DHCP dan DNS
-
buat file
/usr/local/etc/dnsmasq.conf
port=54 # increase DNS cache size # cache-size=10000 expand-hosts # Resolve(generated from WAN DHCP) resolv-file=/etc/resolv.conf # # Extra : Blackhole DNS adresses. (NO blackholeDNS, comment next line) # conf-file=/etc/blackhole.conf # #server=208.67.222.222 #server=208.67.220.220 # include another configuration #conf-file=/etc/dnsmasq-adblock.conf
restart dnsmasq dan jalankan bind
named -4
trus cek dg sockstat lagisetelah restartdnsmasq lewat Web GUI…
terus...**# usr/local/sbin/named
usr/local/sbin/named -4
sockstat -4 -l |grep -i 53
#**
kosong Om g' da yang jalan…..........
-
berarti tinggal named nya
coba di log messages nyatail -f /var/log/messages ada yang aneh enggak
config named.conf gunakan yg seperti contoh yang aku kasih
taruh di /var/named/etc/namedb/named.conf
cek dengan sockstat dan ps -ax
# sockstat -4 -l |grep -i 53
root named 66164 20 tcp4 192.168.1.12:53 :
root named 66164 21 tcp4 127.0.0.1:53 :
root named 66164 22 tcp4 127.0.0.1:953 :
root named 66164 512udp4 192.168.1.12:53 :
root named 66164 513udp4 127.0.0.1:53 :#ps -ax |grep named
66164 ?? Is 0:00.04 named -4#tail -f /var/log/messages
Nov 19 16:48:12 freebsd named[66164]: starting BIND 9.4.3-P2 -4
Nov 19 16:48:12 freebsd named[66164]: command channel listening on 127.0.0.1#953
Nov 19 16:48:12 freebsd named[66164]: running -
zone "localhost" {
type master;
file "master/localhost-forward.db";
};zone "127.in-addr.arpa" {
type master;
file "master/localhost-reverse.db";
};Isinya yg tebal OM?
-
isinya ada di directory master (by default)
/var/named/etc/namedb/master
http://src.gnu-darwin.org/src/etc/namedb/master/
-
named-checkconf
/usr/local/etc/named.conf:32: unknown option 'controls'
/usr/local/etc/named.conf:37: unknown option 'zone'
/usr/local/etc/named.conf:42: unknown option 'zone'
/usr/local/etc/named.conf:47: unknown option 'zone'
/usr/local/etc/named.conf:57: unknown option 'key'
/usr/local/etc/named.conf:61: '}' expected near end of file -
coba paste kesini :
/usr/local/etc/named.conf -
ip server 192.168.254.254
hostname ns2.taqwa.local/usr/local/etc/named.conf
acl "localnet" {192.168.0.0/16;10.0.0.0/8; localhost;};
options {
// Relative to the chroot directory, if any
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
allow-recursion { any; };
//allow-query { any; };
//allow-query-cache { any; };
allow-query { localnet; };
allow-query-cache { localnet; };
minimal-responses yes;
datasize 196M;
max-cache-size 128M;
listen-on { any;};
//listen-on { 127.0.0.1; 192.168.2.1 };forward first;
//forward only;//forwader for block porn
//forwarders {203.34.118.12; 203.34.118.10; };//forwader ip dns spidol
forwarders { 203.130.196.155; 202.134.1.10;};
//logging {category name-servers { null; }; };
controls { inet 127.0.0.1 port 953
allow { 127.0.0.1; };
keys { "rndc-key"; };
};zone "localhost" {
type master;
file "master/localhost-forward.db";
};zone "127.in-addr.arpa" {
type master;
file "master/localhost-reverse.db";
};zone "." {
type hint;
file "named.root";
};//include "master/hikmah-teknologi.zone";
//zone block
//include "master/zoneblock.zone";key "rndc-key" {
algorithm hmac-md5;
secret "JtU+O0PpufgIhsWdA3tSQA==";
}; -
ip server 192.168.254.254
hostname ns2.taqwa.local/usr/local/etc/named.conf
acl "localnet" {192.168.0.0/16;10.0.0.0/8; localhost;};
options {
// Relative to the chroot directory, if any
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
allow-recursion { any; };
//allow-query { any; };
//allow-query-cache { any; };
allow-query { localnet; };
allow-query-cache { localnet; };
minimal-responses yes;
datasize 196M;
max-cache-size 128M;
listen-on { any;};
//listen-on { 127.0.0.1; 192.168.2.1 };forward first;
//forward only;//forwader for block porn
//forwarders {203.34.118.12; 203.34.118.10; };//forwader ip dns spidol
forwarders { 203.130.196.155; 202.134.1.10;};
//logging {category name-servers { null; }; };
controls { inet 127.0.0.1 port 953
allow { 127.0.0.1; };
keys { "rndc-key"; };
};zone "localhost" {
type master;
file "master/localhost-forward.db";
};zone "127.in-addr.arpa" {
type master;
file "master/localhost-reverse.db";
};zone "." {
type hint;
file "named.root";
};//include "master/hikmah-teknologi.zone";
//zone block
//include "master/zoneblock.zone";key "rndc-key" {
algorithm hmac-md5;
secret "JtU+O0PpufgIhsWdA3tSQA==";
sesuikan dengan ker yang baru
};keynya di sesuaikan
cat /usr/local/etc/rndc.key >> named.conf
btw default directorynya ke /usr/local/etc ???
sedangkan option diatas directory "/etc/namedb";config yang di gunakan named.conf yang mana ?
-
-
ok, tapi di optionya di sesuaikan dengan hasil dari /usr/local/sbin/named-checkconf
defaultnya bind mengunakan bind chroot utk security, terutama ddos, directorynya ada di /var/named/etc/namedb/usr/local/sbin/named-checkconf
/usr/local/etc/named.conf:61: '}' expected near end of file
kayanya ada yang kelewat untuk nutup }; di bagian option
itu terjadi karena option
logging {category name-servers { null; }; };
di kasih //kalau gak mau di pake, tambahkan }; di bawahnya itu
jadinya
//logging {category name-servers { null; }; };
};yang bener itu lame-server seperti dalam contoh saya, bukan name-server, kenapa di rubah ???
logging {category lame-servers { null; }; };
kalau itu di kasih //
berarti kamu mau melog dns, dan ini menurut saya log itu gak penting banget, bikin beban walopun sedikit_lame-servers Lame servers. Mis-configuration in the delegation of domains discovered by BIND 9 when trying to authoritative answers. If the volume of these messages is high many users elect to send them to the null channel e.g. category lame-servers {null;}; statement.
null 'null' writes to /dev/null - the bit bucket, nowhere. It does not produce a log. From the grammar above 'file', 'syslog', 'stderr' and 'null' are mutually exclusive for a 'channel'._
http://www.zytrax.com/books/dns/ch7/logging.html
-
Siiiip, tapi file ini g' ada :
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats"waduh… tambah parah...
-
ganti saja /var/run/named.id
yang ini di //
//dump-file "/var/dump/named_dump.db";
//statistics-file "/var/stats/named.stats"