Apa itu BIND9 ?
BIND (Berkeley Internet Name Domain) adalah software DNS open source, fleksibel, dan berfitur lengkap yang banyak digunakan di Unix/Linux karena stabilitas dan kualitasnya yang tinggi. Ini awalnya dikembangkan oleh UC Berkeley, dan kemudian pada tahun 1994, pengembangannya dipindahkan ke Internet Systems Consortium, Inc (ISC).
BIND dapat bertindak sebagai server DNS authoritative dan DNS recursor/resolver pada saat yang bersamaan. Namun, mengambil dua peran sekaligus tidak menguntungkan. Namun, ini bukan best practices DNS server sebaiknya DNS server recursor/resolver dipisah dengan authoritative agar load server tetap terjaga.
Instalasi
Pastikan login menggunakan root dan akses menggunakan SSH
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | [root@iaasweb ~]# yum -y update [root@iaasweb ~]# yum -y install bind bind-tools net-tools [root@iaasweb ~]# named -v BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.10 (Extended Support Version) <id:7107deb> [root@iaasweb ~]# systemctl start named && systemctl enable named [root@iaasweb ~]# systemctl status named ● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2022-11-24 17:31:00 WIB; 34s ago Main PID: 6818 (named) CGroup: /system.slice/named.service └─6818 /usr/sbin/named -u named -c /etc/named.conf Nov 24 17:31:00 iaasweb.iaas.web.id named[6818]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53 Nov 24 17:31:00 iaasweb.iaas.web.id named[6818]: network unreachable resolving './NS/IN': 2001:500:2::c#53 Nov 24 17:31:00 iaasweb.iaas.web.id named[6818]: network unreachable resolving './DNSKEY/IN': 2001:500:200::b#53 Nov 24 17:31:00 iaasweb.iaas.web.id named[6818]: network unreachable resolving './NS/IN': 2001:500:200::b#53 Nov 24 17:31:00 iaasweb.iaas.web.id named[6818]: network unreachable resolving './DNSKEY/IN': 2001:500:9f::42#53 Nov 24 17:31:00 iaasweb.iaas.web.id named[6818]: network unreachable resolving './NS/IN': 2001:500:9f::42#53 Nov 24 17:31:00 iaasweb.iaas.web.id named[6818]: network unreachable resolving './DNSKEY/IN': 2001:503:c27::2:30#53 Nov 24 17:31:00 iaasweb.iaas.web.id named[6818]: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53 Nov 24 17:31:01 iaasweb.iaas.web.id named[6818]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: ...usted Nov 24 17:31:01 iaasweb.iaas.web.id named[6818]: resolver priming query complete Hint: Some lines were ellipsized, use -l to show in full. |
Konfigurasi berikutnya ada di named.conf saya akan memberikan komentar pada baris berikut ini
- listen-on port 53 { 127.0.0.1; };
- listen-on-v6 port 53 { ::1; };
Memastikan recursion aktif dan mengizinkan IP Address yang dapat meng-query server DNS
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | [root@iaasweb ~]# nano /etc/named.conf options { // listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; ... .. .. recursion yes; allow-query { localhost; 10.177.10.0/27;}; querylog yes; [root@iaasweb ~]# firewall-cmd --permanent --add-port=53/udp success [root@iaasweb ~]# firewall-cmd --reload [root@iaasweb ~]# systemctl restart named |
Testing
Saya akan melakukan dig pada server terlebih dahulu untuk memastikan dns sudah berjalan, DNS ini dapat digunakan hanya pada network yang sudah masuk ke dalam query. Saya gunakan DNS pada client Windows dan Linux dan melihat hasilnya melalui /var/log/messages
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | [root@iaasweb ~]# dig A google.com @10.177.10.14 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.10 <<>> A google.com @10.177.10.14 ;; global options: +cmd ;; connection timed out; no servers could be reached [root@iaasweb ~]# systemctl restart named [root@iaasweb ~]# dig A google.com @10.177.10.14 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.10 <<>> A google.com @10.177.10.14 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4287 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 4, ADDITIONAL: 9 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 300 IN A 142.251.12.138 google.com. 300 IN A 142.251.12.101 google.com. 300 IN A 142.251.12.113 google.com. 300 IN A 142.251.12.139 google.com. 300 IN A 142.251.12.100 google.com. 300 IN A 142.251.12.102 ;; AUTHORITY SECTION: google.com. 172799 IN NS ns3.google.com. google.com. 172799 IN NS ns1.google.com. google.com. 172799 IN NS ns4.google.com. google.com. 172799 IN NS ns2.google.com. ;; ADDITIONAL SECTION: ns2.google.com. 172799 IN A 216.239.34.10 ns1.google.com. 172799 IN A 216.239.32.10 ns3.google.com. 172799 IN A 216.239.36.10 ns4.google.com. 172799 IN A 216.239.38.10 ns2.google.com. 172799 IN AAAA 2001:4860:4802:34::a ns1.google.com. 172799 IN AAAA 2001:4860:4802:32::a ns3.google.com. 172799 IN AAAA 2001:4860:4802:36::a ns4.google.com. 172799 IN AAAA 2001:4860:4802:38::a ;; Query time: 2005 msec ;; SERVER: 10.177.10.14#53(10.177.10.14) ;; WHEN: Thu Nov 24 17:42:36 WIB 2022 ;; MSG SIZE rcvd: 383 [root@iaasweb ~]# tail -f /var/log/messages Nov 24 05:48:52 iaasweb named[7045]: client @0x7feae4056ad0 10.177.10.10#49722 (google.com): query: google.com IN A +E(0) (10.177.10.14) Nov 24 05:49:49 iaasweb named[7045]: client @0x7feae40a9060 10.177.10.10#46429 (google.com): query: google.com IN A +E(0) (10.177.10.14) |