DNS Configuration Full Image With Video
Hai sobat mualtry bertemu kembali di kesempatan kali ini, mungkin sobat yang berkunjung sedang di landa kebingungan dan sedang bertanya-tanya :
Apa itu DNS ?
Apa DNS itu penting ?
Bagaimana konfigurasinya ?
Dari beberapa pertanyaan di atas akan saya jawab sesimple mungkin ya
by
Mualtry
Hai sobat mualtry bertemu kembali di kesempatan kali ini, mungkin sobat yang berkunjung sedang di landa kebingungan dan sedang bertanya-tanya :
Apa itu DNS ?
Apa DNS itu penting ?
Bagaimana konfigurasinya ?
Dari beberapa pertanyaan di atas akan saya jawab sesimple mungkin ya, Domain Name System; DNS) adalah sebuah sistem yang menyimpan informasi tentang nama host ataupun nama domain dalam bentuk basis data tersebar (distributed database) di dalam jaringan komputer, misalkan: Internet. DNS menyediakan alamat IP untuk setiap nama host dan mendata setiap server transmisi surat (mail exchange server) yang menerima surel (email) untuk setiap domain. Menurut browser Google Chrome, DNS adalah layanan jaringan yang menerjemahkan nama situs web menjadi alamat internet.
Menurut saya DNS saya gunakan untuk merubah akses dari yang semula alamat IP ke domain yang nantinya akan tersimpan di server, contohnya saya konfigurasi DNS domain Google.com ke alamat IP 192.168.100.2 maka yang akan terjadi adalah saat saya mengakses domain Google.com yang akan terbaca adalah alamat 192.168.100.2 sistimnya seperti redirect lah. Untuk konfigurasinya kalian bisa cek di bawah ya, jika ketemu toruble bisa share komentar nya di bawah biar ketemu solusinya ya.
[1] Install BIND 9.
On this example, Configure BIND with Grobal IP address [172.16.0.80/29], Private IP address [10.0.0.0/24], Domain name [srv.mualtry]. However, Please replace IP addresses and Domain Name to your own environment. ( Actually, [172.16.0.80/29] is for private IP address, though. )
Apa itu DNS ?
Apa DNS itu penting ?
Bagaimana konfigurasinya ?
Dari beberapa pertanyaan di atas akan saya jawab sesimple mungkin ya, Domain Name System; DNS) adalah sebuah sistem yang menyimpan informasi tentang nama host ataupun nama domain dalam bentuk basis data tersebar (distributed database) di dalam jaringan komputer, misalkan: Internet. DNS menyediakan alamat IP untuk setiap nama host dan mendata setiap server transmisi surat (mail exchange server) yang menerima surel (email) untuk setiap domain. Menurut browser Google Chrome, DNS adalah layanan jaringan yang menerjemahkan nama situs web menjadi alamat internet.
Menurut saya DNS saya gunakan untuk merubah akses dari yang semula alamat IP ke domain yang nantinya akan tersimpan di server, contohnya saya konfigurasi DNS domain Google.com ke alamat IP 192.168.100.2 maka yang akan terjadi adalah saat saya mengakses domain Google.com yang akan terbaca adalah alamat 192.168.100.2 sistimnya seperti redirect lah. Untuk konfigurasinya kalian bisa cek di bawah ya, jika ketemu toruble bisa share komentar nya di bawah biar ketemu solusinya ya.
BIND : Install
Install BIND to configure DNS server which resolves domain name or IP address. DNS uses 53/TCP,UDP.[1] Install BIND 9.
root@dlp:~# apt -y install bind9 bind9utils dnsutils[2] Configure BIND 9.
On this example, Configure BIND with Grobal IP address [172.16.0.80/29], Private IP address [10.0.0.0/24], Domain name [srv.mualtry]. However, Please replace IP addresses and Domain Name to your own environment. ( Actually, [172.16.0.80/29] is for private IP address, though. )
root@dlp:~# vi /etc/bind/named.conf include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; # comment out # include "/etc/bind/named.conf.default-zones"; # add include "/etc/bind/named.conf.internal-zones"; include "/etc/bind/named.conf.external-zones"; root@dlp:~# vi /etc/bind/named.conf.internal-zones # create new # define for internal section view "internal" { match-clients { localhost; 10.0.0.0/24; }; # set zone for internal zone "srv.mualtry" { type master; file "/etc/bind/srv.mualtry.lan"; allow-update { none; }; }; # set zone for internal *note zone "0.0.10.in-addr.arpa" { type master; file "/etc/bind/0.0.10.db"; allow-update { none; }; }; include "/etc/bind/named.conf.default-zones"; }; root@dlp:~# vi /etc/bind/named.conf.external-zones # create new # define for external section view "external" { match-clients { any; }; # allow any query allow-query { any; }; # prohibit recursion recursion no; # set zone for external zone "srv.mualtry" { type master; file "/etc/bind/srv.mualtry.wan"; allow-update { none; }; }; # set zone for external *note zone "80.0.16.172.in-addr.arpa" { type master; file "/etc/bind/80.0.16.172.db"; allow-update { none; }; }; }; # *note : For How to write for reverse resolving, Write network address reversely like below # Case of 10.0.0.0/24 # network address ⇒ 10.0.0.0 # range of network ⇒ 10.0.0.0 - 10.0.0.255 # how to write ⇒ 0.0.10.in-addr.arpa # Case of 172.16.0.80/29 # network address ⇒ 172.16.0.80 # range of network ⇒ 172.16.0.80 - 172.16.0.87 # how to write ⇒ 80.0.16.172.in-addr.arpa[3] Limit ranges you allow to access if needed.
root@dlp:~# vi /etc/bind/named.conf.options options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; # query range you allow allow-query { localhost; 10.0.0.0/24; }; # the range to transfer zone files allow-transfer { localhost; 10.0.0.0/24; }; # recursion range you allow allow-recursion { localhost; 10.0.0.0/24; }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 # change if not use IPV6 listen-on-v6 { none; }; };
BIND : Configure Zones for Name Resolution
Create zone files that servers resolve IP address from domain name.
[1] For internal zone,
On this example, Configure BIND with internal address [10.0.0.0/24], domain name [srv.mualtry]. Pease replace IP addresses and Domain Name to your own environment.
On this example, Configure BIND with internal address [172.16.0.80/29], domain name [srv.mualtry]. Pease replace IP addresses and Domain Name to your own environment.
On this example, Configure BIND with internal address [10.0.0.0/24], domain name [srv.mualtry]. Pease replace IP addresses and Domain Name to your own environment.
root@dlp:~# vi /etc/bind/srv.mualtry.lan $TTL 86400 @ IN SOA dlp.srv.mualtry. root.srv.mualtry. ( 2019071601 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) # define name server IN NS dlp.srv.mualtry. # define name server's IP address IN A 10.0.0.30 # define mail exchanger IN MX 10 dlp.srv.mualtry. # define IP address of the hostname dlp IN A 10.0.0.30[2] For external zone,
On this example, Configure BIND with internal address [172.16.0.80/29], domain name [srv.mualtry]. Pease replace IP addresses and Domain Name to your own environment.
Configure Zones for Address Resolution
Create zone files that servers resolve domain names from IP address. [3] For internal zone, On this example, Configure BIND with internal address [10.0.0.0/24],root@dlp:~# vi /etc/bind/0.0.10.db $TTL 86400 @ IN SOA dlp.srv.mualtry. root.srv.mualtry. ( 2019071601 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) # define name server IN NS dlp.srv.mualtry. # define the range of this domain included IN PTR srv.mualtry. IN A 255.255.255.0 # define hostname of the IP address 30 IN PTR dlp.srv.mualtry.[4] For external zone, On this example, Configure BIND with internal address [172.16.0.80/29], domain name
root@dlp:~# vi /etc/bind/80.0.16.172.db $TTL 86400 @ IN SOA dlp.srv.mualtry. root.srv.mualtry. ( 2019071601 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) # define name server IN NS dlp.srv.mualtry. # define the range of this domain included IN PTR srv.mualtry. IN A 255.255.255.248 # define hostname of the IP address 82 IN PTR dlp.srv.mualtry.
BIND : Verify Resolution
Restart BIND to apply changes and Verify name or Address Resolution. [1] Change DNS setting to refer to local DNS.root@dlp:~# systemctl restart bind9 root@dlp:~#vi /etc/resolv.conf # change to own address domain srv.mualtry search srv.mualtry nameserver 10.0.0.30[2] Try to resolv Name or Address normally.
root@dlp:~# dig dlp.srv.mualtry. ; <<>> DiG 9.11.5-P4-5.1-Debian <<>> dlp.srv.mualtry. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- -x="" 0="" 10.0.0.30="" 100="" 16="" 19:18:05="" 1="" 2019="" 4096="" 4d7dc810ee0afaa6c3256f115d2d4ffd9c70cf67412a4e9e="" 55942="" 86400="" a="" aa="" additional:="" answer:="" answer="" authority:="" authority="" cookie:="" dig="" dlp.srv.mualtry.="" dlp:="" edns:="" flags:="" good="" id:="" in="" jst="" jul="" msec="" msg="" noerror="" ns="" opcode:="" opt="" pseudosection:="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" root="" section:="" server:="" size="" srv.mualtry.="" status:="" time:="" tue="" udp:="" version:="" when:="">> DiG 9.11.5-P4-5.1-Debian <<>> -x 10.0.0.30 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- 0.0.10.in-addr.arpa.="" 0="" 10.0.0.30="" 136="" 16="" 18132="" 19:18:49="" 1="" 2019="" 2="" 30.0.0.10.in-addr.arpa.="" 4096="" 777591e01deae66230c2736c5d2d5029a2956dbaf6ced141="" 86400="" a="" aa="" additional:="" additional="" answer:="" answer="" authority:="" authority="" cookie:="" dlp.srv.mualtry.="" edns:="" flags:="" good="" id:="" in-addr.arpa.="" in="" jst="" jul="" msec="" msg="" noerror="" ns="" opcode:="" opt="" pre="" pseudosection:="" ptr="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" section:="" server:="" size="" status:="" time:="" tue="" udp:="" version:="" when:="">->->
BIND : Set CNAME Record
If you'd like to set another name (Alias) to your Host, define CNAME record in zone file. [1] Set CNAME record in zone file.root@dlp:~# vi /etc/bind/srv.mualtry.lan $TTL 86400 @ IN SOA dlp.srv.mualtry. root.srv.mualtry. ( # update serial 2019071602 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) IN NS dlp.srv.mualtry. IN A 10.0.0.30 IN MX 10 dlp.srv.mualtry. dlp IN A 10.0.0.30 # aliase IN CNAME server's hostname ftp IN CNAME dlp.srv.mualtry. root@dlp:~#rndc reload server reload successful root@dlp:~# dig ftp.srv.mualtry. ; <<>> DiG 9.11.5-P4-5.1-Debian <<>> ftp.srv.mualtry. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- 0="" 10.0.0.30="" 118="" 16="" 19:24:07="" 1="" 2019="" 2="" 4096="" 54525="" 86400="" a="" aa="" additional:="" af56834de0be6ce71bf860135d2d5167604e9d7b9107d0d7="" answer:="" answer="" authority:="" authority="" cname="" cookie:="" dlp.srv.mualtry.="" edns:="" flags:="" ftp.srv.mualtry.="" good="" id:="" in="" jst="" jul="" msec="" msg="" noerror="" ns="" opcode:="" opt="" pre="" pseudosection:="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" section:="" server:="" size="" srv.mualtry.="" status:="" time:="" tue="" udp:="" version:="" when:=""> <- -x="" 0="" 10.0.0.30="" 100="" 16="" 19:18:05="" 1="" 2019="" 4096="" 4d7dc810ee0afaa6c3256f115d2d4ffd9c70cf67412a4e9e="" 55942="" 86400="" a="" aa="" additional:="" answer:="" answer="" authority:="" authority="" cookie:="" dig="" dlp.srv.mualtry.="" dlp:="" edns:="" flags:="" good="" id:="" in="" jst="" jul="" msec="" msg="" noerror="" ns="" opcode:="" opt="" pseudosection:="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" root="" section:="" server:="" size="" srv.mualtry.="" status:="" time:="" tue="" udp:="" version:="" when:=""><- 0.0.10.in-addr.arpa.="" 0="" 10.0.0.30="" 136="" 16="" 18132="" 19:18:49="" 1="" 2019="" 2="" 30.0.0.10.in-addr.arpa.="" 4096="" 777591e01deae66230c2736c5d2d5029a2956dbaf6ced141="" 86400="" a="" aa="" additional:="" additional="" answer:="" answer="" authority:="" authority="" cookie:="" dlp.srv.mualtry.="" edns:="" flags:="" good="" id:="" in-addr.arpa.="" in="" jst="" jul="" msec="" msg="" noerror="" ns="" opcode:="" opt="" pre="" pseudosection:="" ptr="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" section:="" server:="" size="" status:="" time:="" tue="" udp:="" version:="" when:="">->->->
BIND : Configure Slave DNS Server
Configure BIND as a Slave DNS Server. The following example shows an environment that master DNS is [172.16.0.82], Slave DNS is [slave.example.host]. [1] Configure DNS master server.root@dlp:~# vi /etc/bind/named.conf.options options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; allow-query { localhost; 10.0.0.0/24; }; # add a range you allow to transfer zone files allow-transfer { localhost; 10.0.0.0/24; 172.16.0.80/29; }; allow-recursion { localhost; 10.0.0.0/24; }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; }; root@dlp:~# rndc reload server reload successful[2] Configure DNS slave server.
root@slave:~# vi /etc/bind/named.conf.external-zones # add settings like follows zone "srv.mualtry" { type slave; masters { 172.16.0.82; }; file "/etc/bind/slaves/srv.mualtry.wan"; }; root@slave:~# mkdir /etc/bind/slaves root@slave:~# chown bind. /etc/bind/slaves root@slave:~# rndc reload server reload successful root@slave:~# ls /etc/bind/slaves srv.mualtry.wan # zone files in master DNS has been just transferedTerimkasih telah berkunjung di website mualtry.com, apabila ada pertanyaan silakan tulis komentar di bawah ya, Note: sebenarnya untuk konfigurasi DNS cukup dengan install dan konfigurasi BIND9 dan juga konfigurasi DNS zone, namun jika kalian ingin konfigurasi mengikuti tutorial di atas juga boleh lho, sampai jumpa lagi di lain kesempatan. Oh iya saya juga akan membagikan video mengenai DNS yang dapat sobat jadikan referensi lho, silakan ikutin tutorialnya ya
Mualtry
Blog pribadi tempat belajar jaringan dan automation system, diharapkan agar bisa saling berdiskusi terhadap suatu masalah agar dapat saling membantu
Malu bertanya sesat di jalan, kepo itu perlu baik untuk diri sendiri maupun orang lain
Comments