Kali ini abiabang akan mencoba mengikuti panduan yang sudah ada pada forum/blog yang duluan dibuatkan,bagaimana cara membuat DNS server pada system Operasi CentOS 7.dalam hal ini hal ini dibatasi hanya Master DNS saja ya sob (tanpa secondary dns).oke kita langsung aja yuk.
Sebelum melakukan setting perlu disiapkan informasi sebagai berikut
Primary (Master) DNS Server Details:
Operating System : CentOS 7 Hostname : abiabang.org IP Address : 192.168.6.233/24
Client Details:
Operating System : Windows 7 64bit Laptop Hostname : client.laptop IP Address : 192.168.6.170/24
Pengaturan (Master) DNS Server
Install bind9 packages pada Server
yum install bind bind-utils -y
1. Configure DNS Server
Edit ‘/etc/named.conf’ file.
vi /etc/named.conf
Add the lines as shown in bold:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.6.233;}; ### Master DNS IP ###
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.6.0/24;}; ### IP Range ###
allow-transfer{ localhost; 192.168.6.234; }; ### Slave DNS IP ###
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "abiabang.org" IN {
type master;
file "/var/named/forward.abi";
allow-update { none; };
};
zone "6.168.192.in-addr.arpa" IN {
type master;
file "/var/named/reverse.abi";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2. Create Zone files
Create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.
2.1 Create Forward Zone
Create forward.unixmen file in the ‘/var/named’ directory.
vi /var/named/forward.abi
Add the following lines:
$TTL 86400 @ IN SOA abiabang.org. root.abiabang.org. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS abiabang.org. @ IN NS ns.abiabang.org. @ IN A 192.168.6.233 ns IN A 192.168.6.233 web IN A 192.168.6.233
2.2 Create Reverse Zone
Create reverse.unixmen file in the ‘/var/named’ directory.
vi /var/named/reverse.abi
Add the following lines:
$TTL 86400 @ IN SOA abiabang.org. root.abiabang.org. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS abiabang.org. @ IN PTR ns.abiabang.org. 1 IN PTR abiabang.org. 1 IN PTR ns.abiabang.org. 1 IN PTR web.abiabang.org.
3. Start the DNS service
Enable and start DNS service:
systemctl enable named --> meangaktifkan systemctl start named --> menjalankan service
systemctl start named --> melihat status service
4. Firewall Configuration
We must allow the DNS service default port 53 through firewall.
firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp
*bila perintah/command firewall belun ada
#yum install firewalld
#systemctl start firewalld
#systemctl enable firewalld
#systemctl status firewalld
5. Restart Firewall
firewall-cmd --reload
6. Configuring Permissions, Ownership, and SELinux
Run the following commands one by one:chgrp named -R /var/namedchown -v root:named /etc/named.confrestorecon -rv /var/namedrestorecon /etc/named.conf
7. Test DNS configuration and zone files for any syntax errors
Check DNS default configuration file:
named-checkconf /etc/named.conf
If it returns nothing, your configuration file is valid.
Check Forward zone:
named-checkzone abiabang.org /var/named/forward.abi
Sample output:
zone unixmen.local/IN: loaded serial 2011071001 OK
Check reverse zone:
named-checkzone abiabang.org /var/named/reverse.abi
Sample Output:
zone unixmen.local/IN: loaded serial 2011071001 OK
Add the DNS Server details in your network interface config file.
vi /etc/sysconfig/network-scripts/ifcfg-eno1
TYPE="Ethernet" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" NAME="enp0s3" UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa" ONBOOT="yes" HWADDR="08:00:27:19:68:73" IPADDR0="192.168.1.101" PREFIX0="24" GATEWAY0="192.168.1.1" DNS="192.168.6.233" IPV6_PEERDNS="yes" IPV6_PEERROUTES="yes"
Edit file /etc/resolv.conf,
vi /etc/resolv.conf
Add the name server ip address:
nameserver 192.168.6.233
Save and close the file.
:wq atau dengan perintah shift+ZZ
Restart network service:
systemctl restart network
8. Test DNS Server
nslookup abiabang.orgnslookup 192.168.6.233
semoga membantu
/mf
sumber asli klik disini
.webp)
Post a Comment for "DNS server | CentOS 7"
Komentar Saudara/i sangat bermanfaat untuk membangun Blog ini,Terimakasih
Your comments are very useful for building this blog, thank you