BIND or named is the most widely used Domain Name System (DNS) software on the Internet.On Unix-like operating systems it is the de facto standard.[7][8] It performs both of the main DNS server roles - acting as an authoritative name server for one or more specific domains, and acting as a recursive resolver for the DNS system generally.
1. Install bind
[root@server data]# yum -y install bind bind-utils
1. Install bind
[root@server data]# yum -y install bind bind-utils
2. enable and start named service
#
[root@bind-server-teguhtriharto data]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@bind-server-teguhtriharto data]# systemctl start named
[root@bind-server-teguhtriharto data]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-03-06 13:50:24 WIB; 35min ago
Main PID: 41985 (named)
CGroup: /system.slice/named.service
└─41985 /usr/sbin/named -u named -c /etc/named.conf
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: managed-keys-zone: loaded serial 0
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: zone 0.in-addr.arpa/IN: loaded serial 0
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: zone localhost.localdomain/IN: loaded serial 0
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: zone localhost/IN: loaded serial 0
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: all zones loaded
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: running
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53
Mar 06 13:50:24 bind-server-teguhtriharto named[41985]: network unreachable resolving './NS/IN': 2001:500:2f::f#53
[root@bind-server-teguhtriharto data]#
3. IPconfig
[root@server teguht]# cd /etc/sysconfig/network-scripts/
[root@server network-scripts]# cat ifcfg-ens160
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=ens160
UUID=3405d451-483b-4ebe-a46b-cbb8979b57b6
DEVICE=ens160
ONBOOT=yes
IPADDR=10.10.10.103
PREFIX=24
GATEWAY=10.10.10.1
DNS1=127.0.0.1
DOMAIN="teguhtriharto.com"
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_PRIVACY=no
[root@server network-scripts]#
[root@server network-scripts]# systemctl restart network
4. Configure Hostname, network and resolv
[root@server teguht]# cat /etc/hostname
server
[root@server teguht]#
[root@server teguht]# cat /etc/sysconfig/network
# Created by anaconda
NETWORKING=yes
HOSTNAME=server
[root@server teguht]#
[root@server teguht]# cat /etc/resolv.conf
# Generated by NetworkManager
search teguhtriharto.com
nameserver 127.0.0.1
[root@server teguht]#
[root@server ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.10.103 teguhtriharto.com server server.teguhtriharto.com
10.10.10.105 client client.teguhtriharto.com
# optional
10.10.5.240 nms.teguhtriharto
[root@server ~]#
5. Configuration
# vi /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; 10.10.10.103;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost;10.10.10.0/24;};
allow-transfer { none; };
6. Add zone forward
# vi /etc/named.conf
zone "teguhtriharto.com" IN {
type master;
file "/var/named/teguht.fwd";
allow-update { none; };
};
7. reverse
zone "10.10.10.in-addr.arpa" IN {
type master;
file "/var/named/teguht.rr";
allow-update { none; };
};
8. Create Forward Zone file
DNS records
A record = is used to map hostname to an IPaddress
NS (Name server) record = identifies authoritative DNS server for the zone
MX (mail exchanger) record = specifies a mail server responsible for accepting of mail in the zone
CN (canonical name) record =specifies alias of one name to another name,
# vi /var/named/teguht.fwd
$TTL 86400
@ IN SOA ns1.teguhtriharto.com. root.teguhtriharto.com.(
2014112511 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
);
;Name Server Information
@ IN NS ns1.teguhtriharto.com.
@ IN A 10.10.10.103
ns1 IN A 10.10.10.103
@ IN A 10.10.10.105
client IN A 10.10.10.105
@ IN A 10.10.5.240
nms IN A 10.10.5.240
9. Create Reserve Zone File
# vi /var/named/teguht.rr
$TTL 86400
@ IN SOA ns1.teguhtriharto.com. root.teguhtriharto.com.(
2014112511 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
);
;Name Server Information
@ IN NS ns1.teguhtriharto.com.
ns1 IN A 10.10.10.103
103 IN PTR ns1.teguhtriharto.com.
client IN A 10.10.10.105
105 IN PTR client.teguhtriharto.com.
nms IN A 10.10.5.240
240 IN PTR nms.teguhtriharto.com.
10. Restart bind service
# systemctl restart named
11. testing
# dig -x 127.0.0.1
# dig -x 10.10.10.103
# dig -x teguhtriharto.com
# dig -x ns1.teguhtriharto.com
# dig -x server.teguhtriharto.com
# dig -x client.teguhtriharto.com
# dig -x nms.teguhtriharto.com
# dig 127.0.0.1
# dig 10.10.10.103
# dig teguhtriharto.com
# dig ns1.teguhtriharto.com
# dig server.teguhtriharto.com
# dig client.teguhtriharto.com
# dig nms.teguhtriharto.com
# nslookup 127.0.0.1
# nslookup 10.10.10.103
# nslookup teguhtriharto.com
# nslookup ns1.teguhtriharto.com
# nslookup server.teguhtriharto.com
# nslookup client.teguhtriharto.com
# nslookup nms.teguhtriharto.com
B. CLient Server(example on linux)
1. additional Client IP
[root@client teguht]# cd /etc/sysconfig/network-scripts/
[root@client network-scripts]# cat ifcfg-ens160
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=ens160
UUID=3405d451-483b-4ebe-a46b-cbb8979b57b6
DEVICE=ens160
ONBOOT=yes
IPADDR=10.10.10.22
PREFIX=24
GATEWAY=10.10.10.1
DNS1=127.0.0.1
DOMAIN="teguhtriharto.com"
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_PRIVACY=no
[root@client network-scripts]#
[root@client network-scripts]# systemctl restart network
2. Testing from client
# dig -x 127.0.0.1
# dig -x 10.10.10.103
# dig -x 10.10.10.105
# dig -x teguhtriharto.com
# dig -x ns1.teguhtriharto.com
# dig -x server.teguhtriharto.com
# dig -x client.teguhtriharto.com
# dig -x nms.teguhtriharto.com
# dig 127.0.0.1
# dig 10.10.10.103
# dig 10.10.10.105
# dig teguhtriharto.com
# dig ns1.teguhtriharto.com
# dig server.teguhtriharto.com
# dig client.teguhtriharto.com
# dig nms.teguhtriharto.com
# nslookup 127.0.0.1
# nslookup 10.10.10.103
# nslookup 10.10.10.105
# nslookup teguhtriharto.com
# nslookup ns1.teguhtriharto.com
# nslookup server.teguhtriharto.com
# nslookup client.teguhtriharto.com
# nslookup nms.teguhtriharto.com
# nslookup google.com
3. Sample output Testing from client
[root@client network-scripts]# dig -x teguhtriharto.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -x teguhtriharto.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32997
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com.teguhtriharto.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2019021535 1800 900 604800 3600
;; Query time: 277 msec
;; SERVER: 10.10.10.103#53(10.10.10.103)
;; WHEN: Mon Mar 11 15:28:56 WIB 2019
;; MSG SIZE rcvd: 127
[root@client network-scripts]# dig teguhtriharto.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> teguhtriharto.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55990
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;teguhtriharto.com. IN A
;; ANSWER SECTION:
teguhtriharto.com. 86400 IN A 10.10.10.105
teguhtriharto.com. 86400 IN A 10.10.10.103
teguhtriharto.com. 86400 IN A 10.10.5.240
;; AUTHORITY SECTION:
teguhtriharto.com. 86400 IN NS ns1.teguhtriharto.com.
;; ADDITIONAL SECTION:
ns1.teguhtriharto.com. 86400 IN A 10.10.10.103
;; Query time: 2 msec
;; SERVER: 10.10.10.103#53(10.10.10.103)
;; WHEN: Mon Mar 11 15:28:58 WIB 2019
;; MSG SIZE rcvd: 128
[root@client network-scripts]# dig google.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39179
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 4, ADDITIONAL: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 215 IN A 74.125.24.101
google.com. 215 IN A 74.125.24.113
google.com. 215 IN A 74.125.24.102
google.com. 215 IN A 74.125.24.139
google.com. 215 IN A 74.125.24.138
google.com. 215 IN A 74.125.24.100
;; AUTHORITY SECTION:
google.com. 172714 IN NS ns3.google.com.
google.com. 172714 IN NS ns2.google.com.
google.com. 172714 IN NS ns1.google.com.
google.com. 172714 IN NS ns4.google.com.
;; ADDITIONAL SECTION:
ns2.google.com. 172714 IN A 216.239.34.10
ns2.google.com. 172714 IN AAAA 2001:4860:4802:34::a
ns1.google.com. 172714 IN A 216.239.32.10
ns1.google.com. 172714 IN AAAA 2001:4860:4802:32::a
ns3.google.com. 172714 IN A 216.239.36.10
ns3.google.com. 172714 IN AAAA 2001:4860:4802:36::a
ns4.google.com. 172714 IN A 216.239.38.10
ns4.google.com. 172714 IN AAAA 2001:4860:4802:38::a
;; Query time: 2 msec
;; SERVER: 10.10.10.103#53(10.10.10.103)
;; WHEN: Mon Mar 11 15:29:05 WIB 2019
;; MSG SIZE rcvd: 383
[root@client network-scripts]# dig facebook.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> facebook.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36265
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;facebook.com. IN A
;; ANSWER SECTION:
facebook.com. 300 IN A 157.240.25.35
;; AUTHORITY SECTION:
facebook.com. 172799 IN NS b.ns.facebook.com.
facebook.com. 172799 IN NS a.ns.facebook.com.
;; ADDITIONAL SECTION:
a.ns.facebook.com. 172799 IN A 69.171.239.12
a.ns.facebook.com. 172799 IN AAAA 2a03:2880:fffe:c:face:b00c:0:35
b.ns.facebook.com. 172799 IN A 69.171.255.12
b.ns.facebook.com. 172799 IN AAAA 2a03:2880:ffff:c:face:b00c:0:35
;; Query time: 803 msec
;; SERVER: 10.10.10.103#53(10.10.10.103)
;; WHEN: Mon Mar 11 15:29:12 WIB 2019
;; MSG SIZE rcvd: 180
[root@client network-scripts]#
[root@client network-scripts]# nslookup 10.10.10.103
Server: 10.10.10.103
Address: 10.10.10.103#53
103.10.10.10.in-addr.arpa name = ns1.teguhtriharto.com.
[root@client network-scripts]#
[root@client network-scripts]# nslookup 10.10.10.105
Server: 10.10.10.103
Address: 10.10.10.103#53
105.10.10.10.in-addr.arpa name = client.teguhtriharto.com.
[root@client network-scripts]#
No comments:
Post a Comment