About DNS
When hosts on a network connect to one another via a hostname, also called a fully qualified domain name (FQDN), DNS is used to associate the names of machines to the IP address for the host.
When hosts on a network connect to one another via a hostname, also called a fully qualified domain name (FQDN), DNS is used to associate the names of machines to the IP address for the host.
Use
of DNS and FQDNs also has advantages for system administrators,
allowing the flexibility to change the IP address for a host without
effecting name-based queries to the machine. Conversely, administrators
can shuffle which machines handle a name-based query.
DNS
is normally implemented using centralized servers that are
authoritative for some domains and refer to other DNS servers for other
domains.
When
a client host requests information from a nameserver, it usually
connects to port 53. The nameserver then attempts to resolve the FQDN
based on its resolver library, which may contain authoritative
information about the host requested or cached data from an earlier
query. If the nameserver does not already have the answer in its
resolver library, it queries other nameservers, called root nameservers,
to determine which nameservers are authoritative for the FQDN in
question. Then, with that information, it queries the authoritative
nameservers to determine the IP address of the requested host. If
performing a reverse lookup, the same procedure is used, except the
query is made with an unknown IP address rather than a name.
Example:
bob.example.com
mail.example.com
games.example3.com
mail.example.com
games.example3.com
In this case we will use the well known BIND 9. BIND is also known as the service named in CentOS.
Nameserver Types
There are four primary nameserver configuration types:
There are four primary nameserver configuration types:
master
Stores original and authoritative zone records for a namespace, and answers queries about the namespace from other nameservers.
Stores original and authoritative zone records for a namespace, and answers queries about the namespace from other nameservers.
slave
Answers queries from other nameservers concerning namespaces for which it is considered an authority. However, slave nameservers get their namespace information from master nameservers.
Answers queries from other nameservers concerning namespaces for which it is considered an authority. However, slave nameservers get their namespace information from master nameservers.
caching-only
Offers name-to-IP resolution services, but is not authoritative for any zones. Answers for all resolutions are cached in memory for a fixed period of time, which is specified by the retrieved zone record.
Offers name-to-IP resolution services, but is not authoritative for any zones. Answers for all resolutions are cached in memory for a fixed period of time, which is specified by the retrieved zone record.
forwarding
Forwards requests to a specific list of nameservers for name resolution. If none of the specified nameservers can perform the resolution, the resolution fails.
Forwards requests to a specific list of nameservers for name resolution. If none of the specified nameservers can perform the resolution, the resolution fails.
A
nameserver may be one or more of these types. For example, a nameserver
can be a master for some zones, a slave for others, and only offer
forwarding resolutions for others.
BIND as a Nameserver
BIND performs name resolution services through the /usr/sbin/named daemon. BIND stores its configuration files in the following locations:
BIND performs name resolution services through the /usr/sbin/named daemon. BIND stores its configuration files in the following locations:
/etc/named.conf
The configuration file for the named daemon
The configuration file for the named daemon
/var/named/ directory
The named working directory which stores zone, statistic, and cache files
The named working directory which stores zone, statistic, and cache files
If
you have installed the caching-nameserver package, the default
configuration file is /etc/named.caching-nameserver.conf. To override
this default configuration, you can create your own custom configuration
file in /etc/named.conf. BIND will use the /etc/named.conf custom file
instead of the default configuration file after you restart.
How to install
Log on as root:
[user@localhost] su -
After you are authentificated as root update your yum sources:
[root@localhost] yum update
Then let`s download the bind9 package:
[root@localhost] yum install bind
Yum will search the latest version and will display you
[user@localhost] su -
After you are authentificated as root update your yum sources:
[root@localhost] yum update
Then let`s download the bind9 package:
[root@localhost] yum install bind
Yum will search the latest version and will display you
–> Populating transaction set with selected packages. Please wait.
—> Package bind.i386 30:9.3.3-10.el5 set to be updated
–> Running transaction check
—> Package bind.i386 30:9.3.3-10.el5 set to be updated
–> Running transaction check
Dependencies Resolved
================================================
Package Arch Version Repository Size
================================================
================================================
Installing:
bind i386 30:9.3.3-10.el5 base 954 k
bind i386 30:9.3.3-10.el5 base 954 k
Transaction Summary
=================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
=================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 954 k
Is this ok [y/N]:
Is this ok [y/N]:
After yum installs BIND9(named) you will need to go in:
[user@localhost] cd /etc/
[user@localhost] nano named.conf
and paste this options:
options {
directory "/var/named";
query-source port 53;
allow-transfer {
localhost;
};
};
zone "example1.com" {
type master;
file "example1.com.db";
};
zone "localhost" {
type master;
file "localhost.db";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "127.0.0.rev";
};
zone "." in {
type hint;
file "root.db";
};
Let`s take them one by one:
zone "example1.com" {
type master;
file "example1.com.db";
};
If
you have a domain name called example1.com, you will need to create a
zone for him, in this case is example1.com with configuration file
called example1.com.db that will be created in /var/named
We take now example1.com.db file and add this:
$TTL 2d ; zone TTL default = 2 days or 172800 seconds
$ORIGIN example1.com.
@ IN SOA example1.com. hostmaster.example1.com. (
2008051200 ; serial number (change when you modify DNS)
1d12h ; refresh = 1 day 12 hours
15M ; update retry = 15 minutes
3W12h ; expiry = 3 weeks + 12 hours
2h20M ) ; minimum = 2 hours + 20 minutes
@ IN NS ns1.example1.com.
@ IN A 127.0.0.1
ns1 IN A 127.0.0.1
www IN A 127.0.0.1
Now we take localhost.db
$TTL 2d
$ORIGIN localhost.
@ IN SOA localhost. hostmaster.localhost. (
2008051101 ; serial number (change when you modify DNS)
1d12h ; refresh = 1 day 12 hours
15M ; update retry = 15 minutes
3W12h ; expiry = 3 weeks + 12 hours
2h20M ) ; minimum = 2 hours + 20 minutes
@ IN NS localhost.
@ IN A 127.0.0.1
and 127.0.0.rev
$TTL 2d
$ORIGIN 0.0.127.in-addr.arpa.
@ IN SOA localhost. hostmaster.localhost. (
2008051101 ; serial number (change when you modify DNS)
1d12h ; refresh = 1 day 12 hours
15M ; update retry = 15 minutes
3W12h ; expiry = 3 weeks + 12 hours
2h20M ) ; minimum = 2 hours + 20 minutes
@ IN NS localhost.
1 IN PTR localhost.
and root.db
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Feb 04, 2008
; related version of root zone: 2008020400
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803f:235
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of File
this
file is used to forward your dns queries to some main root servers on
internet, if you did not set forward to a nother server from named.conf,
dont change them.
Now type in your terminal (logged as root):
[root@localhost] service named restart
to make service start every time when your OS starts type:
[root@localhost] setup
then select System Services go to named and press “space key” then TAB, ENTER and use tab again to select Quit button.
Setting DNS Server
DNS (Domain Name System) merupakan fitur dari linux yang mempunyai fungsi untuk merubah ip menjadi alamat domain. pada pembahasan kali ini kita akan mencoba untuk setting DNS pada CentOS 5
Pertama tama kita install bind sebagai aplikasi name server
# yum install bind caching-nameserver
setelah itu kita edit file konfigurasi bind
# vi /etc/named.rfc1912.zones
tambahkan zone pada baris paling bawah
zone "sekolah.sch.id" IN {
type master;
file "luluk.zone"; #namanya bisa apasaja
allow-update {none; };
};
kemudian kita buat file adi.zone yg diambil dr file localhost.zone
# cp /var/named/chroot/var/named/localhost.zone/var/named/chroot/var/named/luluk.zone
lalu kt edit file luluk.zone
# cd /var/named/chroot/var/named/
# vi luluk.zone
yg isinya:
$TTL 86400
@IN SOA ns.sekolah.sch.id. admin.sekolah.sch.id
. (
42
3H
15M
1W
1D )
IN NS ns.sekolah.sch.id
IN MX 10 mail.sekolah.sch.id. #jika punya mail server
IN A 192.168.35.1 #ip address server
Ns IN A 192.168.35.1
www IN A 192.168.35.1
mail IN A 192.168.35.1 #ip ini bisa diganti jika berbeda
ubah kepemilikan file luluk.zone menjadi root group named
ubah kepemilikan file luluk.zone menjadi root group named
# chown root.named tresna.zone
edit file /etc/named.caching-namedserver.conf
# vi /etc/named.caching-namedserver.conf
ganti isinya menjadi
-listen-on port 53 {any: };
-listen-on-v6 port 53 {any: };
-allow-query {any; };
-match-destinations {any: };
untuk mencoba edit file /etc/resolv.conf dan settingan ini berlaku utk di setiap client
# vi /etc/resolv.conf
search luluk.zone
nameserver 192.168.35.1 #ini ip address dns server
rubah file /etc/hosts
# vim /etc/hosts
ganti menjadi
127.0.0.1 localhost.localdomain localhost mail.sekolah.id mail
192.9.200.135 sekolah.sch.id mail.sekolah.sch.id mail
restart service named
# /etc/init.d/named restart
uji coba apakah DNS telah berjalan sesuai dengan fungsinya
# nslookup sekolah.sch.id
jika hasilnya
Server: 192.168.35.1
Address: 192.168.35.1#53
Non-authoritative answer:
Name: sekolah.sch.id
Address: xx.xx.xx.167
0 komentar:
Posting Komentar