1. install : bind, ypbind, bind-utils, bind-chroot, system-config-bind
2. konfig RNDC key
key "rndckey" {
algorithm hmac-md5;
secret "n65jFtfnZ+y+bVpA4mK/kQ==";
};
// kita asumsikan server kita mempunyai IP 192.168.1.10 yang melayani 192.168.1.0/24
controls {
inet 192.168.1.10 allow { 192.168.1.0/24; } keys { "rndckey"; };
};
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
// so people can't try to guess what version you're running
version "REFUSED";
allow-query {
any; };
};
server 192.168.1.10 {
keys { rndckey; };
};
zone "." IN {
type hint;
file "data/named.ca";
};
// Kita asumsikan dns server kita adalah server.ky
zone "server.ky" IN {
type master;
file "data/example.com.zone";
allow-update { none; };
};
// Kita asumsikan bahwa zona reverse kita adalah 1.168.192
zone "1.168.192.in-addr.arpa" IN {
type master;
file "data/1.168.192.zone";
};
// end of named.conf
5. Konfigurasi zona forward
7. Menambahkan named.ca
8. Terakhir
2. konfig RNDC key
# cd /var/named/chroot/etc/
# rndc-confgen > rndc.key
# Start of rndc.conf
key "rndckey" {
algorithm hmac-md5;
secret "n65jFtfnZ+y+bVpA4mK/kQ==";
};
3. konfig named.confkey "rndckey" {
algorithm hmac-md5;
secret "n65jFtfnZ+y+bVpA4mK/kQ==";
};
// kita asumsikan server kita mempunyai IP 192.168.1.10 yang melayani 192.168.1.0/24
controls {
inet 192.168.1.10 allow { 192.168.1.0/24; } keys { "rndckey"; };
};
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
// so people can't try to guess what version you're running
version "REFUSED";
allow-query {
any; };
};
server 192.168.1.10 {
keys { rndckey; };
};
zone "." IN {
type hint;
file "data/named.ca";
};
// Kita asumsikan dns server kita adalah server.ky
zone "server.ky" IN {
type master;
file "data/example.com.zone";
allow-update { none; };
};
// Kita asumsikan bahwa zona reverse kita adalah 1.168.192
zone "1.168.192.in-addr.arpa" IN {
type master;
file "data/1.168.192.zone";
};
// end of named.conf
5. Konfigurasi zona forward
# vi /var/named/chroot/var/named/data/example.com.zone
$TTL 38400 ; 10 hours 40 minutes
@ IN SOA ns1.example.com. admin.server.ky. (
2007020400 ; serial
180 ; refresh (3 minutes)
360 ; retry (6 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.server.ky.
A 192.168.1.10
MX 10 mail.server.ky.
ftp IN CNAME ns1
mail IN CNAME ns1
ns1 IN A 192.168.1.10
www IN CNAME ns1
5. Konfigurasi zona reverse
# vi /var/named/chroot/var/named/data/1.168.192.zone
$TTL 38400 ; 10 hours 40 minutes
@ IN SOA ns1.example.com. admin.example.com. (
2007020404 ; serial
180 ; refresh (3 minutes)
360 ; retry (6 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.server.ky.
2 IN PTR bla.server.ky
6. Konfigurasi resolv.conf
vi etc/resolv.confnameserver 192.168.1.10
7. Menambahkan named.ca
cp /usr/share/doc/bind-9.3.4/sample/var/named/named.root var/named/chroot/var/named/data/named.ca
8. Terakhir
# service named start
# nslookup server.ky
NB : kl ad DNS server jgn lupa tambahin
#/etc/squid/squid.conf
dns_nameservers 192.168.1.1
Post a Comment for "Bind dgn chroot di centos"