Jump to content

Debian: Konfigurasi Debian 10 bind9: Difference between revisions

From Wiki
← Older edit
Kangtain (talk | contribs)
Bureaucrats, Interface administrators, Suppressors, Administrators
9,154 edits
VisualWikitext
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
Install BIND9 on Debian
Update repository
Update repository


<syntaxhighlight lang="bash">
sudo apt update
sudo apt update
 
</syntaxhighlight>


Install package bind9
Install package bind9


<syntaxhighlight lang="bash">
sudo apt install bind9 bind9utils bind9-doc bind9-host dnsutils
sudo apt install bind9 bind9utils bind9-doc bind9-host dnsutils
 
</syntaxhighlight>


Lihat status bind9
Lihat status bind9


<syntaxhighlight lang="bash">
systemctl status bind9
systemctl status bind9
 
</syntaxhighlight>


Keterangan jika sudah berjalan
Keterangan jika sudah berjalan


● bind9.service - BIND Domain Name Server
<syntaxhighlight lang="bash">● bind9.service - BIND Domain Name Server
  Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: en
  Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: en
  Active: active (running) since Sun 2019-07-14 10:27:56 UTC; 4min 6s ago
  Active: active (running) since Sun 2019-07-14 10:27:56 UTC; 4min 6s ago
    Docs: man:named(8)
    Docs: man:named(8)
Main PID: 1481 (named)
Main PID: 1481 (named)
    Tasks: 4 (limit: 1149)
  Tasks: 4 (limit: 1149)
  Memory: 13.7M
  Memory: 13.7M
  CGroup: /system.slice/bind9.service
  CGroup: /system.slice/bind9.service
          └─1481 /usr/sbin/named -u bind
          └─1481 /usr/sbin/named -u bind
</syntaxhighlight>




Jika belum berjalan, masukkan perintah berikut
Jika belum berjalan, masukkan perintah berikut
<syntaxhighlight lang="bash">
sudo systemctl start bind9
sudo systemctl start bind9
</syntaxhighlight>




Aktifkan otomatis saat booting
Aktifkan otomatis saat booting
<syntaxhighlight lang="bash">
sudo systemctl enable bind9
sudo systemctl enable bind9
</syntaxhighlight>




Edit file “named.conf.option” untuk mengizinkan menjadi DNS server
Edit file <code>named.conf.option</code> untuk mengizinkan menjadi DNS server
 
<syntaxhighlight lang="bash">
vim /etc/bind/named.conf.options
vim /etc/bind/named.conf.options
</syntaxhighlight>




Tambahkan perintah ini


 
<syntaxhighlight lang="bash" line="1">
 
 
 
Tambahkan perintah ini
options {
options {
        directory "/var/cache/bind";
      directory "/var/cache/bind";
 
      // If there is a firewall between you and nameservers you want
        // If there is a firewall between you and nameservers you want
      // to talk to, you may need to fix the firewall to allow multiple
        // to talk to, you may need to fix the firewall to allow multiple
      // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
      // If your ISP provided one or more IP addresses for stable
 
      // nameservers, you probably want to use them as forwarders.
        // If your ISP provided one or more IP addresses for stable
      // Uncomment the following block, and insert the addresses replacing
        // nameservers, you probably want to use them as forwarders.
      // the all-0's placeholder.
        // Uncomment the following block, and insert the addresses replacing
      // forwarders {
        // the all-0's placeholder.
      //      0.0.0.0;
      // };
      //========================================================================
      // If BIND logs error messages about the root key being expired,
      // you will need to update your keys.  See https://www.isc.org/bind-keys
      //========================================================================
      dnssec-validation auto;
      listen-on-v6 { any; };


        // forwarders {
      version "not currently available";
        //      0.0.0.0;
      recursion no;
        // };
      querylog yes;
 
      allow-transfer { none; };
        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;
 
        listen-on-v6 { any; };
 
        version "not currently available";
        recursion no;
        querylog yes;
        allow-transfer { none; };


};
};
</syntaxhighlight>


 
<syntaxhighlight lang="bash">
 
sudo named-checkconf
sudo named-checkconf
</syntaxhighlight>


 
<syntaxhighlight lang="bash">
 
 
sudo systemctl restart bind9
sudo systemctl restart bind9
</syntaxhighlight>


 
<syntaxhighlight lang="bash">
 
 
 
nano /etc/bind/named.conf.local
nano /etc/bind/named.conf.local
</syntaxhighlight>


 
<syntaxhighlight lang="bash" line="1">
//
//
// Do any local configuration here
// Do any local configuration here
//
//
// Consider adding the 1918 zones here, if they are not used in your
// Consider adding the 1918 zones here, if they are not used in your
// organization
// organization
Line 103: Line 103:


zone "example.com" {
zone "example.com" {
      type master;
    type master;
      file "/etc/bind/db.example.com";
    file "/etc/bind/db.example.com";
      allow-query { any; };
    allow-query { any; };
      allow-transfer { 192.168.100.60; };
    allow-transfer { 192.168.100.60; };
 
};
};
</syntaxhighlight>


 
<syntaxhighlight lang="bash">
 
cp /etc/bind/db.empty /etc/bind/db.example.com
cp /etc/bind/db.empty /etc/bind/db.example.com
</syntaxhighlight>


 
<syntaxhighlight lang="bash">
 
nano /etc/bind/db.example.com
nano /etc/bind/db.example.com
</syntaxhighlight>


 
<syntaxhighlight lang="bash">
 
;
;
; BIND data file for local loopback interface
; BIND data file for local loopback interface
Line 135: Line 136:
ns2      IN      NS      192.168.100.60
ns2      IN      NS      192.168.100.60
@        IN      A      192.168.100.60
@        IN      A      192.168.100.60
</syntaxhighlight>


 
<syntaxhighlight lang="bash">
 
named-checkconf
named-checkconf
</syntaxhighlight>


 
<syntaxhighlight lang="bash">
 
named-checkzone example.com /etc/bind/db.example.com
named-checkzone example.com /etc/bind/db.example.com
</syntaxhighlight>


 
<syntaxhighlight lang="bash">
 
zone example.com/IN: loaded serial 2019011503
zone example.com/IN: loaded serial 2019011503
OK
OK
</syntaxhighlight>


 
<syntaxhighlight lang="bash">
 
systemctl restart bind9
systemctl restart bind9
</syntaxhighlight>
[[Category:SMK 2024-25]]
[[Category:Debian]]
[[Category:Linux]]

Latest revision as of 23:10, 1 February 2025

Update repository 

sudo apt update

Install package bind9 

sudo apt install bind9 bind9utils bind9-doc bind9-host dnsutils

Lihat status bind9 

systemctl status bind9

Keterangan jika sudah berjalan 

 bind9.service - BIND Domain Name Server
  Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: en
  Active: active (running) since Sun 2019-07-14 10:27:56 UTC; 4min 6s ago
    Docs: man:named(8)
Main PID: 1481 (named)
   Tasks: 4 (limit: 1149)
  Memory: 13.7M
  CGroup: /system.slice/bind9.service
          └─1481 /usr/sbin/named -u bind


Jika belum berjalan, masukkan perintah berikut 

sudo systemctl start bind9


Aktifkan otomatis saat booting 

sudo systemctl enable bind9


Edit file named.conf.option untuk mengizinkan menjadi DNS server 

vim /etc/bind/named.conf.options


Tambahkan perintah ini 

options {
       directory "/var/cache/bind";
       // If there is a firewall between you and nameservers you want
       // to talk to, you may need to fix the firewall to allow multiple
       // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
       // If your ISP provided one or more IP addresses for stable
       // nameservers, you probably want to use them as forwarders.
       // Uncomment the following block, and insert the addresses replacing
       // the all-0's placeholder.
       // forwarders {
       //      0.0.0.0;
       // };
       //========================================================================
       // If BIND logs error messages about the root key being expired,
       // you will need to update your keys.  See https://www.isc.org/bind-keys
       //========================================================================
       dnssec-validation auto;
       listen-on-v6 { any; };

       version "not currently available";
       recursion no;
       querylog yes;
       allow-transfer { none; };

};

sudo named-checkconf

sudo systemctl restart bind9

nano /etc/bind/named.conf.local

//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "example.com" {
     type master;
     file "/etc/bind/db.example.com";
     allow-query { any; };
     allow-transfer { 192.168.100.60; };

};

cp /etc/bind/db.empty /etc/bind/db.example.com

nano /etc/bind/db.example.com

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns1.example.com. hostmaster.example.com. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
          IN      NS      ns1.example.com.
          IN      NS      ns2.example.com.
ns1       IN      NS      192.168.100.60
ns2       IN      NS      192.168.100.60
@         IN      A       192.168.100.60

named-checkconf

named-checkzone example.com /etc/bind/db.example.com

zone example.com/IN: loaded serial 2019011503
OK

systemctl restart bind9
Retrieved from "https://kangtain.com/wiki/index.php?title=Debian:_Konfigurasi_Debian_10_bind9&oldid=8555"