DOMAIN
posted 28 November 2013
By Nazih bopas
DNS (Domain Name System)
------------------------
DNS digunakan untuk menerjemahkan nama domain/hostname menjadi IP address.
Untuk kemudahan dalam mengakses dan mudah diingat. Contoh nama domain:
www.nurulfikri.com
Hirarki DNS
-----------
. (root DNS)
|
---------------------------------------------------------------
| | | | | | | | |
.com .net .org .gov .tv .id .uk .sg .my top level
| | domain
| ------------------------
| | | | | |
yahoo .co .web .or .ac .sch second level
| | domain
-------------- |
| | | |
www mail groups lp3tnf
|
----------------
| | | |
www mail hmik pesantren
Kegunaan DNS:
- menerjemahkan nama domain menjadi IP address
- memetakan nama domain ke suatu IP address
- melakukan caching nama domain
- menentukan mail server
Bind
----
Instalasi :
yum install bind-utils bind-chroot bind caching-nameserver
File konfigurasi :
- /etc/named.caching-nameserver.conf --> konfigurasi utama
- /etc/named.rfc1912.zones --> Penentuan zone yang akan dikelola dan tipe DNS
- /var/named/chroot/var/named --> File-file konfigurasi setiap zone
---------------------------------------------------------------------------
- /etc/named.conf atau /var/named/chroot/etc/named.conf --> kalau ada hapus
Nama service : named
Tipe-tipe DNS
-------------
- Master DNS, mengelola domain, file konfigurasi ada di komputer.
- Slave DNS, mengelola domain, file konfigurasi diambil dari master.
- Caching DNS, melakukan caching nama domain.
- Forwarding DNS, meneruskan ke DNS yang sebenarnya.
Konfigurasi Dasar DNS
-----------------------
Secara default sudah bisa digunakan ketika service Bind diaktifkan, tetapi
hanya untuk localhost.
# vim /etc/named.conf
-----------------------------------------------
options {
// IP yang digunakan untuk mendengarkan permintaan klien
// Ingat diakhiri dengan ";"
listen-on port 53 { 192.168.1.185; 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Komputer yang boleh melakukan query dari DNS server
// any, berarti semua diperbolehkan
allow-query { any; };
recursion yes;
// Untuk mempermudah konfigurasi maka DNS security bisa dimatikan
// dnssec-enable dan dnssec-validation diubah menjadi no
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
--------------------------------------------
# service named restart
# netstat -tanp | grep :53 --> Cek LISTEN
Konfigurasi Master DNS
----------------------
Ingin buat domain : dudi.oke
Memiliki sub domain : - blog.dudi.oke
- mail.dudi.oke
- forum.dudi.oke
# vim /etc/named.rfc1912.zones
Ke paling bawah
zone "dudi.oke" IN {
type master;
file "dudi.zone";
};
---------------------------------
# cd /var/named/chroot/var/named
# cp localhost.zone dudi.zone
# vim dudi.zone
-------------------------------------
$TTL 86400
$ORIGIN dudi.oke.
@ IN SOA ns.dudi.oke. root.dudi.oke. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns.dudi.oke.
IN A 192.168.1.229
IN MX 10 mail.dudi.oke.
ns IN A 192.168.1.229
mail IN A 192.168.1.229
blog IN A 192.168.1.229
forum IN A 192.168.1.229
www IN CNAME dudi.oke.
-------------------------------------
# chgrp named dudi.zone
# service named restart
# tail /var/log/messages --> apakah konfigurasi domain sudah diload ?
# dig dudi.oke @127.0.0.1 --> Pengujian domain
Membuat Top Level Domain
------------------------
Top Level domain yang dibuat ".oke"
# vim /etc/named.rfc1912.zones
Ke paling bawah
zone "nf" IN {
type master;
file "nf.zone";
};
---------------------------------
# cd /var/named/chroot/var/named
# cp localhost.zone nf.zone
# vim nf.zone
-------------------------------------
$TTL 86400
$ORIGIN nf.
nf. IN SOA ns.nf. root.oke. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
nf. IN NS ns.nf.
nf. IN A 192.168.1.123
ns.nf. IN A 192.168.1.123
melati.nf. IN NS ns.melati.nf.
ns.melati.nf. IN A 192.168.1.242
-------------------------------------
# chgrp named oke.zone
# service named restart
Siswa diminta mengubah /etc/resolv.conf ke server tld ".oke"
Konfigurasi Slave DNS
=====================
Slave DNS, mengambil konfigurasi dari master DNS secara periodik.
Dapat difungsikan sebagai backup DNS master.
Konfigurasi pada Slave
======================
# vim /etc/named.rfc1912.zones
zone "bunga.oke" IN {
type slave;
file "slaves/bunga.oke";
masters {192.168.5.96;};
};
# service named restart
Konfigurasi pada Master (bunga.oke)
=======================
# iptables -I INPUT 1 -p tcp --dport 53 -j ACCEPT
# vim /etc/named.rfc1912.zones
zone "bunga.oke" IN {
type master;
file "nuri.oke.zone";
allow-transfer {192.168.5.0/24;};
};
Konfigurasi DNS slave sebagai salah satu pengelola domain
# vim /var/named/bunga.oke.zone
$ORIGIN .
$TTL 86400 ; 1 day
bunga.oke IN SOA ns.bunga.oke. root.bunga.oke. (
220131123 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS ns.bunga.oke.
NS ns2.bunga.oke. ;--> IP DNS slave
A 192.168.5.96
MX 10 mail.bunga.oke.
ns2 A 192.168.5.13
ns A 192.168.5.96
# service named restart
Konfiguras ACL DNS
==================
Digunakan untuk memberikan hasil pencarian yang berbeda untuk pengaksesan dari klien DNS yang
berbeda jaringan. Misalnya untuk memberikan alamat IP privat untuk suatu domain kepada jaringan
LAN dan memberikan alamat IP publik untuk klien di internet.
Fungsi:
- Mengatasi Network Address Translation (NAT tidak bisa digunakan pada jaringan privat)
- Membuat website intranet (website untuk jaringan LAN saja)
# vim /etc/named.acl
acl internal { 192.168.0.0/16; 172.16.0.0/12; 10.0.0.0/8; };
acl eksternal { !192.168.0.0/16; !172.16.0.0/12; !10.0.0.0/8; any; };
# vim /etc/named.conf
//zone "." IN {
// type hint;
// file "named.ca";
//};
//include "/etc/named.rfc1912.zones";
include "/etc/named.acl";
view internal_resolver {
match-clients { internal;};
match-destinations { any; };
recursion yes;
include "/etc/named.internal.zone";
};
view external_resolver {
match-clients { eksternal;};
match-destinations { any; };
recursion yes;
include "/etc/named.eksternal.zone";
};
# cp /etc/named.rf1912.zone /etc/named.internal.zone
# cp /etc/named.rf1912.zone /etc/named.eksternal.zone
# vim /etc/named.internal.zone
zone "." IN {
type hint;
file "named.ca";
};
zone "ojolali.com" IN {
type master;
file ojolali.internal.zone;
};
# vim /etc/named.eksternal.zone
zone "." IN {
type hint;
file "named.ca";
};
zone "ojolali.com" IN {
type master;
file ojolali.eksternal.zone;
};
# vim /var/named/ojolali.internal.zone
$TTL 86400
$ORIGIN ojolali.com.
ojolali.com. IN SOA ns.ojolali.com. root.ojolali.com. (
42;
3H;
15M;
1W;
1D);
ojolali.com. IN NS ns.ojolali.com.
ojolali.com. IN A 192.168.56.10
ns.ojolali.com. IN A 192.168.56.10
ojolali.com. IN MX 10 mail.ojolali.com.
mail.ojolali.com. IN A 192.168.56.10
www.ojolali.com. IN CNAME ojolali.com.
# vim /var/named/ojolali.eksternal.zone
$TTL 86400
$ORIGIN ojolali.com.
ojolali.com. IN SOA ns.ojolali.com. root.ojolali.com. (
42;
3H;
15M;
1W;
1D);
ojolali.com. IN NS ns.ojolali.com.
ojolali.com. IN A 123.45.67.89
ns.ojolali.com. IN A 123.45.67.89
ojolali.com. IN MX 10 mail.ojolali.com.
mail.ojolali.com. IN A 123.45.67.89
www.ojolali.com. IN CNAME ojolali.com.
# chgrp named /var/named/ojolali.*
# chgrp named /etc/named.internal.zone
# chgrp named /etc/named.eksternal.zone
# service named restart
posted 28 November 2013
By Nazih bopas
DNS (Domain Name System)
------------------------
DNS digunakan untuk menerjemahkan nama domain/hostname menjadi IP address.
Untuk kemudahan dalam mengakses dan mudah diingat. Contoh nama domain:
www.nurulfikri.com
Hirarki DNS
-----------
. (root DNS)
|
---------------------------------------------------------------
| | | | | | | | |
.com .net .org .gov .tv .id .uk .sg .my top level
| | domain
| ------------------------
| | | | | |
yahoo .co .web .or .ac .sch second level
| | domain
-------------- |
| | | |
www mail groups lp3tnf
|
----------------
| | | |
www mail hmik pesantren
Kegunaan DNS:
- menerjemahkan nama domain menjadi IP address
- memetakan nama domain ke suatu IP address
- melakukan caching nama domain
- menentukan mail server
Bind
----
Instalasi :
yum install bind-utils bind-chroot bind caching-nameserver
File konfigurasi :
- /etc/named.caching-nameserver.conf --> konfigurasi utama
- /etc/named.rfc1912.zones --> Penentuan zone yang akan dikelola dan tipe DNS
- /var/named/chroot/var/named --> File-file konfigurasi setiap zone
---------------------------------------------------------------------------
- /etc/named.conf atau /var/named/chroot/etc/named.conf --> kalau ada hapus
Nama service : named
Tipe-tipe DNS
-------------
- Master DNS, mengelola domain, file konfigurasi ada di komputer.
- Slave DNS, mengelola domain, file konfigurasi diambil dari master.
- Caching DNS, melakukan caching nama domain.
- Forwarding DNS, meneruskan ke DNS yang sebenarnya.
Konfigurasi Dasar DNS
-----------------------
Secara default sudah bisa digunakan ketika service Bind diaktifkan, tetapi
hanya untuk localhost.
# vim /etc/named.conf
-----------------------------------------------
options {
// IP yang digunakan untuk mendengarkan permintaan klien
// Ingat diakhiri dengan ";"
listen-on port 53 { 192.168.1.185; 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Komputer yang boleh melakukan query dari DNS server
// any, berarti semua diperbolehkan
allow-query { any; };
recursion yes;
// Untuk mempermudah konfigurasi maka DNS security bisa dimatikan
// dnssec-enable dan dnssec-validation diubah menjadi no
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
--------------------------------------------
# service named restart
# netstat -tanp | grep :53 --> Cek LISTEN
Konfigurasi Master DNS
----------------------
Ingin buat domain : dudi.oke
Memiliki sub domain : - blog.dudi.oke
- mail.dudi.oke
- forum.dudi.oke
# vim /etc/named.rfc1912.zones
Ke paling bawah
zone "dudi.oke" IN {
type master;
file "dudi.zone";
};
---------------------------------
# cd /var/named/chroot/var/named
# cp localhost.zone dudi.zone
# vim dudi.zone
-------------------------------------
$TTL 86400
$ORIGIN dudi.oke.
@ IN SOA ns.dudi.oke. root.dudi.oke. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns.dudi.oke.
IN A 192.168.1.229
IN MX 10 mail.dudi.oke.
ns IN A 192.168.1.229
mail IN A 192.168.1.229
blog IN A 192.168.1.229
forum IN A 192.168.1.229
www IN CNAME dudi.oke.
-------------------------------------
# chgrp named dudi.zone
# service named restart
# tail /var/log/messages --> apakah konfigurasi domain sudah diload ?
# dig dudi.oke @127.0.0.1 --> Pengujian domain
Membuat Top Level Domain
------------------------
Top Level domain yang dibuat ".oke"
# vim /etc/named.rfc1912.zones
Ke paling bawah
zone "nf" IN {
type master;
file "nf.zone";
};
---------------------------------
# cd /var/named/chroot/var/named
# cp localhost.zone nf.zone
# vim nf.zone
-------------------------------------
$TTL 86400
$ORIGIN nf.
nf. IN SOA ns.nf. root.oke. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
nf. IN NS ns.nf.
nf. IN A 192.168.1.123
ns.nf. IN A 192.168.1.123
melati.nf. IN NS ns.melati.nf.
ns.melati.nf. IN A 192.168.1.242
-------------------------------------
# chgrp named oke.zone
# service named restart
Siswa diminta mengubah /etc/resolv.conf ke server tld ".oke"
Konfigurasi Slave DNS
=====================
Slave DNS, mengambil konfigurasi dari master DNS secara periodik.
Dapat difungsikan sebagai backup DNS master.
Konfigurasi pada Slave
======================
# vim /etc/named.rfc1912.zones
zone "bunga.oke" IN {
type slave;
file "slaves/bunga.oke";
masters {192.168.5.96;};
};
# service named restart
Konfigurasi pada Master (bunga.oke)
=======================
# iptables -I INPUT 1 -p tcp --dport 53 -j ACCEPT
# vim /etc/named.rfc1912.zones
zone "bunga.oke" IN {
type master;
file "nuri.oke.zone";
allow-transfer {192.168.5.0/24;};
};
Konfigurasi DNS slave sebagai salah satu pengelola domain
# vim /var/named/bunga.oke.zone
$ORIGIN .
$TTL 86400 ; 1 day
bunga.oke IN SOA ns.bunga.oke. root.bunga.oke. (
220131123 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS ns.bunga.oke.
NS ns2.bunga.oke. ;--> IP DNS slave
A 192.168.5.96
MX 10 mail.bunga.oke.
ns2 A 192.168.5.13
ns A 192.168.5.96
# service named restart
Konfiguras ACL DNS
==================
Digunakan untuk memberikan hasil pencarian yang berbeda untuk pengaksesan dari klien DNS yang
berbeda jaringan. Misalnya untuk memberikan alamat IP privat untuk suatu domain kepada jaringan
LAN dan memberikan alamat IP publik untuk klien di internet.
Fungsi:
- Mengatasi Network Address Translation (NAT tidak bisa digunakan pada jaringan privat)
- Membuat website intranet (website untuk jaringan LAN saja)
# vim /etc/named.acl
acl internal { 192.168.0.0/16; 172.16.0.0/12; 10.0.0.0/8; };
acl eksternal { !192.168.0.0/16; !172.16.0.0/12; !10.0.0.0/8; any; };
# vim /etc/named.conf
//zone "." IN {
// type hint;
// file "named.ca";
//};
//include "/etc/named.rfc1912.zones";
include "/etc/named.acl";
view internal_resolver {
match-clients { internal;};
match-destinations { any; };
recursion yes;
include "/etc/named.internal.zone";
};
view external_resolver {
match-clients { eksternal;};
match-destinations { any; };
recursion yes;
include "/etc/named.eksternal.zone";
};
# cp /etc/named.rf1912.zone /etc/named.internal.zone
# cp /etc/named.rf1912.zone /etc/named.eksternal.zone
# vim /etc/named.internal.zone
zone "." IN {
type hint;
file "named.ca";
};
zone "ojolali.com" IN {
type master;
file ojolali.internal.zone;
};
# vim /etc/named.eksternal.zone
zone "." IN {
type hint;
file "named.ca";
};
zone "ojolali.com" IN {
type master;
file ojolali.eksternal.zone;
};
# vim /var/named/ojolali.internal.zone
$TTL 86400
$ORIGIN ojolali.com.
ojolali.com. IN SOA ns.ojolali.com. root.ojolali.com. (
42;
3H;
15M;
1W;
1D);
ojolali.com. IN NS ns.ojolali.com.
ojolali.com. IN A 192.168.56.10
ns.ojolali.com. IN A 192.168.56.10
ojolali.com. IN MX 10 mail.ojolali.com.
mail.ojolali.com. IN A 192.168.56.10
www.ojolali.com. IN CNAME ojolali.com.
# vim /var/named/ojolali.eksternal.zone
$TTL 86400
$ORIGIN ojolali.com.
ojolali.com. IN SOA ns.ojolali.com. root.ojolali.com. (
42;
3H;
15M;
1W;
1D);
ojolali.com. IN NS ns.ojolali.com.
ojolali.com. IN A 123.45.67.89
ns.ojolali.com. IN A 123.45.67.89
ojolali.com. IN MX 10 mail.ojolali.com.
mail.ojolali.com. IN A 123.45.67.89
www.ojolali.com. IN CNAME ojolali.com.
# chgrp named /var/named/ojolali.*
# chgrp named /etc/named.internal.zone
# chgrp named /etc/named.eksternal.zone
# service named restart
