependencies dan aplikasi lainnya yang akan dibutuhkan dalam proses peng-install-an…<\/p>\n
[root@ns1 ~]# yum install gcc make net-tools patch tar unzip bzip2 wget nmap lsb openssl openssl-*<\/pre>\nProses Install Bind…<\/h2>\n
Download source code dan patching-nya<\/p>\n
[root@ns1 ~]# wget ftp:\/\/ftp.isc.org\/isc\/bind9\/9.11.1\/bind-9.11.1.tar.gz\n[root@ns1 ~]# wget http:\/\/www.linuxfromscratch.org\/patches\/blfs\/svn\/bind-9.11.1-use_iproute2-1.patch<\/pre>\nDecompress dan masuk folder source code<\/p>\n
[root@ns1 ~]# tar zxvf bind-9.11.1.tar.gz && cd bind-9.11.1<\/pre>\nProses patching<\/p>\n
[root@ns1 ~]# patch -Np1 -i ..\/bind-9.11.1-use_iproute2-1.patch<\/pre>\nConfig installation<\/p>\n
[root@ns1 ~]# .\/configure --prefix=\/usr \\\n --sysconfdir=\/etc \\\n --localstatedir=\/var \\\n --mandir=\/usr\/share\/man \\\n --enable-threads \\\n --with-libtool \\\n --disable-static \\\n --with-openssl=\/usr \\\n --with-randomdev=\/dev\/urandom\n<\/pre>\nProses install…<\/p>\n
[root@ns1 ~]# make && make install\n[root@ns1 ~]# install -v -m755 -d \/usr\/share\/doc\/bind-9.11.1\/{arm,misc}\n[root@ns1 ~]# install -v -m644 doc\/arm\/*.html \/usr\/share\/doc\/bind-9.11.1\/arm\n[root@ns1 ~]# install -v -m644 doc\/misc\/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \/usr\/share\/doc\/bind-9.11.1\/misc<\/pre>\nBuat UID dan GID dengan folder permission-nya<\/p>\n
[root@ns1 ~]# groupadd -g 25 named\n[root@ns1 ~]# useradd -c named -g named -s \/bin\/false -u 25 named\n[root@ns1 ~]# install -d -m770 -o named -g named \/var\/named\/chroot\n[root@ns1 ~]# mkdir \/var\/named && mkdir \/var\/named\/chroot\n[root@ns1 ~]# cd \/var\/named\/chroot\n[root@ns1 ~]# mkdir -p dev etc\/namedb\/{master,slave,pz} usr\/lib\/engines var\/run\/named\n[root@ns1 ~]# mknod \/var\/named\/chroot\/dev\/null c 1 3\n[root@ns1 ~]# mknod \/var\/named\/chroot\/dev\/urandom c 1 9\n[root@ns1 ~]# chmod 666 \/var\/named\/chroot\/dev\/{null,urandom}\n[root@ns1 ~]# cp \/etc\/localtime etc\n[root@ns1 ~]# touch \/var\/named\/chroot\/managed-keys.bind\n[root@ns1 ~]# touch \/var\/named\/chroot\/var\/run\/named.stats\n[root@ns1 ~]# chown named.named \/var\/named\/chroot -R<\/pre>\nmembuat loading script…<\/p>\n
[root@ns1 ~]# nano \/usr\/lib\/systemd\/system\/named.service<\/pre>\n[Unit]\nDescription=Berkeley Internet Name Domain (DNS)\nWants=nss-lookup.target\nBefore=nss-lookup.target\nAfter=network.target\n\n[Service]\nType=forking\nEnvironmentFile=\/etc\/sysconfig\/named\nPIDFile=\/var\/named\/chroot\/var\/run\/named.pid\nExecStartPre=\/bin\/sh -c '\/usr\/sbin\/named-rndc > \/var\/named\/chroot\/dev\/null 2>&1'\nExecStartPre=\/usr\/sbin\/named-checkconf -z \/var\/named\/chroot\/etc\/named.conf\nExecStart=\/usr\/sbin\/named -u named $OPTIONS\nExecReload=\/bin\/sh -c '\/usr\/sbin\/rndc reload > \/var\/named\/chroot\/dev\/null 2>&1 || \/bin\/kill -HUP $MAINPID'\nExecStop=\/bin\/sh -c '\/usr\/sbin\/rndc stop > \/var\/named\/chroot\/dev\/null 2>&1 || \/bin\/kill -TERM $MAINPID'\nPrivateTmp=true\n\n[Install]\nWantedBy=multi-user.target<\/pre>\n[root@ns1 ~]# nano \/usr\/sbin\/named-rndc<\/pre>\nrndc-confgen -r \/dev\/urandom -b 512 > \/etc\/rndc.conf\nsed '\/conf\/d;\/^#\/!d;s:^# ::' \/etc\/rndc.conf > \/var\/named\/chroot\/etc\/named.root.key\nchown named.named \/var\/named\/chroot\/etc\/named.root.key<\/pre>\n[root@ns1 ~]# nano \/etc\/sysconfig\/named<\/pre>\nOPTIONS=\"-c \/var\/named\/chroot\/etc\/named.conf.options\"<\/pre>\nLoding script agar bisa di panggil langusng dan saat booting juga bisa memanggil service tersebut<\/p>\n
[root@ns1 ~]# chmod +x \/usr\/sbin\/named-rndc\n[root@ns1 ~]# systemctl daemon-reload\n[root@ns1 ~]# systemctl enable named.service<\/pre>\nCheck versi hasil instalasi…<\/p>\n
[root@ns1 ~]# named -v<\/pre>\nBIND 9.11.1<\/pre>\n[root@ns2 ~]# named-checkconf -v<\/pre>\n9.11.1<\/pre>\n[root@ns1 ~]# named-checkzone -v<\/pre>\n9.11.1<\/pre>\n[root@ns1 ~]# dig -v<\/pre>\nDiG 9.11.1<\/pre>\nConfig pada Master Server (NS1)<\/h2>\n
Generate RNDC<\/p>\n
[root@ns1 ~]# rndc-confgen -r \/dev\/urandom -b 512 > \/etc\/named.root.key\n[root@ns1 ~]# sed '\/conf\/d;\/^#\/!d;s:^# ::' \/etc\/named.root.key > \/var\/named\/chroot\/etc\/named.root.key<\/pre>\nConfig named.conf.options<\/em><\/p>\n
[root@ns1 ~]# nano \/var\/named\/chroot\/etc\/named.conf.options<\/pre>\noptions {\n directory \"\/var\/named\/chroot\/etc\/namedb\";\n pid-file \"\/var\/named\/chroot\/var\/run\/named.pid\";\n statistics-file \"\/var\/named\/chroot\/var\/run\/named.stats\";\n dump-file \"\/var\/named\/chroot\/var\/run\/cache_dump.db\";\n\n allow-query { any; };\n auth-nxdomain no; \/\/ conform to RFC1035\n listen-on-v6 { any; };\n\n allow-transfer { 172.16.57.11; };\n};\n\nacl trusted-servers {\n 192.168.56.18; \/\/ns1\n 172.16.57.11; \/\/ns2\n};\n\nlogging {\n category default { default_syslog; default_debug; };\n category unmatched { null; };\n\n channel default_syslog {\n syslog daemon;\n severity info;\n };\n\n channel default_debug {\n file \"named.run\";\n severity dynamic;\n };\n\n channel default_stderr {\n stderr;\n severity info;\n };\n\n channel null {\n null;\n };\n};\n\ninclude \"\/var\/named\/chroot\/etc\/named.root.key\";\ninclude \"\/var\/named\/chroot\/etc\/named.rfc1912.zones\";\ninclude \"\/var\/named\/chroot\/etc\/named.zones\";<\/pre>\nConfig named.rfc192.zones<\/em> yang berisi zona localhost maupun forward ke server dns sedunia<\/p>\n
[root@ns1 ~]# nano \/var\/named\/chroot\/etc\/named.rfc1912.zones<\/pre>\nzone \".\" {\n type hint;\n file \"root.hints\";\n};\n\nzone \"0.0.127.in-addr.arpa\" {\n type master;\n file \"pz\/127.0.0\";\n allow-update { none; };\n allow-transfer { trusted-servers; };\n};\n\nzone \"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa\" IN {\n type master;\n file \"pz\/named.ip6.local\";\n allow-update { none; };\n allow-transfer { trusted-servers; };\n};\n\nzone \"255.in-addr.arpa\" IN {\n type master;\n file \"pz\/named.broadcast\";\n allow-update { none; };\n allow-transfer { trusted-servers; };\n};\n\nzone \"0.in-addr.arpa\" IN {\n type master;\n file \"pz\/named.zero\";\n allow-update { none; };\n allow-transfer { trusted-servers; };\n};\n\nzone \"localdomain\" IN {\n type master;\n file \"pz\/localdomain.zone\";\n allow-update { none; };\n allow-transfer { trusted-servers; };\n};\n\nzone \"localhost\" IN {\n type master;\n file \"pz\/localhost.zone\";\n allow-update { none; };\n allow-transfer { trusted-servers; };\n};<\/pre>\nBuat zone localhost\/localdomain dan PTR-nya tersebut…<\/p>\n
[root@ns1 ~]# nano \/var\/named\/chroot\/etc\/namedb\/pz\/localdomain.zone<\/pre>\n$TTL 86400\n@ IN SOA localhost root (\n 42 ; serial (d. adams)\n 3H ; refresh\n 15M ; retry\n 1W ; expiry\n 1D ) ; minimum\n IN NS localhost\nlocalhost IN A 127.0.0.1\nlocalhost IN AAAA ::1<\/pre>\n[root@ns1 ~]# nano \/var\/named\/chroot\/etc\/namedb\/pz\/localhost.zone<\/pre>\n$TTL 86400\n@ IN SOA @ root (\n 42 ; serial\n 3H ; refresh\n 15M ; retry\n 1W ; expiry\n 1D ) ; minimum\n\n IN NS @\n IN A 127.0.0.1\n IN AAAA ::1<\/pre>\n[root@ns1 ~]# nano \/var\/named\/chroot\/etc\/namedb\/pz\/named.broadcast<\/pre>\n$TTL 86400\n$TTL 86400\n@ IN SOA localhost. root.localhost. (\n 42 ; serial\n 3H ; refresh\n 15M ; retry\n 1W ; expiry\n 1D ) ; minimum\n IN NS localhost.<\/pre>\n[root@ns1 ~]# nano \/var\/named\/chroot\/etc\/namedb\/pz\/named.ip6.local<\/pre>\n$TTL 86400\n@ IN SOA localhost. root.localhost. (\n 1997022700 ; Serial\n 28800 ; Refresh\n 14400 ; Retry\n 3600000 ; Expire\n 86400 ) ; Minimum\n IN NS localhost.\n1 IN PTR localhost.<\/pre>\n[root@ns1 ~]# nano \/var\/named\/chroot\/etc\/namedb\/pz\/named.zero<\/pre>\n$TTL 86400\n@ IN SOA localhost. root.localhost. (\n 42 ; serial\n 3H ; refresh\n 15M ; retry\n 1W ; expiry\n 1D ) ; minimum\n IN NS localhost.<\/pre>\n[root@ns1 ~]# nano \/var\/named\/chroot\/etc\/namedb\/pz\/127.0.0<\/pre>\n$TTL 3D\n@ IN SOA ns.local.domain. hostmaster.local.domain. (\n 1 ; Serial\n 8H ; Refresh\n 2H ; Retry\n 4W ; Expire\n 1D) ; Minimum TTL\n NS ns.local.domain.\n1 PTR localhost.<\/pre>\nGenerate forward ke DNS Server sedunia…<\/p>\n
[root@ns1 ~]# dig +bufsize=1200 +norec NS . @a.root-servers.net > \/var\/named\/chroot\/etc\/namedb\/root.hints<\/pre>\nMembuat zone domain…<\/p>\n
[root@ns1 ~]# nano \/var\/named\/chroot\/etc\/named.zones<\/pre>\nzone \"56.168.192.in-addr.arpa\" IN {\n type master;\n file \"master\/56.168.192.rev\";\n allow-update { trusted-servers; };\n allow-transfer { trusted-servers; };\n};\n\nzone \"57.16.172.in-addr.arpa\" IN {\n type master;\n file \"master\/57.16.172.rev\";\n allow-update { trusted-servers; };\n allow-transfer { trusted-servers; };\n};\n\nzone \"opikdesign.com\" IN {\n type master;\n file \"master\/opikdesign.com.zone\";\n allow-update { trusted-servers; };\n allow-transfer { trusted-servers; };\n};<\/pre>\nsebagai contoh, hosting web server www.opikdesign.com berada di IP 192.168.56.10; sedangkan mail hosting IP 172.16.57.200<\/p>\n
[root@ns1 ~]# nano \/var\/named\/chroot\/etc\/namedb\/master\/opikdesign.com.zone<\/pre>\n$TTL 3600 ; 1 hour\n@ IN SOA ns1.opikdesign.com. admin.opikdesign.com. (\n 2016030230 ; serial\n 10800 ; refresh (3 hours)\n 3600 ; retry (1 hour)\n 1209600 ; expire (2 week)\n 86400 ; minimum (1 day)\n )\n;\n IN NS ns1.opikdesign.com.\n IN NS ns2.opikdesign.com.\n\n IN MX 10 mail.opikdesign.com.\n\nns1 IN A 192.168.56.18\nns2 IN A 172.16.57.11\n\n IN A 192.168.56.10\nmail IN A 172.16.57.200\n\nsmtp IN CNAME mail.opikdesign.com.\nsmtps IN CNAME mail.opikdesign.com.\npop3 IN CNAME mail.opikdesign.com.\npop3s IN CNAME mail.opikdesign.com.\nimap IN CNAME mail.opikdesign.com.\nimaps IN CNAME mail.opikdesign.com.\n\nwww IN CNAME opikdesign.com.\n\n_dmarc.opikdesign.com. IN TXT \"v=DMARC1; p=none; rua=mailto:admin@opikdesign.com; ruf=mailto:admin@opikdesign.com; fo=1; rf=afrf; pct=100; ri=86400\"\n\nopikdesign.com. IN TXT \"v=spf1 include:mail.opikdesign.com ~all\"\nmail.opikdesign.com. IN TXT \"v=spf1 ip4:172.16.57.200\/32 ~all\"\n<\/pre>\n[root@ns1 ~]# nano \/var\/named\/chroot\/etc\/namedb\/master\/56.168.192.rev<\/pre>\n$TTL 3600 ; 1 hour\n@ IN SOA ns1.opikdesign.com. admin.opikdesign.com. (\n 2016030230 ; serial\n 10800 ; refresh (3 hours)\n 3600 ; retry (1 hour)\n 1209600 ; expire (2 week)\n 86400 ; minimum (1 day)\n )\n;\n IN NS ns1.opikdesign.com.\n IN NS ns2.opikdesign.com.\n\n10 IN PTR opikdesign.com.\n18 IN PTR ns1.opikdesign.com.<\/pre>\n[root@ns1 ~]# nano \/var\/named\/chroot\/etc\/namedb\/master\/57.16.172.rev<\/pre>\n$TTL 3600 ; 1 hour\n@ IN SOA ns1.opikdesign.com. admin.opikdesign.com. (\n 2016030230 ; serial\n 10800 ; refresh (3 hours)\n 3600 ; retry (1 hour)\n 1209600 ; expire (2 week)\n 86400 ; minimum (1 day)\n )\n;\n IN NS ns1.opikdesign.com.\n IN NS ns2.opikdesign.com.\n\n11 IN PTR ns2.opikdesign.com.\n200 IN PTR mail.opikdesign.com.<\/pre>\nsetiap config atau merubah config biasakan rubah user kepemilikkan folder config…<\/p>\n
[root@ns1 ~]# chown named.named \/var\/named\/chroot -R<\/pre>\nselanjutnya jalankan service named-nya<\/p>\n
[root@ns1 ~]# systemctl start named.service<\/pre>\ncheck service-nya jalan tidak…<\/p>\n
[root@ns1 ~]# systemctl status named.service<\/pre>\n\u25cf named.service - Berkeley Internet Name Domain (DNS)\n Loaded: loaded (\/usr\/lib\/systemd\/system\/named.service; enabled; vendor preset: disabled)\n Active: active (running) since Mon 2017-04-26 11:45:07 WIB; 4h 49min ago\n Process: 7902 ExecStop=\/bin\/sh -c \/usr\/sbin\/rndc stop > \/var\/named\/chroot\/dev\/null 2>&1 || \/bin\/kill -TERM $MAINPID (code=exited, status=0\/SUCCESS)\n Process: 7923 ExecStart=\/usr\/sbin\/named -u named $OPTIONS (code=exited, status=0\/SUCCESS)\n Process: 7919 ExecStartPre=\/usr\/sbin\/named-checkconf -z \/var\/named\/chroot\/etc\/named.conf.options (code=exited, status=0\/SUCCESS)\n Process: 7911 ExecStartPre=\/bin\/sh -c \/usr\/sbin\/named-rndc > \/var\/named\/chroot\/dev\/null 2>&1 (code=exited, status=0\/SUCCESS)\n Main PID: 7924 (named)\n CGroup: \/system.slice\/named.service\n \u2514\u25007924 \/usr\/sbin\/named -u named -c \/var\/named\/chroot\/etc\/named.conf.options<\/pre>\ntest, rubah nameserver-nya… kemudian tester dengan nslookup ke semua domain<\/p>\n
[root@ns1 ~]# nano \/etc\/resolv.conf<\/pre>\nsearch ns1.opikdesign.com\nnameserver 127.0.0.1\n<\/pre>\n[root@ns1 ~]# nslookup google.com<\/pre>\nServer: 127.0.0.1\nAddress: 127.0.0.1#53\n\nNon-authoritative answer:\nName: google.cOm\nAddress: 74.125.24.138\nName: google.cOm\nAddress: 74.125.24.100\nName: google.cOm\nAddress: 74.125.24.139\nName: google.cOm\nAddress: 74.125.24.101\nName: google.cOm\nAddress: 74.125.24.113\nName: google.cOm\nAddress: 74.125.24.102\nName: google.cOm\nAddress: 2404:6800:4003:c03::8b<\/pre>\nConfig pada Slave Server (NS2)<\/h2>\n
Config hosts dan hostname…<\/p>\n
[root@ns2 ~]# nano \/etc\/hosts<\/pre>\n192.168.56.18 ns1.opikdesign.com ns1\n172.16.57.11 ns2.opikdesign.com ns2\n127.0.0.1 localhost.ns2.opikdesign.com localhost\n::1 localhost localhost.localdomain localhost6 localhost6.localdomain6\n<\/pre>\n[root@ns2 ~]# nano \/etc\/sysconfig\/network<\/pre>\nNETWORKING=yes\nHOSTNAME=ns2.opikdesign.com\n<\/pre>\nGenerate RNDC<\/p>\n
[root@ns2 ~]# rndc-confgen -r \/dev\/urandom -b 512 > \/etc\/named.root.key\n[root@ns2 ~]# sed '\/conf\/d;\/^#\/!d;s:^# ::' \/etc\/named.root.key > \/var\/named\/chroot\/etc\/named.root.key<\/pre>\nConfig named.conf.options<\/em><\/p>\n
[root@ns2 ~]# nano \/var\/named\/chroot\/etc\/named.conf.options<\/pre>\noptions {\n directory \"\/var\/named\/chroot\/etc\/namedb\";\n pid-file \"\/var\/named\/chroot\/var\/run\/named.pid\";\n statistics-file \"\/var\/named\/chroot\/var\/run\/named.stats\";\n dump-file \"\/var\/named\/chroot\/var\/run\/cache_dump.db\";\n\n allow-query { any; };\n auth-nxdomain no; \/\/ conform to RFC1035\n listen-on-v6 { any; };\n\n allow-transfer { 192.168.56.18; };\n};\n\nacl trusted-servers {\n 192.168.56.18; \/\/ns1\n 172.16.57.11; \/\/ns2\n};\n\nlogging {\n category default { default_syslog; default_debug; };\n category unmatched { null; };\n\n channel default_syslog {\n syslog daemon;\n severity info;\n };\n\n channel default_debug {\n file \"named.run\";\n severity dynamic;\n };\n\n channel default_stderr {\n stderr;\n severity info;\n };\n\n channel null {\n null;\n };\n};\n\ninclude \"\/var\/named\/chroot\/etc\/named.root.key\";\ninclude \"\/var\/named\/chroot\/etc\/named.rfc1912.zones\";\ninclude \"\/var\/named\/chroot\/etc\/named.zones\";<\/pre>\nConfig named.rfc192.zones<\/em> yang berisi zona localhost maupun forward ke server dns sedunia<\/p>\n
[root@ns2 ~]# nano \/var\/named\/chroot\/etc\/named.rfc1912.zones<\/pre>\nzone \".\" {\n type hint;\n file \"root.hints\";\n};\n\nzone \"0.0.127.in-addr.arpa\" {\n type master;\n file \"pz\/127.0.0\";\n allow-update { none; };\n allow-transfer { trusted-servers; };\n};\n\nzone \"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa\" IN {\n type master;\n file \"pz\/named.ip6.local\";\n allow-update { none; };\n allow-transfer { trusted-servers; };\n};\n\nzone \"255.in-addr.arpa\" IN {\n type master;\n file \"pz\/named.broadcast\";\n allow-update { none; };\n allow-transfer { trusted-servers; };\n};\n\nzone \"0.in-addr.arpa\" IN {\n type master;\n file \"pz\/named.zero\";\n allow-update { none; };\n allow-transfer { trusted-servers; };\n};\n\nzone \"localdomain\" IN {\n type master;\n file \"pz\/localdomain.zone\";\n allow-update { none; };\n allow-transfer { trusted-servers; };\n};\n\nzone \"localhost\" IN {\n type master;\n file \"pz\/localhost.zone\";\n allow-update { none; };\n allow-transfer { trusted-servers; };\n};<\/pre>\nBuat zone localhost\/localdomain dan PTR-nya tersebut…<\/p>\n
[root@ns2 ~]# nano \/var\/named\/chroot\/etc\/namedb\/pz\/localdomain.zone<\/pre>\n$TTL 86400\n@ IN SOA localhost root (\n 42 ; serial (d. adams)\n 3H ; refresh\n 15M ; retry\n 1W ; expiry\n 1D ) ; minimum\n IN NS localhost\nlocalhost IN A 127.0.0.1\nlocalhost IN AAAA ::1<\/pre>\n[root@ns2 ~]# nano \/var\/named\/chroot\/etc\/namedb\/pz\/localhost.zone<\/pre>\n$TTL 86400\n@ IN SOA @ root (\n 42 ; serial\n 3H ; refresh\n 15M ; retry\n 1W ; expiry\n 1D ) ; minimum\n\n IN NS @\n IN A 127.0.0.1\n IN AAAA ::1<\/pre>\n[root@ns2 ~]# nano \/var\/named\/chroot\/etc\/namedb\/pz\/named.broadcast<\/pre>\n$TTL 86400\n$TTL 86400\n@ IN SOA localhost. root.localhost. (\n 42 ; serial\n 3H ; refresh\n 15M ; retry\n 1W ; expiry\n 1D ) ; minimum\n IN NS localhost.<\/pre>\n[root@ns2 ~]# nano \/var\/named\/chroot\/etc\/namedb\/pz\/named.ip6.local<\/pre>\n$TTL 86400\n@ IN SOA localhost. root.localhost. (\n 1997022700 ; Serial\n 28800 ; Refresh\n 14400 ; Retry\n 3600000 ; Expire\n 86400 ) ; Minimum\n IN NS localhost.\n1 IN PTR localhost.<\/pre>\n[root@ns2 ~]# nano \/var\/named\/chroot\/etc\/namedb\/pz\/named.zero<\/pre>\n$TTL 86400\n@ IN SOA localhost. root.localhost. (\n 42 ; serial\n 3H ; refresh\n 15M ; retry\n 1W ; expiry\n 1D ) ; minimum\n IN NS localhost.<\/pre>\n[root@ns2 ~]# nano \/var\/named\/chroot\/etc\/namedb\/pz\/127.0.0<\/pre>\n$TTL 3D\n@ IN SOA ns.local.domain. hostmaster.local.domain. (\n 1 ; Serial\n 8H ; Refresh\n 2H ; Retry\n 4W ; Expire\n 1D) ; Minimum TTL\n NS ns.local.domain.\n1 PTR localhost.<\/pre>\nGenerate forward ke DNS Server sedunia…<\/p>\n
[root@ns2 ~]# dig +bufsize=1200 +norec NS . @a.root-servers.net > \/var\/named\/chroot\/etc\/namedb\/root.hints<\/pre>\nMembuat zone domain…<\/p>\n
[root@ns2 ~]# nano \/var\/named\/chroot\/etc\/named.zones<\/pre>\nzone \"56.168.192.in-addr.arpa\" IN {\n type slave;\n file \"slave\/56.168.192.rev\";\n masters { 192.168.56.18; };\n allow-transfer { trusted-servers; };\n};\n\nzone \"57.16.172.in-addr.arpa\" IN {\n type slave;\n file \"slave\/57.16.172.rev\";\n masters { 192.168.56.18; };\n allow-transfer { trusted-servers; };\n};\n\nzone \"opikdesign.com\" IN {\n type slave;\n file \"slave\/opikdesign.com.zone\";\n masters { 192.168.56.18; };\n allow-transfer { trusted-servers; };\n};<\/pre>\nSemenjak bind versi 9.9.8, slave akan membuat file db zones sendiri dengan meniru master-nya, jadi tiap kali merubah record domain maupun menambah domain cukup dilakukan di server master saja.<\/p>\n
Jangan lupa setiap config atau merubah config biasakan rubah user kepemilikkan folder config…<\/p>\n
[root@ns2 ~]# chown named.named \/var\/named\/chroot -R<\/pre>\nselanjutnya jalankan service named-nya<\/p>\n
[root@ns2 ~]# systemctl start named.service<\/pre>\ncheck service-nya jalan tidak…<\/p>\n
[root@ns2 ~]# systemctl status named.service<\/pre>\n\u25cf named.service - Berkeley Internet Name Domain (DNS)\n Loaded: loaded (\/usr\/lib\/systemd\/system\/named.service; enabled; vendor preset: disabled)\n Active: active (running) since Mon 2017-04-26 11:48:07 WIB; 4h 49min ago\n Process: 7902 ExecStop=\/bin\/sh -c \/usr\/sbin\/rndc stop > \/var\/named\/chroot\/dev\/null 2>&1 || \/bin\/kill -TERM $MAINPID (code=exited, status=0\/SUCCESS)\n Process: 7923 ExecStart=\/usr\/sbin\/named -u named $OPTIONS (code=exited, status=0\/SUCCESS)\n Process: 7919 ExecStartPre=\/usr\/sbin\/named-checkconf -z \/var\/named\/chroot\/etc\/named.conf.options (code=exited, status=0\/SUCCESS)\n Process: 7911 ExecStartPre=\/bin\/sh -c \/usr\/sbin\/named-rndc > \/var\/named\/chroot\/dev\/null 2>&1 (code=exited, status=0\/SUCCESS)\n Main PID: 7924 (named)\n CGroup: \/system.slice\/named.service\n \u2514\u25007924 \/usr\/sbin\/named -u named -c \/var\/named\/chroot\/etc\/named.conf.options<\/pre>\ntest, rubah nameserver-nya… kemudian tester dengan nslookup ke semua domain<\/p>\n
[root@ns2 ~]# nano \/etc\/resolv.conf<\/pre>\nsearch ns1.opikdesign.com\nnameserver 127.0.0.1\n<\/pre>\n[root@ns2 ~]# nslookup google.com<\/pre>\nServer: 127.0.0.1\nAddress: 127.0.0.1#53\n\nNon-authoritative answer:\nName: google.com\nAddress: 74.125.24.138\nName: google.com\nAddress: 74.125.24.100\nName: google.com\nAddress: 74.125.24.139\nName: google.com\nAddress: 74.125.24.101\nName: google.com\nAddress: 74.125.24.113\nName: google.com\nAddress: 74.125.24.102\nName: google.com\nAddress: 2404:6800:4003:c03::8b<\/pre>\n","protected":false},"excerpt":{"rendered":"Di sini penulis menganggap instalasi OS CentOS 7 sudah selesai dan rapi… Sebagain contoh kita akan membuat 2 \u00a0DNS Server, NS1 sebagai Master dan NS2 sebagai Slave. ns1.opikdesign.com \u00a0 \u00a0 ip 192.168.56.18 ns2.opikdesign.com \u00a0 \u00a0 ip 172.16.57.11<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[13,4,12],"tags":[23,21,22],"class_list":["post-436","post","type-post","status-publish","format-standard","hentry","category-dns-server","category-sys-admin","category-web-hosting","tag-bind","tag-cenos-7","tag-dns-server"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/posts\/436","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/comments?post=436"}],"version-history":[{"count":42,"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/posts\/436\/revisions"}],"predecessor-version":[{"id":690,"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/posts\/436\/revisions\/690"}],"wp:attachment":[{"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/media?parent=436"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/categories?post=436"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/tags?post=436"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}