DHCP dan DNS
-
Ini Om, settingannya :
pkg_add -rv http://dl2.foss-id.web.id/freebsd/ports/i386/packages-7.2-release/dns/bind96-9.6.0.1.tbz
/etc/resolv.conf
domain taqwa.local nameserver 127.0.0.1 nameserver 202.134.1.10/var/named/master/taqwa.local
$TTL 3600 taqwa.local. IN SOA ns2.taqwa.local. root.taqwa.local. ( 1 ; Serial 10800 ; Refresh 3600 ; Retry 604800 ; Expire 86400 ) ;Minimum TTL ; DNS Servers taqwa.local. IN NS ns2.taqwa.local. ; Computer names and records ns2.taqwa.local. IN A 192.168.254.254 ; Aliases www IN CNAME ns2.taqwa.local. ; Mail MX Records taqwa.local. IN MX 10 ns2.taqwa.local./var/named/master/taqwa.local.rev
$TTL 3600 254.168.192.in-addr.arpa. IN SOA ns2.taqwa.local. root.taqwa.local. ( 1 ; Serial 10800 ; Refresh 3600 ; Retry 604800 ; Expire 86400) ; Minimum TTL ; DNS Servers 254.168.192.in-addr.arpa. IN NS ns2.taqwa.local. ; Computer IPs 100 IN PTR ns2.taqwa.local. 100 IN PTR www.taqwa.local./usr/local/sbin/rndc-confgen -a
wrote key file "/usr/local/etc/rndc.key"
find / | grep rndc.key
/usr/local/etc/rndc.key
cat /usr/local/etc/rndc.key >> named.conf
/var/named/named.conf
forwarders { 127.0.0.1; }; zone "taqwa.local" { type master; file "master/taqwa.local"; allow-transfer { localhost; }; allow-update { key rndc-key }; }; zone "0.0.127.in-addr.arpa" { type master; file "master/taqwa.local.rev"; allow-transfer { localhost; }; allow-update { key rndc-key }; }; key "rndc-key" { algorithm hmac-md5; secret "JtU+O0PpufgIhsWdA3tSQA=="; };reboot PF….........
**# sockstat -4l | grep -i 53
nobody dnsmasq 480 3 udp4 :53 :
nobody dnsmasq 480 4 tcp4 :53 :??? ???
-
buat file
/usr/local/etc/dnsmasq.conf
port=54 # increase DNS cache size # cache-size=10000 expand-hosts # Resolve(generated from WAN DHCP) resolv-file=/etc/resolv.conf # # Extra : Blackhole DNS adresses. (NO blackholeDNS, comment next line) # conf-file=/etc/blackhole.conf # #server=208.67.222.222 #server=208.67.220.220 # include another configuration #conf-file=/etc/dnsmasq-adblock.confrestart dnsmasq dan jalankan bind
named -4
trus cek dg sockstat lagiutk tahap pertama : config named sebagai cache dahulu, untuk zone domain belakangan saja.
ini contoh named.conf hanya utk cache
acl "localnet" {192.168.0.0/16;10.0.0.0/8; localhost;}; options { // Relative to the chroot directory, if any directory "/etc/namedb"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; allow-recursion { any; }; //allow-query { any; }; //allow-query-cache { any; }; allow-query { localnet; }; allow-query-cache { localnet; }; minimal-responses yes; datasize 196M; max-cache-size 128M; listen-on { any;}; //listen-on { 127.0.0.1; 192.168.2.1 }; forward first; //forward only; //forwader for block porn //forwarders {203.34.118.12; 203.34.118.10; }; //forwader ip dns spidol forwarders { ; 203.130.196.6; 202.134.2.5;}; }; logging {category lame-servers { null; }; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; zone "localhost" { type master; file "master/localhost-forward.db"; }; zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; }; zone "." { type hint; file "named.root"; }; //include "master/hikmah-teknologi.zone"; //zone block //include "master/zoneblock.zone"; key "rndc-key" { algorithm hmac-md5; secret "Kht7CoEd89/kbjno/KPFkA=="; }; -
buat file
/usr/local/etc/dnsmasq.conf
port=54 # increase DNS cache size # cache-size=10000 expand-hosts # Resolve(generated from WAN DHCP) resolv-file=/etc/resolv.conf # # Extra : Blackhole DNS adresses. (NO blackholeDNS, comment next line) # conf-file=/etc/blackhole.conf # #server=208.67.222.222 #server=208.67.220.220 # include another configuration #conf-file=/etc/dnsmasq-adblock.confrestart dnsmasq dan jalankan bind
named -4
trus cek dg sockstat lagisetelah restartdnsmasq lewat Web GUI…
terus...**# usr/local/sbin/named
usr/local/sbin/named -4
sockstat -4 -l |grep -i 53
#**
kosong Om g' da yang jalan…..........
-
berarti tinggal named nya
coba di log messages nyatail -f /var/log/messages ada yang aneh enggak
config named.conf gunakan yg seperti contoh yang aku kasih
taruh di /var/named/etc/namedb/named.conf
cek dengan sockstat dan ps -ax
# sockstat -4 -l |grep -i 53
root named 66164 20 tcp4 192.168.1.12:53 :
root named 66164 21 tcp4 127.0.0.1:53 :
root named 66164 22 tcp4 127.0.0.1:953 :
root named 66164 512udp4 192.168.1.12:53 :
root named 66164 513udp4 127.0.0.1:53 :#ps -ax |grep named
66164 ?? Is 0:00.04 named -4#tail -f /var/log/messages
Nov 19 16:48:12 freebsd named[66164]: starting BIND 9.4.3-P2 -4
Nov 19 16:48:12 freebsd named[66164]: command channel listening on 127.0.0.1#953
Nov 19 16:48:12 freebsd named[66164]: running -
zone "localhost" {
type master;
file "master/localhost-forward.db";
};zone "127.in-addr.arpa" {
type master;
file "master/localhost-reverse.db";
};Isinya yg tebal OM?
-
isinya ada di directory master (by default)
/var/named/etc/namedb/master
http://src.gnu-darwin.org/src/etc/namedb/master/
-
named-checkconf
/usr/local/etc/named.conf:32: unknown option 'controls'
/usr/local/etc/named.conf:37: unknown option 'zone'
/usr/local/etc/named.conf:42: unknown option 'zone'
/usr/local/etc/named.conf:47: unknown option 'zone'
/usr/local/etc/named.conf:57: unknown option 'key'
/usr/local/etc/named.conf:61: '}' expected near end of file -
coba paste kesini :
/usr/local/etc/named.conf -
ip server 192.168.254.254
hostname ns2.taqwa.local/usr/local/etc/named.conf
acl "localnet" {192.168.0.0/16;10.0.0.0/8; localhost;};
options {
// Relative to the chroot directory, if any
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
allow-recursion { any; };
//allow-query { any; };
//allow-query-cache { any; };
allow-query { localnet; };
allow-query-cache { localnet; };
minimal-responses yes;
datasize 196M;
max-cache-size 128M;
listen-on { any;};
//listen-on { 127.0.0.1; 192.168.2.1 };forward first;
//forward only;//forwader for block porn
//forwarders {203.34.118.12; 203.34.118.10; };//forwader ip dns spidol
forwarders { 203.130.196.155; 202.134.1.10;};
//logging {category name-servers { null; }; };
controls { inet 127.0.0.1 port 953
allow { 127.0.0.1; };
keys { "rndc-key"; };
};zone "localhost" {
type master;
file "master/localhost-forward.db";
};zone "127.in-addr.arpa" {
type master;
file "master/localhost-reverse.db";
};zone "." {
type hint;
file "named.root";
};//include "master/hikmah-teknologi.zone";
//zone block
//include "master/zoneblock.zone";key "rndc-key" {
algorithm hmac-md5;
secret "JtU+O0PpufgIhsWdA3tSQA==";
}; -
ip server 192.168.254.254
hostname ns2.taqwa.local/usr/local/etc/named.conf
acl "localnet" {192.168.0.0/16;10.0.0.0/8; localhost;};
options {
// Relative to the chroot directory, if any
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
allow-recursion { any; };
//allow-query { any; };
//allow-query-cache { any; };
allow-query { localnet; };
allow-query-cache { localnet; };
minimal-responses yes;
datasize 196M;
max-cache-size 128M;
listen-on { any;};
//listen-on { 127.0.0.1; 192.168.2.1 };forward first;
//forward only;//forwader for block porn
//forwarders {203.34.118.12; 203.34.118.10; };//forwader ip dns spidol
forwarders { 203.130.196.155; 202.134.1.10;};
//logging {category name-servers { null; }; };
controls { inet 127.0.0.1 port 953
allow { 127.0.0.1; };
keys { "rndc-key"; };
};zone "localhost" {
type master;
file "master/localhost-forward.db";
};zone "127.in-addr.arpa" {
type master;
file "master/localhost-reverse.db";
};zone "." {
type hint;
file "named.root";
};//include "master/hikmah-teknologi.zone";
//zone block
//include "master/zoneblock.zone";key "rndc-key" {
algorithm hmac-md5;
secret "JtU+O0PpufgIhsWdA3tSQA==";
sesuikan dengan ker yang baru
};keynya di sesuaikan
cat /usr/local/etc/rndc.key >> named.conf
btw default directorynya ke /usr/local/etc ???
sedangkan option diatas directory "/etc/namedb";config yang di gunakan named.conf yang mana ?
-
-
ok, tapi di optionya di sesuaikan dengan hasil dari /usr/local/sbin/named-checkconf
defaultnya bind mengunakan bind chroot utk security, terutama ddos, directorynya ada di /var/named/etc/namedb/usr/local/sbin/named-checkconf
/usr/local/etc/named.conf:61: '}' expected near end of file
kayanya ada yang kelewat untuk nutup }; di bagian option
itu terjadi karena option
logging {category name-servers { null; }; };
di kasih //kalau gak mau di pake, tambahkan }; di bawahnya itu
jadinya
//logging {category name-servers { null; }; };
};yang bener itu lame-server seperti dalam contoh saya, bukan name-server, kenapa di rubah ???
logging {category lame-servers { null; }; };
kalau itu di kasih //
berarti kamu mau melog dns, dan ini menurut saya log itu gak penting banget, bikin beban walopun sedikit_lame-servers Lame servers. Mis-configuration in the delegation of domains discovered by BIND 9 when trying to authoritative answers. If the volume of these messages is high many users elect to send them to the null channel e.g. category lame-servers {null;}; statement.
null 'null' writes to /dev/null - the bit bucket, nowhere. It does not produce a log. From the grammar above 'file', 'syslog', 'stderr' and 'null' are mutually exclusive for a 'channel'._
http://www.zytrax.com/books/dns/ch7/logging.html
-
Siiiip, tapi file ini g' ada :
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats"waduh… tambah parah...
-
ganti saja /var/run/named.id
yang ini di //
//dump-file "/var/dump/named_dump.db";
//statistics-file "/var/stats/named.stats"