RSS

Setting DNS Server Di CentOS 7

06 Mar

dns

DNS singkatan dari Domain Name System yang merupakan sebuah sistem untuk menyimpan informasi tentang nama host maupun nama domain dalam bentuk basis data tersebar (distributed database) di dalam jaringan komputer, misalkan: Internet. DNS menyediakan alamat IP untuk setiap nama host dan mendata setiap server transmisi surat (mail exchange server) yang menerima surat elektronik (email) untuk setiap domain.

Install DNS Server

Dalam skenario ini, saya akan membuat 1 DNS Server yang dimana akan menjadi sebagai Primary DNS.

Primary (Master) DNS Server Details:

Operating System     : CentOS 7 Server
Hostname             : masterdns.vandee.local
IP Address           : 192.168.1.101/24

Setup Primary (Master) DNS Server

Install paket Bind9 di server.

# yum install bind bind-utils -y

1. Konfigurasi DNS Server

Edit “/etc/named.conf” file.

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; 192.168.0.220;}; ### Set Master DNS IP ###
#    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; 192.168.0.220/24;}; ### IP Range ###

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "vandee.local" IN {
type master;
file "forward.vandee";  #Isi terserah keinginan anda untuk nama file ini#
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "reverse.vandee"; #Isi terserah keinginan anda untuk nama file ini#
allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Buat Zone Files

Buat file reverse dan forward zone yang akan dipanggil dalam file “/etc/named.conf” 

2.1 Buat File Forward Zone

Buat file forward.vandee di dalam direktori “/var/named”

# nano /var/named/forward.vandee

Isikan script dibawah ini.

$TTL 86400
@   IN  SOA     masterdns.vandee.local. root.vandee.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@           IN  NS    masterdns.vandee.local.
@           IN  A     192.168.0.220
masterdns   IN  A     192.168.0.220

2.2 Buat File Reverse Zone

Buat file reverse.vandee di dalam direktori “/var/named”

# nano /var/named/forward.vandee

Isikan script dibawah ini.

$TTL 86400
@   IN  SOA     masterdns.vandee.local. root.vandee.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@            IN  NS          masterdns.vandee.local.
@            IN  PTR         vandee.local.
masterdns    IN  A           192.168.0.220
101          IN  PTR         masterdns.vandee.local.

3. Start DNS Service

Enable dan Start DNS Servive

# systemctl enable named
# systemctl start named

4. Konfigurasi Firewall

Kita harus allow port default dari DNS Server yaitu port 53

# firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp

5. Restart Firewall

firewall-cmd --reload

6. Konfigurasi Permissions, Ownership, dan SELinux

Jalankan script dibawah ini satu-satu.

# chgrp named -R /var/named
# chown -v root:named /etc/named.conf 
# restorecon -rv /var/named
# restorecon /etc/named.conf

7. Test DNS Konfigurasi dan Zone File

Cek file konfigurasi default DNS:

# named-checkconf /etc/named.conf

Jika tidak ada error, maka konfigurasi kamu berhasil

Cek Forward Zone:

# named-checkzone vandee.local /var/named/forward.vandee

forward_zone

 

 

 

Cek Reverse Zone:

# named-checkzone vandee.local /var/named/reverse.vandee

reverse_zone

 

 

 

Tambahkan DNS yang sudah dibuat ke dalam config interface network

# nano /etc/sysconfig/network-scripts/ifcfg-enp0s3

ip address

Edit file “/etc/resolve.conf”:

# nano /etc/resolv.conf

Tambahkan nameserver dibawah ini;

# nameserver      192.168.0.220

Simpan dan tutup filenya.

Restart network service

# systemctl restart network

8. Test DNS Server

# dig masterdns.vandee.local

dig dns

 

 

 

 

 

 

 

 

 

 

# nslookup vandee.local

nslookup_domain

 

 

 

 

 

Selamat anda telah berhasil konfigurasi DNS Server.

 
Tinggalkan komentar

Ditulis oleh pada Maret 6, 2020 inci CentOS, DNS, Instalasi

 

Tag: ,

Tinggalkan komentar