Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP dan DNS

    Scheduled Pinned Locked Moved Indonesian
    42 Posts 6 Posters 19.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ipoelnet
      last edited by

      @grage95:

      buat file

      /usr/local/etc/dnsmasq.conf

      
      port=54
      # increase DNS cache size
      # cache-size=10000
      
      expand-hosts 
      
      # Resolve(generated from WAN DHCP)
      resolv-file=/etc/resolv.conf
      #
      # Extra : Blackhole DNS adresses. (NO blackholeDNS, comment next line)
      # conf-file=/etc/blackhole.conf
      #
      #server=208.67.222.222
      #server=208.67.220.220
      # include another configuration
      #conf-file=/etc/dnsmasq-adblock.conf
      

      restart dnsmasq dan jalankan bind

      named -4
      trus cek dg  sockstat lagi

      setelah restartdnsmasq lewat Web GUI…
      terus...

      **# usr/local/sbin/named

      usr/local/sbin/named -4

      sockstat -4 -l |grep -i 53

      #**

      kosong Om g' da yang jalan…..........

      Iso cak, Asal sesuai aturan | Belajarlah seperti orang bodoh

      1 Reply Last reply Reply Quote 0
      • G
        grage95
        last edited by

        berarti tinggal named nya
        coba di log messages nya

        tail -f /var/log/messages ada yang aneh enggak

        config named.conf gunakan yg seperti contoh yang aku kasih

        taruh di /var/named/etc/namedb/named.conf

        cek dengan sockstat dan ps -ax

        # sockstat -4 -l |grep -i 53
        root     named      66164 20 tcp4   192.168.1.12:53       :
        root     named      66164 21 tcp4   127.0.0.1:53          :
        root     named      66164 22 tcp4   127.0.0.1:953         :
        root     named      66164 512udp4   192.168.1.12:53       :
        root     named      66164 513udp4   127.0.0.1:53          :

        #ps -ax |grep named
        66164  ??  Is     0:00.04 named -4

        #tail -f /var/log/messages
        Nov 19 16:48:12 freebsd named[66164]: starting BIND 9.4.3-P2 -4
        Nov 19 16:48:12 freebsd named[66164]: command channel listening on 127.0.0.1#953
        Nov 19 16:48:12 freebsd named[66164]: running

        1 Reply Last reply Reply Quote 0
        • I
          ipoelnet
          last edited by

          zone    "localhost" {
                  type master;
                  file "master/localhost-forward.db";
          };

          zone    "127.in-addr.arpa" {
                  type master;
                  file "master/localhost-reverse.db";
          };

          Isinya yg tebal OM?

          Iso cak, Asal sesuai aturan | Belajarlah seperti orang bodoh

          1 Reply Last reply Reply Quote 0
          • G
            grage95
            last edited by

            isinya ada di directory master (by default)

            /var/named/etc/namedb/master

            http://src.gnu-darwin.org/src/etc/namedb/master/

            1 Reply Last reply Reply Quote 0
            • I
              ipoelnet
              last edited by

              named-checkconf

              /usr/local/etc/named.conf:32: unknown option 'controls'
              /usr/local/etc/named.conf:37: unknown option 'zone'
              /usr/local/etc/named.conf:42: unknown option 'zone'
              /usr/local/etc/named.conf:47: unknown option 'zone'
              /usr/local/etc/named.conf:57: unknown option 'key'
              /usr/local/etc/named.conf:61: '}' expected near end of file

              Iso cak, Asal sesuai aturan | Belajarlah seperti orang bodoh

              1 Reply Last reply Reply Quote 0
              • G
                grage95
                last edited by

                coba paste kesini :
                /usr/local/etc/named.conf

                1 Reply Last reply Reply Quote 0
                • I
                  ipoelnet
                  last edited by

                  ip server 192.168.254.254
                  hostname ns2.taqwa.local

                  /usr/local/etc/named.conf

                  acl "localnet" {192.168.0.0/16;10.0.0.0/8; localhost;};

                  options {
                         // Relative to the chroot directory, if any
                         directory       "/etc/namedb";
                         pid-file        "/var/run/named/pid";
                         dump-file       "/var/dump/named_dump.db";
                         statistics-file "/var/stats/named.stats";
                         allow-recursion { any; };
                       //allow-query     { any; };
                       //allow-query-cache  { any; };
                         allow-query     { localnet; };
                         allow-query-cache  { localnet; };
                         minimal-responses       yes;
                         datasize 196M;
                         max-cache-size 128M;
                         listen-on     { any;};
                         //listen-on     { 127.0.0.1; 192.168.2.1 };

                  forward first;
                  //forward only;

                  //forwader for block porn
                  //forwarders {203.34.118.12; 203.34.118.10; };

                  //forwader ip dns spidol

                  forwarders { 203.130.196.155; 202.134.1.10;};

                  //logging {category name-servers { null; }; };

                  controls { inet 127.0.0.1 port 953
                  allow { 127.0.0.1; };
                  keys { "rndc-key"; };
                  };

                  zone    "localhost" {
                         type master;
                         file "master/localhost-forward.db";
                  };

                  zone    "127.in-addr.arpa" {
                         type master;
                         file "master/localhost-reverse.db";
                  };

                  zone    "." {
                         type hint;
                         file "named.root";
                  };

                  //include "master/hikmah-teknologi.zone";

                  //zone block
                  //include "master/zoneblock.zone";

                  key "rndc-key" {
                  algorithm hmac-md5;
                  secret "JtU+O0PpufgIhsWdA3tSQA==";
                  };

                  Iso cak, Asal sesuai aturan | Belajarlah seperti orang bodoh

                  1 Reply Last reply Reply Quote 0
                  • G
                    grage95
                    last edited by

                    @ipoelnet:

                    ip server 192.168.254.254
                    hostname ns2.taqwa.local

                    /usr/local/etc/named.conf

                    acl "localnet" {192.168.0.0/16;10.0.0.0/8; localhost;};

                    options {
                           // Relative to the chroot directory, if any
                           directory       "/etc/namedb";
                           pid-file        "/var/run/named/pid";
                           dump-file       "/var/dump/named_dump.db";
                           statistics-file "/var/stats/named.stats";
                           allow-recursion { any; };
                         //allow-query     { any; };
                         //allow-query-cache  { any; };
                           allow-query     { localnet; };
                           allow-query-cache  { localnet; };
                           minimal-responses       yes;
                           datasize 196M;
                           max-cache-size 128M;
                           listen-on     { any;};
                           //listen-on     { 127.0.0.1; 192.168.2.1 };

                    forward first;
                    //forward only;

                    //forwader for block porn
                    //forwarders {203.34.118.12; 203.34.118.10; };

                    //forwader ip dns spidol

                    forwarders { 203.130.196.155; 202.134.1.10;};

                    //logging {category name-servers { null; }; };

                    controls { inet 127.0.0.1 port 953
                    allow { 127.0.0.1; };
                    keys { "rndc-key"; };
                    };

                    zone    "localhost" {
                           type master;
                           file "master/localhost-forward.db";
                    };

                    zone    "127.in-addr.arpa" {
                           type master;
                           file "master/localhost-reverse.db";
                    };

                    zone    "." {
                           type hint;
                           file "named.root";
                    };

                    //include "master/hikmah-teknologi.zone";

                    //zone block
                    //include "master/zoneblock.zone";

                    key "rndc-key" {
                    algorithm hmac-md5;
                    secret "JtU+O0PpufgIhsWdA3tSQA==";

                    sesuikan dengan ker yang baru
                    };

                    keynya di sesuaikan

                    cat /usr/local/etc/rndc.key >> named.conf

                    btw default directorynya ke /usr/local/etc ???
                    sedangkan option  diatas directory      "/etc/namedb";

                    config yang di gunakan named.conf yang mana ?

                    1 Reply Last reply Reply Quote 0
                    • I
                      ipoelnet
                      last edited by

                      /usr/local/etc/named.conf sebab jika di cek dengan # /usr/local/sbin/named-checkconf arahnya kesitu Om errornya, jadi named.conf dan master q ganti disitu untuk key udah q generate om. tapi tetep errornya spt itu.

                      /usr/local/sbin/named -4

                      ps -ax | grep named

                      6249  p0  S+    0:00.00 grep named

                      Iso cak, Asal sesuai aturan | Belajarlah seperti orang bodoh

                      1 Reply Last reply Reply Quote 0
                      • G
                        grage95
                        last edited by

                        ok, tapi di optionya di sesuaikan dengan hasil dari /usr/local/sbin/named-checkconf
                        defaultnya bind  mengunakan bind chroot utk security, terutama ddos, directorynya ada di /var/named/etc/namedb

                        /usr/local/sbin/named-checkconf

                        /usr/local/etc/named.conf:61: '}' expected near end of file

                        kayanya ada yang kelewat untuk nutup }; di bagian option

                        itu terjadi  karena option
                        logging {category name-servers { null; }; };
                        di kasih //

                        kalau gak mau di pake, tambahkan }; di bawahnya itu
                        jadinya
                        //logging {category name-servers { null; }; };
                        };

                        yang bener itu lame-server seperti dalam contoh saya, bukan name-server, kenapa di rubah ???

                        logging {category lame-servers { null; }; };

                        kalau itu di kasih //
                        berarti kamu mau melog dns, dan ini menurut saya log itu gak penting banget, bikin beban walopun sedikit

                        _lame-servers Lame servers. Mis-configuration in the delegation of domains discovered by BIND 9 when trying to authoritative answers. If the volume of these messages is high many users elect to send them to the null channel e.g. category lame-servers {null;}; statement.

                        null 'null' writes to /dev/null - the bit bucket, nowhere. It does not produce a log. From the grammar above 'file', 'syslog', 'stderr' and 'null' are mutually exclusive for a 'channel'._

                        http://www.zytrax.com/books/dns/ch7/logging.html

                        1 Reply Last reply Reply Quote 0
                        • I
                          ipoelnet
                          last edited by

                          Siiiip, tapi file ini g' ada :

                          pid-file        "/var/run/named/pid";
                                  dump-file      "/var/dump/named_dump.db";
                                  statistics-file "/var/stats/named.stats"

                          waduh… tambah parah...

                          Iso cak, Asal sesuai aturan | Belajarlah seperti orang bodoh

                          1 Reply Last reply Reply Quote 0
                          • G
                            grage95
                            last edited by

                            ganti saja /var/run/named.id

                            yang ini di //
                            //dump-file      "/var/dump/named_dump.db";
                            //statistics-file "/var/stats/named.stats"

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.