DHCP dan DNS

ipoelnet

@grage95:

buat file

/usr/local/etc/dnsmasq.conf

port=54
# increase DNS cache size
# cache-size=10000

expand-hosts 

# Resolve(generated from WAN DHCP)
resolv-file=/etc/resolv.conf
#
# Extra : Blackhole DNS adresses. (NO blackholeDNS, comment next line)
# conf-file=/etc/blackhole.conf
#
#server=208.67.222.222
#server=208.67.220.220
# include another configuration
#conf-file=/etc/dnsmasq-adblock.conf

restart dnsmasq dan jalankan bind

named -4
trus cek dg  sockstat lagi

setelah restartdnsmasq lewat Web GUI…
terus...

**# usr/local/sbin/named

usr/local/sbin/named -4

sockstat -4 -l |grep -i 53

#**

kosong Om g' da yang jalan…..........

grage95

berarti tinggal named nya
coba di log messages nya

tail -f /var/log/messages ada yang aneh enggak

config named.conf gunakan yg seperti contoh yang aku kasih

taruh di /var/named/etc/namedb/named.conf

cek dengan sockstat dan ps -ax

# sockstat -4 -l |grep -i 53
root     named      66164 20 tcp4   192.168.1.12:53       :
root     named      66164 21 tcp4   127.0.0.1:53          :
root     named      66164 22 tcp4   127.0.0.1:953         :
root     named      66164 512udp4   192.168.1.12:53       :
root     named      66164 513udp4   127.0.0.1:53          :

#ps -ax |grep named
66164  ??  Is     0:00.04 named -4

#tail -f /var/log/messages
Nov 19 16:48:12 freebsd named[66164]: starting BIND 9.4.3-P2 -4
Nov 19 16:48:12 freebsd named[66164]: command channel listening on 127.0.0.1#953
Nov 19 16:48:12 freebsd named[66164]: running

ipoelnet

zone    "localhost" {
        type master;
        file "master/localhost-forward.db";
};

zone    "127.in-addr.arpa" {
        type master;
        file "master/localhost-reverse.db";
};

Isinya yg tebal OM?

grage95

isinya ada di directory master (by default)

/var/named/etc/namedb/master

http://src.gnu-darwin.org/src/etc/namedb/master/

ipoelnet

named-checkconf

/usr/local/etc/named.conf:32: unknown option 'controls'
/usr/local/etc/named.conf:37: unknown option 'zone'
/usr/local/etc/named.conf:42: unknown option 'zone'
/usr/local/etc/named.conf:47: unknown option 'zone'
/usr/local/etc/named.conf:57: unknown option 'key'
/usr/local/etc/named.conf:61: '}' expected near end of file

grage95

coba paste kesini :
/usr/local/etc/named.conf

ipoelnet

ip server 192.168.254.254
hostname ns2.taqwa.local

/usr/local/etc/named.conf

acl "localnet" {192.168.0.0/16;10.0.0.0/8; localhost;};

options {
       // Relative to the chroot directory, if any
       directory       "/etc/namedb";
       pid-file        "/var/run/named/pid";
       dump-file       "/var/dump/named_dump.db";
       statistics-file "/var/stats/named.stats";
       allow-recursion { any; };
     //allow-query     { any; };
     //allow-query-cache  { any; };
       allow-query     { localnet; };
       allow-query-cache  { localnet; };
       minimal-responses       yes;
       datasize 196M;
       max-cache-size 128M;
       listen-on     { any;};
       //listen-on     { 127.0.0.1; 192.168.2.1 };

forward first;
//forward only;

//forwader for block porn
//forwarders {203.34.118.12; 203.34.118.10; };

//forwader ip dns spidol

forwarders { 203.130.196.155; 202.134.1.10;};

//logging {category name-servers { null; }; };

controls { inet 127.0.0.1 port 953
allow { 127.0.0.1; };
keys { "rndc-key"; };
};

zone    "localhost" {
       type master;
       file "master/localhost-forward.db";
};

zone    "127.in-addr.arpa" {
       type master;
       file "master/localhost-reverse.db";
};

zone    "." {
       type hint;
       file "named.root";
};

//include "master/hikmah-teknologi.zone";

//zone block
//include "master/zoneblock.zone";

key "rndc-key" {
algorithm hmac-md5;
secret "JtU+O0PpufgIhsWdA3tSQA==";
};

grage95

@ipoelnet:

ip server 192.168.254.254
hostname ns2.taqwa.local

/usr/local/etc/named.conf

acl "localnet" {192.168.0.0/16;10.0.0.0/8; localhost;};

options {
       // Relative to the chroot directory, if any
       directory       "/etc/namedb";
       pid-file        "/var/run/named/pid";
       dump-file       "/var/dump/named_dump.db";
       statistics-file "/var/stats/named.stats";
       allow-recursion { any; };
     //allow-query     { any; };
     //allow-query-cache  { any; };
       allow-query     { localnet; };
       allow-query-cache  { localnet; };
       minimal-responses       yes;
       datasize 196M;
       max-cache-size 128M;
       listen-on     { any;};
       //listen-on     { 127.0.0.1; 192.168.2.1 };

forward first;
//forward only;

//forwader for block porn
//forwarders {203.34.118.12; 203.34.118.10; };

//forwader ip dns spidol

forwarders { 203.130.196.155; 202.134.1.10;};

//logging {category name-servers { null; }; };

controls { inet 127.0.0.1 port 953
allow { 127.0.0.1; };
keys { "rndc-key"; };
};

zone    "localhost" {
       type master;
       file "master/localhost-forward.db";
};

zone    "127.in-addr.arpa" {
       type master;
       file "master/localhost-reverse.db";
};

zone    "." {
       type hint;
       file "named.root";
};

//include "master/hikmah-teknologi.zone";

//zone block
//include "master/zoneblock.zone";

key "rndc-key" {
algorithm hmac-md5;
secret "JtU+O0PpufgIhsWdA3tSQA==";
sesuikan dengan ker yang baru
};

keynya di sesuaikan

cat /usr/local/etc/rndc.key >> named.conf

btw default directorynya ke /usr/local/etc ???
sedangkan option  diatas directory      "/etc/namedb";

config yang di gunakan named.conf yang mana ?

ipoelnet

/usr/local/etc/named.conf sebab jika di cek dengan # /usr/local/sbin/named-checkconf arahnya kesitu Om errornya, jadi named.conf dan master q ganti disitu untuk key udah q generate om. tapi tetep errornya spt itu.

/usr/local/sbin/named -4

ps -ax | grep named

6249  p0  S+    0:00.00 grep named

grage95

ok, tapi di optionya di sesuaikan dengan hasil dari /usr/local/sbin/named-checkconf
defaultnya bind  mengunakan bind chroot utk security, terutama ddos, directorynya ada di /var/named/etc/namedb

/usr/local/sbin/named-checkconf

/usr/local/etc/named.conf:61: '}' expected near end of file

kayanya ada yang kelewat untuk nutup }; di bagian option

itu terjadi  karena option
logging {category name-servers { null; }; };
di kasih //

kalau gak mau di pake, tambahkan }; di bawahnya itu
jadinya
//logging {category name-servers { null; }; };
};

yang bener itu lame-server seperti dalam contoh saya, bukan name-server, kenapa di rubah ???

logging {category lame-servers { null; }; };

kalau itu di kasih //
berarti kamu mau melog dns, dan ini menurut saya log itu gak penting banget, bikin beban walopun sedikit

_lame-servers Lame servers. Mis-configuration in the delegation of domains discovered by BIND 9 when trying to authoritative answers. If the volume of these messages is high many users elect to send them to the null channel e.g. category lame-servers {null;}; statement.

null 'null' writes to /dev/null - the bit bucket, nowhere. It does not produce a log. From the grammar above 'file', 'syslog', 'stderr' and 'null' are mutually exclusive for a 'channel'._

http://www.zytrax.com/books/dns/ch7/logging.html

ipoelnet

Siiiip, tapi file ini g' ada :

pid-file        "/var/run/named/pid";
        dump-file      "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats"

waduh… tambah parah...

grage95

ganti saja /var/run/named.id

yang ini di //
//dump-file      "/var/dump/named_dump.db";
//statistics-file "/var/stats/named.stats"