A. Prerequisites (Prasyarat)
- Topologi Jaringan
- Konfigurasi Server dan Client
Konfigurasi Server : -------------------------------------------------- - Sistem Operasi : Linux Debian 10 (Buster) - IP Address NIC 1 : DHCP Internet - Gateway : DHCP Internet - Hostname : ns100 (Gantilah angka 100 dengan nomer absen anda masing-masing) - Domain : sekolah100.sch.id (Gantilah angka 100 dengan nomer absen anda masing-masing) - IP Address NIC 2 : 192.168.100.1/24 (Gantilah angka 100 dengan nomer absen anda masing-masing) Konfigurasi Client : -------------------------------------------------- - Sistem Operasi : Windows - IP Address : DHCP Server
B. Seting Server
- DHCP Server
Pastikan instalasi dan konfigurasi DHCP server sudah berjalan dengan baik
- Konfigurasi DNS Servere
Seting Hostname
root@ns100:/# hostnamectl set-hostname ns100.sekolah100.sch.id root@ns100:/# nano /etc/hosts 127.0.0.1 localhost 192.168.100.1 ns100.sekolah100.sch.id ns100 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters root@ns100:/# reboot
Install paket DNS Server (BIND)
root@ns100:/# apt install bind9 dnsutils Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: bind9utils dns-root-data libirs161 python3-ply Suggested packages: bind9-doc resolvconf ufw rblcheck python-ply-doc The following NEW packages will be installed: bind9 bind9utils dns-root-data dnsutils libirs161 python3-ply 0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded. Need to get 1,738 kB of archives. After this operation, 5,139 kB of additional disk space will be used. Do you want to continue? [Y/n] Y Get:1 http://mirror.smkn1klaten.sch.id/debian/buster/amd64 libirs161 1:9.11.5.P4+dfsg-5.1 [237 kB] Get:2 http://mirror.smkn1klaten.sch.id/debian/buster/amd64 dnsutils 1:9.11.5.P4+dfsg-5.1 [365 kB] Get:3 http://mirror.smkn1klaten.sch.id/debian/buster/amd64 python3-ply 3.11-3 [65.1 kB] Fetched 1,738 kB in 1s (1,278 kB/s) Preconfiguring packages ...
Seting zona domain dan zona reverse IP
root@ns100:/# cd /etc/bind root@ns100:/etc/bind# nano named.conf.local // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "sekolah100.sch.id" { type master; file "/etc/bind/db.sekolah100"; }; zone "100.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192"; };
Seting zona domain
root@ns100:/etc/bind# cp db.local db.sekolah100 root@ns100:/etc/bind# nano db.sekolah100 ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA sekolah100.sch.id. root.sekolah100.sch.id. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns100.sekolah100.sch.id. @ IN A 192.168.100.1 ;@ IN AAAA ::1 ns100 IN A 192.168.100.1 www IN CNAME sekolah100.sch.id.
Seting zona reverse IP
root@ns100:/etc/bind# cp db.127 db.192 root@ns100:/etc/bind# nano db.192 ; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA sekolah100.sch.id. root.sekolah100.sch.id. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns100.sekolah100.sch.id. 1 IN PTR sekolah100.sch.id.
Seting forward DNS
root@ns100:/etc/bind# nano named.conf.options options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 10.10.129.5; }; //=====================================================================$ // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //=====================================================================$ dnssec-validation no; allow-query { any; }; // listen-on-v6 { any; }; };
Seting resolv.conf
root@ns100:/etc/bind# apt install resolvconf
Reading package lists... Done
Building dependency tree
Reading state information... Doneroot@ns100:/etc/bind# systemctl enable resolvconf root@ns100:/etc/bind# systemctl start resolvconf root@ns100:/etc/bind# systemctl status resolvconf ● resolvconf.service - Nameserver information manager Loaded: loaded (/lib/systemd/system/resolvconf.service; enabled; vendor prese Active: active (exited) since Fri 2021-08-13 06:58:44 WIB; 1 day 9h ago Docs: man:resolvconf(8) Main PID: 273 (code=exited, status=0/SUCCESS)
root@ns100:/etc/bind# nano /etc/resolvconf/resolv.conf.d/head # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.0.1
root@ns100:/etc/bind# resolvconf --enable-updates root@ns100:/etc/bind# resolvconf -u root@ns100:/etc/bind# cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.0.1 nameserver 192.168.16.2 search localdomain
Cek Syntax file konfigurasi BIND dari kesalahan.
Jalankan perintah berikut untuk mengecek apakah dalam file konfigurasi BIND yang telah dibuat terdapat kesalahan dalam penulisan syntax atau tidak
Perintah named-checkconf akan mengkoreksi file konfigurasi dari bind9, jika terdapat kesalahan dalam file konfigurasi maka perintah tersebut akan menampilkan letak kesalahan dari file konfigurasi sehingga anda dapat dengan mudah memperbaiki kesalahan tersebut untuk kemudian menjalankan kembali perintah named-checkconf hingga tidak ada kesalahan lagi yang ditampilkan.
root@ns100:/etc/bind# named-checkconf -z
zone sekolah100.sch.id/IN: loaded serial 2
zone 100.168.192.in-addr.arpa/IN: loaded serial 1
zone localhost/IN: loaded serial 2
zone 127.in-addr.arpa/IN: loaded serial 1
zone 0.in-addr.arpa/IN: loaded serial 1
zone 255.in-addr.arpa/IN: loaded serial 1 Untuk memeriksa konfigurasi file zone domain kita dapat menggunakan perintah named-checkzone dengan memberikan argumen nama zone dan file zone seperti berikut
root@ns100:/etc/bind# named-checkzone sekolah100.sch.id db.sekolah100
zone sekolah100.sch.id/IN: loaded serial 2
OK Sedangkan untuk memeriksa konfigurasi file zone reverse gunakan perintah seperti berikut :
root@ns100:/etc/bind# named-checkzone 100.168.192.in-addr.arpa db.192
zone 100.168.192.in-addr.arpa/IN: loaded serial 1
OK Restart service BIND
Setelah semua pengecekan dilakukan dan tidak terdapat kesalahan pada config dan zone file lanjutkan dengan merestart servis bind
root@ns100:/etc/bind# /etc/init.d/bind9 restart
[ ok ] Restarting bind9 (via systemctl): bind9.service. Cek hasil konfigurasi
Menggunakan perintah dig dan nslookup
Domain Information Groper atau yang biasa dikenal dengan dig adalah perintah command line pada linux digunakan untuk query (permintaan) dan memeriksa Informasi DNS (seperti A record, MX record, CNAME, SOA, TXT dan lain-lain).
root@ns100:/etc/bind# dig sekolah100.sch.id ; DiG 9.11.5-P4-5.1+deb10u5-Debian sekolah100.sch.id ;; global options: +cmd ;; Got answer: ;; HEADER opcode: QUERY, status: NOERROR, id: 33366 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 6bbab592945a7f54201824ff611793a163f5955f592e2480 (good) ;; QUESTION SECTION: ;sekolah100.sch.id. IN A ;; ANSWER SECTION: sekolah100.sch.id. 604800 IN A 192.168.100.1 ;; AUTHORITY SECTION: sekolah100.sch.id. 604800 IN NS ns100.sekolah100.sch.id. ;; ADDITIONAL SECTION: ns100.sekolah100.sch.id. 604800 IN A 192.168.100.1 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Aug 14 16:57:53 WIB 2021 ;; MSG SIZE rcvd: 162
nslookup kependekan dari name server lookup adalah tool yang berupa baris perintah (command line) sederhana untuk melakukan query ke DNS dan memetakan nama domain menjadi alamat IP atau sebaliknya maupun data DNS lainnya. Nslookup biasanya digunakan untuk troubleshoot oleh administrator jaringan. Nslookup tersedia di berbagai macam Sistem Operasi (Windows, Mac, Linux).
root@ns100:/etc/bind# nslookup sekolah100.sch.id
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: sekolah100.sch.id
Address: 192.168.100.1root@ns100:/etc/bind# nslookup www.sekolah100.sch.id
Server: 127.0.0.1
Address: 127.0.0.1#53
www.sekolah100.sch.id canonical name = sekolah100.sch.id.
Name: sekolah100.sch.id
Address: 192.168.100.1
root@ns100:/etc/bind# nslookup 192.168.100.1
1.100.168.192.in-addr.arpa name = sekolah100.sch.id.
C. Pengujian di klien
C:\>nslookup sekolah100.sch.id Server: sekolah100.sch.id Address: 192.168.100.1 Name: sekolah100.sch.id Address: 192.168.100.1 C:\>nlookup www.sekolah100.sch.id Server: sekolah100.sch.id Address: 192.168.100.1 Name: sekolah100.sch.id Address: 192.168.100.1 Aliases: www.sekolah100.sch.id C:\>nslookup 192.168.100.1 Server: sekolah100.sch.id Address: 192.168.100.1 Name: sekolah100.sch.id Address: 192.168.100.1
D. Selesai
Selamat! akhirnya kita telah belajar dan berhasil melakukan instalasi dan konfigurasi layanan DNS Server.
