DNS singkatan dari Domain Name System yang merupakan sebuah sistem untuk menyimpan informasi tentang nama host maupun nama domain dalam bentuk basis data tersebar (distributed database) di dalam jaringan komputer, misalkan: Internet. DNS menyediakan alamat IP untuk setiap nama host dan mendata setiap server transmisi surat (mail exchange server) yang menerima surat elektronik (email) untuk setiap domain.
Install DNS Server
Dalam skenario ini, saya akan membuat 1 DNS Server yang dimana akan menjadi sebagai Primary DNS.
Primary (Master) DNS Server Details:
Operating System : CentOS 7 Server Hostname : masterdns.vandee.local IP Address : 192.168.1.101/24
Setup Primary (Master) DNS Server
Install paket Bind9 di server.
# yum install bind bind-utils -y
1. Konfigurasi DNS Server
Edit “/etc/named.conf” file.
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.0.220;}; ### Set Master DNS IP ### # listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.0.220/24;}; ### IP Range ### /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "vandee.local" IN { type master; file "forward.vandee"; #Isi terserah keinginan anda untuk nama file ini# allow-update { none; }; }; zone "0.168.192.in-addr.arpa" IN { type master; file "reverse.vandee"; #Isi terserah keinginan anda untuk nama file ini# allow-update { none; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
2. Buat Zone Files
Buat file reverse dan forward zone yang akan dipanggil dalam file “/etc/named.conf”
2.1 Buat File Forward Zone
Buat file forward.vandee di dalam direktori “/var/named”
# nano /var/named/forward.vandee
Isikan script dibawah ini.
$TTL 86400 @ IN SOA masterdns.vandee.local. root.vandee.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.vandee.local. @ IN A 192.168.0.220 masterdns IN A 192.168.0.220
2.2 Buat File Reverse Zone
Buat file reverse.vandee di dalam direktori “/var/named”
# nano /var/named/forward.vandee
Isikan script dibawah ini.
$TTL 86400 @ IN SOA masterdns.vandee.local. root.vandee.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.vandee.local. @ IN PTR vandee.local. masterdns IN A 192.168.0.220 101 IN PTR masterdns.vandee.local.
3. Start DNS Service
Enable dan Start DNS Servive
# systemctl enable named # systemctl start named
4. Konfigurasi Firewall
Kita harus allow port default dari DNS Server yaitu port 53
# firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp
5. Restart Firewall
firewall-cmd --reload
6. Konfigurasi Permissions, Ownership, dan SELinux
Jalankan script dibawah ini satu-satu.
# chgrp named -R /var/named # chown -v root:named /etc/named.conf # restorecon -rv /var/named # restorecon /etc/named.conf
7. Test DNS Konfigurasi dan Zone File
Cek file konfigurasi default DNS:
# named-checkconf /etc/named.conf
Jika tidak ada error, maka konfigurasi kamu berhasil
Cek Forward Zone:
# named-checkzone vandee.local /var/named/forward.vandee
Cek Reverse Zone:
# named-checkzone vandee.local /var/named/reverse.vandee
Tambahkan DNS yang sudah dibuat ke dalam config interface network
# nano /etc/sysconfig/network-scripts/ifcfg-enp0s3
Edit file “/etc/resolve.conf”:
# nano /etc/resolv.conf
Tambahkan nameserver dibawah ini;
# nameserver 192.168.0.220
Simpan dan tutup filenya.
Restart network service
# systemctl restart network
8. Test DNS Server
# dig masterdns.vandee.local
# nslookup vandee.local
Selamat anda telah berhasil konfigurasi DNS Server.