DNS Configuration Full Image With Video

Hai sobat mualtry bertemu kembali di kesempatan kali ini, mungkin sobat yang berkunjung sedang di landa kebingungan dan sedang bertanya-tanya : Apa itu DNS ? Apa DNS itu penting ? Bagaimana konfigurasinya ? Dari beberapa pertanyaan di atas akan saya jawab sesimple mungkin ya
Mualtry
Hai sobat mualtry bertemu kembali di kesempatan kali ini, mungkin sobat yang berkunjung sedang di landa kebingungan dan sedang bertanya-tanya :
Apa itu DNS ?
Apa DNS itu penting ?
Bagaimana konfigurasinya ?

 Dari beberapa pertanyaan di atas akan saya jawab sesimple mungkin ya, Domain Name System; DNS) adalah sebuah sistem yang menyimpan informasi tentang nama host ataupun nama domain dalam bentuk basis data tersebar (distributed database) di dalam jaringan komputer, misalkan: Internet. DNS menyediakan alamat IP untuk setiap nama host dan mendata setiap server transmisi surat (mail exchange server) yang menerima surel (email) untuk setiap domain. Menurut browser Google Chrome, DNS adalah layanan jaringan yang menerjemahkan nama situs web menjadi alamat internet.

Menurut saya DNS saya gunakan untuk merubah akses dari yang semula alamat IP ke domain yang nantinya akan tersimpan di server, contohnya saya konfigurasi DNS domain Google.com ke alamat IP 192.168.100.2 maka yang akan terjadi adalah saat saya mengakses domain Google.com yang akan terbaca adalah alamat 192.168.100.2 sistimnya seperti redirect lah. Untuk konfigurasinya kalian bisa cek di bawah ya, jika ketemu toruble bisa share komentar nya di bawah biar ketemu solusinya ya.

BIND : Install

Install BIND to configure DNS server which resolves domain name or IP address. DNS uses 53/TCP,UDP.

[1] Install BIND 9.
root@dlp:~# apt -y install bind9 bind9utils dnsutils
[2] Configure BIND 9.
On this example, Configure BIND with Grobal IP address [172.16.0.80/29], Private IP address [10.0.0.0/24], Domain name [srv.mualtry]. However, Please replace IP addresses and Domain Name to your own environment. ( Actually, [172.16.0.80/29] is for private IP address, though. )
root@dlp:~# vi /etc/bind/named.conf

   include "/etc/bind/named.conf.options";

   include "/etc/bind/named.conf.local";

   # comment out
   # include "/etc/bind/named.conf.default-zones";
   # add
   include "/etc/bind/named.conf.internal-zones";

   include "/etc/bind/named.conf.external-zones";

 root@dlp:~# vi /etc/bind/named.conf.internal-zones

   # create new
   # define for internal section

   view "internal" {

          match-clients {
                  localhost;
                  10.0.0.0/24;
          };
          # set zone for internal
          zone "srv.mualtry" {
                  type master;
                  file "/etc/bind/srv.mualtry.lan";
                  allow-update { none; };
          };
          # set zone for internal *note
          zone "0.0.10.in-addr.arpa" {
                  type master;
                  file "/etc/bind/0.0.10.db";
                  allow-update { none; };
          };
          include "/etc/bind/named.conf.default-zones";
  };
root@dlp:~# vi /etc/bind/named.conf.external-zones

  # create new
  # define for external section

  view "external" {

          match-clients { any; };
          # allow any query
          allow-query { any; };
          # prohibit recursion
          recursion no;
          # set zone for external
          zone "srv.mualtry" {
                  type master;
                  file "/etc/bind/srv.mualtry.wan";
                  allow-update { none; };
          };
          # set zone for external *note
          zone "80.0.16.172.in-addr.arpa" {
                  type master;
                  file "/etc/bind/80.0.16.172.db";
                  allow-update { none; };
          };
  };
  # *note : For How to write for reverse resolving, Write network address reversely like below
  # Case of 10.0.0.0/24
  # network address        ⇒ 10.0.0.0
  # range of network       ⇒ 10.0.0.0 - 10.0.0.255
  # how to write           ⇒ 0.0.10.in-addr.arpa

  # Case of 172.16.0.80/29
  # network address        ⇒ 172.16.0.80
  # range of network       ⇒ 172.16.0.80 - 172.16.0.87
  # how to write           ⇒ 80.0.16.172.in-addr.arpa
[3] Limit ranges you allow to access if needed.
root@dlp:~# vi /etc/bind/named.conf.options

  options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };
        # query range you allow
        allow-query { localhost; 10.0.0.0/24; };
        # the range to transfer zone files
        allow-transfer { localhost; 10.0.0.0/24; };
        # recursion range you allow
        allow-recursion { localhost; 10.0.0.0/24; };
        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        # change if not use IPV6
        listen-on-v6 { none; };
  };

BIND : Configure Zones for Name Resolution

Create zone files that servers resolve IP address from domain name.
[1] For internal zone,
On this example, Configure BIND with internal address [10.0.0.0/24], domain name [srv.mualtry]. Pease replace IP addresses and Domain Name to your own environment.
root@dlp:~# vi /etc/bind/srv.mualtry.lan

  $TTL 86400
  @   IN  SOA     dlp.srv.mualtry. root.srv.mualtry. (
          2019071601  ;Serial
          3600        ;Refresh
          1800        ;Retry
          604800      ;Expire
          86400       ;Minimum TTL
  )
          # define name server
          IN  NS      dlp.srv.mualtry.
          # define name server's IP address
          IN  A       10.0.0.30
          # define mail exchanger
          IN  MX 10   dlp.srv.mualtry.

  # define IP address of the hostname
  dlp     IN  A       10.0.0.30
[2] For external zone,
On this example, Configure BIND with internal address [172.16.0.80/29], domain name [srv.mualtry]. Pease replace IP addresses and Domain Name to your own environment.

Configure Zones for Address Resolution

Create zone files that servers resolve domain names from IP address. [3] For internal zone, On this example, Configure BIND with internal address [10.0.0.0/24], 
root@dlp:~# vi /etc/bind/0.0.10.db

  $TTL 86400
  @   IN  SOA     dlp.srv.mualtry. root.srv.mualtry. (
        2019071601  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
  )
        # define name server
        IN  NS      dlp.srv.mualtry.
        # define the range of this domain included
        IN  PTR     srv.mualtry.
        IN  A       255.255.255.0

  # define hostname of the IP address
    30      IN  PTR     dlp.srv.mualtry.
[4] For external zone, On this example, Configure BIND with internal address [172.16.0.80/29], domain name 
root@dlp:~# vi /etc/bind/80.0.16.172.db

  $TTL 86400
  @   IN  SOA     dlp.srv.mualtry. root.srv.mualtry. (
        2019071601  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
  )
        # define name server
        IN  NS      dlp.srv.mualtry.
        # define the range of this domain included
        IN  PTR     srv.mualtry.
        IN  A       255.255.255.248

  # define hostname of the IP address
    82      IN  PTR     dlp.srv.mualtry.

BIND : Verify Resolution

Restart BIND to apply changes and Verify name or Address Resolution. [1] Change DNS setting to refer to local DNS. 
root@dlp:~# systemctl restart bind9

root@dlp:~#vi /etc/resolv.conf

  # change to own address

  domain srv.mualtry
  search srv.mualtry
  nameserver 10.0.0.30
[2] Try to resolv Name or Address normally. 
root@dlp:~# dig dlp.srv.mualtry.

  ; <<>> DiG 9.11.5-P4-5.1-Debian <<>> dlp.srv.mualtry.
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- -x="" 0="" 10.0.0.30="" 100="" 16="" 19:18:05="" 1="" 2019="" 4096="" 4d7dc810ee0afaa6c3256f115d2d4ffd9c70cf67412a4e9e="" 55942="" 86400="" a="" aa="" additional:="" answer:="" answer="" authority:="" authority="" cookie:="" dig="" dlp.srv.mualtry.="" dlp:="" edns:="" flags:="" good="" id:="" in="" jst="" jul="" msec="" msg="" noerror="" ns="" opcode:="" opt="" pseudosection:="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" root="" section:="" server:="" size="" srv.mualtry.="" status:="" time:="" tue="" udp:="" version:="" when:="">> DiG 9.11.5-P4-5.1-Debian <<>> -x 10.0.0.30
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- 0.0.10.in-addr.arpa.="" 0="" 10.0.0.30="" 136="" 16="" 18132="" 19:18:49="" 1="" 2019="" 2="" 30.0.0.10.in-addr.arpa.="" 4096="" 777591e01deae66230c2736c5d2d5029a2956dbaf6ced141="" 86400="" a="" aa="" additional:="" additional="" answer:="" answer="" authority:="" authority="" cookie:="" dlp.srv.mualtry.="" edns:="" flags:="" good="" id:="" in-addr.arpa.="" in="" jst="" jul="" msec="" msg="" noerror="" ns="" opcode:="" opt="" pre="" pseudosection:="" ptr="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" section:="" server:="" size="" status:="" time:="" tue="" udp:="" version:="" when:="">

BIND : Set CNAME Record

If you'd like to set another name (Alias) to your Host, define CNAME record in zone file. [1] Set CNAME record in zone file.
root@dlp:~# vi /etc/bind/srv.mualtry.lan

  $TTL 86400
  @   IN  SOA     dlp.srv.mualtry. root.srv.mualtry. (
        # update serial
        2019071602  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
  )
        IN  NS      dlp.srv.mualtry.
        IN  A       10.0.0.30
        IN  MX 10   dlp.srv.mualtry.

  dlp     IN  A       10.0.0.30
  # aliase IN CNAME server's hostname
  ftp     IN  CNAME   dlp.srv.mualtry.

root@dlp:~#rndc reload

  server reload successful

root@dlp:~# dig ftp.srv.mualtry.

  ; <<>> DiG 9.11.5-P4-5.1-Debian <<>> ftp.srv.mualtry.
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- 0="" 10.0.0.30="" 118="" 16="" 19:24:07="" 1="" 2019="" 2="" 4096="" 54525="" 86400="" a="" aa="" additional:="" af56834de0be6ce71bf860135d2d5167604e9d7b9107d0d7="" answer:="" answer="" authority:="" authority="" cname="" cookie:="" dlp.srv.mualtry.="" edns:="" flags:="" ftp.srv.mualtry.="" good="" id:="" in="" jst="" jul="" msec="" msg="" noerror="" ns="" opcode:="" opt="" pre="" pseudosection:="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" section:="" server:="" size="" srv.mualtry.="" status:="" time:="" tue="" udp:="" version:="" when:="">
<- -x="" 0="" 10.0.0.30="" 100="" 16="" 19:18:05="" 1="" 2019="" 4096="" 4d7dc810ee0afaa6c3256f115d2d4ffd9c70cf67412a4e9e="" 55942="" 86400="" a="" aa="" additional:="" answer:="" answer="" authority:="" authority="" cookie:="" dig="" dlp.srv.mualtry.="" dlp:="" edns:="" flags:="" good="" id:="" in="" jst="" jul="" msec="" msg="" noerror="" ns="" opcode:="" opt="" pseudosection:="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" root="" section:="" server:="" size="" srv.mualtry.="" status:="" time:="" tue="" udp:="" version:="" when:=""><- 0.0.10.in-addr.arpa.="" 0="" 10.0.0.30="" 136="" 16="" 18132="" 19:18:49="" 1="" 2019="" 2="" 30.0.0.10.in-addr.arpa.="" 4096="" 777591e01deae66230c2736c5d2d5029a2956dbaf6ced141="" 86400="" a="" aa="" additional:="" additional="" answer:="" answer="" authority:="" authority="" cookie:="" dlp.srv.mualtry.="" edns:="" flags:="" good="" id:="" in-addr.arpa.="" in="" jst="" jul="" msec="" msg="" noerror="" ns="" opcode:="" opt="" pre="" pseudosection:="" ptr="" qr="" query:="" query="" question="" ra="" rcvd:="" rd="" section:="" server:="" size="" status:="" time:="" tue="" udp:="" version:="" when:="">

BIND : Configure Slave DNS Server

Configure BIND as a Slave DNS Server. The following example shows an environment that master DNS is [172.16.0.82], Slave DNS is [slave.example.host]. [1] Configure DNS master server. 
root@dlp:~# vi /etc/bind/named.conf.options

  options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };
        allow-query { localhost; 10.0.0.0/24; };
        # add a range you allow to transfer zone files
        allow-transfer { localhost; 10.0.0.0/24; 172.16.0.80/29; };
        allow-recursion { localhost; 10.0.0.0/24; };
        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
  };

root@dlp:~# rndc reload

  server reload successful
[2] Configure DNS slave server. 
root@slave:~# vi /etc/bind/named.conf.external-zones

  # add settings like follows

        zone "srv.mualtry" {
                type slave;
                masters { 172.16.0.82; };
                file "/etc/bind/slaves/srv.mualtry.wan";
        };

root@slave:~# mkdir /etc/bind/slaves

root@slave:~# chown bind. /etc/bind/slaves

root@slave:~# rndc reload

  server reload successful

root@slave:~# ls /etc/bind/slaves

  srv.mualtry.wan     

  # zone files in master DNS has been just transfered
Terimkasih telah berkunjung di website mualtry.com, apabila ada pertanyaan silakan tulis komentar di bawah ya, Note: sebenarnya untuk konfigurasi DNS cukup dengan install dan konfigurasi BIND9 dan juga konfigurasi DNS zone, namun jika kalian ingin konfigurasi mengikuti tutorial di atas juga boleh lho, sampai jumpa lagi di lain kesempatan. Oh iya saya juga akan membagikan video mengenai DNS yang dapat sobat jadikan referensi lho, silakan ikutin tutorialnya ya
Tags
Mualtry
Blog pribadi tempat belajar jaringan dan automation system, diharapkan agar bisa saling berdiskusi terhadap suatu masalah agar dapat saling membantu
Comments
Malu bertanya sesat di jalan, kepo itu perlu baik untuk diri sendiri maupun orang lain