Category — Linux
Configuring BIND on RedHat (DNS under Linux)- Part 2
Configuring BIND on RedHat (DNS under Linux)
Part 2 - Primary Name Server for a Zone
Written by Tony Bhimani
July 21, 2004
Requirements
RedHat Linux 9
BIND 9.2.1
Now we will configure BIND to be a primary name server for a single zone. I will use the fictitous domain somefakedomain.com as an example. We will add the hostnames www, ftp, and mail. We will also have BIND respond if no hostname is specified in a query (i.e. somefakedomain.com).
BIND stores its configuration data in named.conf which is located in the /etc directory. This file contains the names of the zones and location of the zone data files that it is responsible for answering queries for. The zone data files are stored by default at /var/named (although you can change this path if you wish). Before you can make any changes I will assume you know which text editor you will be using. I prefer pico, but for this tutorial I will use vi since it has a better chance of being installed by default.
Switch over to the /etc directory and open the named.conf file.
cd /etc
vi named.conf
You should see something that looks like the following.
Scroll through the file and take a look at the contents. Locate the localhost zone.
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
Move the cursor on the blank like below the }; and press the i key. The i key puts vi in insert mode (you should see — INSERT — at the botton of vi). Press the enter key once then type in the following. Note: the spacing in front of type, file, and allow-update are tabs, so press the tab key on each of those lines.
zone "somefakedomain.com" IN {
type master;
file "somefakedomain.com.zone";
allow-update { none; };
};
Be sure to put a blank line underneath the }; when you are done. It always helps to keep your files neat and clean. Now we will save the file. Press ESC and vi should leave insert mode (– INSERT — at the bottom of vi should disappear). Now type :wq and enter. vi should write our changes and exit back to the prompt.
We have told BIND that we handle the somefakedomain.com domain and the zone data is in the somefakedomain.com.zone file located at /var/named. Now we have to create the somefakedomain.com.zone file.
Switch over to /var/named and make a copy of the localhost.zone file and save it as somefakedomain.com.zone. This will give us a template to work with so we don’t have to type as much. It also saves us from changing the file’s owner, group, and permissions.
cd /var/named
cp localhost.zone somefakedomain.com.zone
vi somefakedomain.com.zone
You should get something that looks like this.
Put vi in insert mode and alter the zone file so it looks like the data below. Use tabs between items. Where I use 192.168.1.200 you should replace with your public IP address (don’t use local LAN IP’s).
$TTL 86400 $ORIGIN somefakedomain.com. @ IN SOA ns1.somefakedomain.com. admin.somefakedomain.com. ( 2004042601 ; serial 21600 ; refresh 3600 ; retry 604800 ; expires 86400 ) ; minimum IN NS ns1.somefakedomain.com. IN MX 10 mail.somefakedomain.com. IN A 192.168.1.200 ns1 IN A 192.168.1.200 www IN A 192.168.1.200 ftp IN A 192.168.1.200 mail IN A 192.168.1.200
Let’s briefly go over the values (if you want more details on the contents of a zone file visit).
“ns1.somefakedomain.com.” is the name server responsible for somefakedomain.com. When you register a domain name the registrar asks you for the name servers names and IP’s. We have given our name server the name ns1 (i.e. name server 1). So if we were to register somefakedomain.com, we would use ns1.somefakedomain.com for the name and the IP address of the machine we have designated as our DNS server.
“admin.somefakedomain.com.” is the email address of the administrator in charge of the zone. You replace the @ symbol in the email address with a period. So admin@somefakedomain.com becomes admin.somefakedomain.com.
The “IN NS ns1.somefakedomain.com.” means we are declaring ns1.somefakedomain.com to be a name server.
With “IN MX 10 mail.somefakedomain.com.” we are declaring a mail exchange (or mail server) with a priority of 10. Since we only use one mail server the priority has no effect.
The “IN A 192.168.1.200″ means we are declaring a host (with no hostname, so it means somefakedomain.com) and it’s IP is 192.168.1.200. Any queries on just somefakedomain.com will resolve to 192.168.1.200. This is is useful when you configure your web server to work on somefakedomain.com or www.somefakedomain.com. They both point to the same thing and will return the same web site.
The rest of the entries mean we are declaring hosts ns1, www, ftp, and mail (ns1.somefakedomain.com, www.somefakedomain.com, ftp.somefakedomain.com, and mail.somefakedomain.com). Since they all share the same IP, each of those services will run from the same machine. If you had the mail server running on a different machine then you would substitute that machines IP address in place of 192.168.1.200. The same goes for the rest of the hosts.
When you are done editing the zone file, it should look like this.
Save it and close out of vi. Press ESC to get out of insert mode, type :wq and press enter. You should be back to the command prompt.
Now we need to tell named (BIND) to load the zone and answer any queries that come in.
/etc/init.d/named reload
Now we can test our domain using nslookup.
nslookup
server 127.0.0.1
somefakedomain.com
www.somefakedomain.com
mail.somefakedomain.com
You should see something similar to the following screen.
Everything looks good. BIND is resolving our somefakedomain.com. When you are done, type exit and press enter.
Source : http://www.xenocafe.com/tutorials/dns_linux/redhat/dns_linux_redhat-part2.php - Thx
Related posts
February 13, 2008 2 Comments
Configuring BIND on RedHat (DNS under Linux) - Part 1
Configuring BIND on RedHat (DNS under Linux)
Part 1 - Installing BIND on RedHat
Written by Tony Bhimani
July 21, 2004
Requirements
RedHat Linux 9
BIND 9.2.1
This tutorial describes the steps for configuring BIND 9.2.1 on RedHat Linux 9. It should be valid for other versions of BIND as well as some different distros of Linux. I will be going over setting it up as a primary and secondary name server. This tutorial spans three parts. In part 1 I will go over installing BIND and verifying the service will start on boot-up.
The first thing we will need to do is determine if BIND is already installed on your system. The method I use is to check through the RPM Package Manager. This will not work if you downloaded the BIND source code and compiled it.
Type the following at the command prompt:
rpm -qa | grep -i bind
rpm -qa | grep -i caching
If BIND is installed you should get something similar to this (ignore ypbind…it is unrelated to BIND) and you will want to skip to part 2 of this tutorial.
If BIND is not installed you will get something similar to the below image and you should keep reading.
We need to install BIND and have a few options here. We can download the source code and compile it, but we won’t take that route. We will want to install the RPM’s to keep things simple. There are a couple sources we can get the RPM’s from: download them or use the RedHat 9 CD’s. If you don’t have the RedHat 9 CD’s then you will need to download the BIND RPM’s. If you do have the CD’s then you can mount and install.
If you are not root, type su - and press enter and type in the root password (stay logged in as root for the remainder of this tutorial). Next switch to a directory where you can store the RPM’s. A good place is in your home directory under a folder called RPM. You can accomplish this by issuing the following commands.
cd ~
mkdir RPM
cd RPM
Choose your install method:
Install from CD
Download and Install the BIND RPM’s
Install from CD
The BIND RPM’s are located on the first CD and the caching name server and BIND development RPM’s are located on the second CD. What we will do is mount the first CD, copy of BIND RPM’s to the RPM folder we created, and unmount the CD. Then mount the next CD and copy the caching name server and BIND development RPM’s to the RPM folder and unmount that CD. Then we will proceed to the install section.
Put the RedHat 9 CD 1 in your CD-ROM drive and issue the following command.
mount -t iso9660 /dev/cdrom /mnt/cdrom
If your drive mounted then you should see something similar to the following.
Next copy the BIND RPM’s to your RPM folder.
cp /mnt/cdrom/RedHat/RPMS/bind-*.rpm .
We are now done with CD 1, so we can unmount it.
umount /mnt/cdrom
Put the RedHat 9 CD 2 in your CD-ROM drive and issue the following command.
mount -t iso9660 /dev/cdrom /mnt/cdrom
Next copy the caching name server and BIND development RPM’s to your RPM folder.
cp /mnt/cdrom/RedHat/RPMS/bind-devel-9.2.1-16.i386.rpm .
cp /mnt/cdrom/RedHat/RPMS/caching-nameserver-7.2-7.noarch.rpm .
Now unmount the CD-ROM with umount /mnt/cdrom and take the CD out of the drive.
When you are done, do a directory list (ls) and you should have all four files.
Now that you have the RPM’s it is time to actually install them. Go to the installation part.
Download and Install the BIND RPM’s
I offer you two ways of downloading the RPM’s. Using wget or using a FTP client. In my opinion using wget is far easier then using the basic FTP client that comes with RedHat. With wget you just supply the URL and it fetches the file for you. With the basic FTP client you have to issue more commands than I’m sure you’d like to. First thing you should do is check if you have wget on your system. Type wget and press enter. If you don’t get a command not found error then it is installed and you should proceed to the wget section. If you do get the command not found error, you have no choice but to use the FTP client. In either case you will need to know where to download the RPM’s from.
RedHat provides a list of mirror sites at http://www.redhat.com/download/mirror.html where you can choose where to download the RPM’s (or ISO images) from. The server we will use is mirror.mcs.anl.gov and the full path to the RPM’s isftp://mirror.mcs.anl.gov/pub/redhat/redhat/linux/9/en/os/i386/RedHat/RPMS/.
We want to download the following files:
bind-9.2.1-16.i386.rpm
bind-devel-9.2.1-16.i386.rpm
bind-utils-9.2.1-16.i386.rpm
caching-nameserver-7.2-7.noarch.rpm
Download by wget
Download by FTP Client
Issue these commands one at a time.
wget ftp://mirror.mcs.anl.gov/pub/redhat/redhat/linux/9/en/os/i386/RedHat/RPMS/bind-9.2.1-16.i386.rpm
wget ftp://mirror.mcs.anl.gov/pub/redhat/redhat/linux/9/en/os/i386/RedHat/RPMS/bind-devel-9.2.1-16.i386.rpm
wget ftp://mirror.mcs.anl.gov/pub/redhat/redhat/linux/9/en/os/i386/RedHat/RPMS/bind-utils-9.2.1-16.i386.rpm
wget ftp://mirror.mcs.anl.gov/pub/redhat/redhat/linux/9/en/os/i386/RedHat/RPMS/caching-nameserver-7.2-7.noarch.rpm
You should get something similar to the following for each file you download.
When you are done, do a directory list (ls) and you should have all four files.
Now that you have the RPM’s it is time to actually install them. Go to the installation part.
I guess you don’t have wget. No problem! FTP isn’t that bad, there is just more typing involved. Type the following commands to download the RPM’s.
ftp mirror.mcs.anl.gov
It then asks for a username, type anonymous and press enter. Then it will ask for your email address as a password. Type in your email address and press enter.
Once you are logged in, issue these commands one at a time.
bin
hash
cd /pub/redhat/redhat/linux/9/en/os/i386/RedHat/RPMS/
get bind-9.2.1-16.i386.rpm
get bind-devel-9.2.1-16.i386.rpm
get bind-utils-9.2.1-16.i386.rpm
get caching-nameserver-7.2-7.noarch.rpm
During each file download you will see a bunch of # symbols scroll by. This is just a text based progress bar. I find it helpful to let me know if a download has stalled. If you don’t want to use the hash marks, type hash off and press enter.
You should receive screens similar to the following.
After you have retreived all four files, type quit and press enter. Do a directory list (ls) and you should have all four files.
Now that you have the RPM’s it is time to actually install them.
Whichever path you chose, whether downloading the RPM’s or installing from CD, you should be in the same directory where they are located. To install the RPM’s you issue the following command.
rpm -ivh bind-*.rpm caching-nameserver-7.2-7.noarch.rpm
You should get something a screen similar to the following.
To verify the RPM’s installed successfully, issue the following commands.
rpm -qa | grep -i bind
rpm -qa | grep -i caching
BIND should now be installed and you should get a screen similar to the following.
Now we need to make sure the BIND service starts upon boot-up. To do this we will use chkconfig and tell the OS to start named (BIND) to start on runlevels 3 and 5. For more information about runlevels and the Linux boot process visit this site http://www.siliconvalleyccie.com/linux-hn/runlevels.htm.
Issue the following commands to chkconfig to turn named (BIND) on for runlevels 3 and 5. Then we will verify they have been turned on.
chkconfig –levels 35 named on
chkconfig –list | grep -i named
I should also mention instead of using chkconfig you could have used the RedHat Text Mode Setup Utility. From the command line type setup and press enter. Scroll down to System Services and press enter. Scroll down to named and press the spacebar to put a check on it. Press tab, enter, tab, tab, enter. You should be back to the prompt. Verify that named will boot-up. Note: If you didn’t install X Windows, runlevel 5 may not be turned on. This is ok because runlevel 5 is Multi-User GUI mode.
Everything looks good. Now we will start BIND and verify it is running.
/etc/init.d/named start
ps aux | grep -i named
That’s all for part 1. In part 2 I will cover setting up BIND as a primary name server for a single zone.
Related posts
February 13, 2008 No Comments
Trik Agar IP Local Dapat Dilihat Oleh IP Luar
Trik Agar IP Local Dapat Dilihat Oleh IP Luar
Artikel ini sengaja aku tulis karena biar tidak lupa bila suatu saat aku berhadapan dengan kasus ini lagi. Permasalahan nya adalah ketika kita cuma dikasih satu IP Address Publik oleh pihak ISP. Untuk menyiasati hal ini, agar beberapa server kita (Web Server, FTP server, Email Server) yang ada di IP lokal bisa diakses oleh Internet kita dapat menggunakan salah satu aplikasi dilinux yang sudah terkenal bandel…
Bagaimana caranya?
Solusinya adalah dengan NAT (Network Address Translation) yaitu mentranslasikan suatu IP Address ke sisi jaringan yang lain. Pada sistem Operasi Linux kita dapat melakukannya secara standard dengan menggunakan tools iptables. iptables sebagai tools pengatur trafik jaringan memiliki kemampuan untuk melakukan hal tersebut. iptables dijalankan dari sisi server akan meneruskan traffik yang merekues dari sisi publik/internet diteruskan ke sisi lokal.
Sehingga sintaksnya akan menjadi seperti demikian
iptables -t nat -I PREROUTING -p tcp -s IP_Publik_Yang_Merekuest –dport Port_Tujuan -j DNAT –to-destination IP_Lokal_tujuan:Port_aplikasinya
Penjelasan
-t nat = table nat pada iptables
-I PREROUTING = Insert pada chain Prerouting
-p tcp = protokol tcp
-s = Source/sumber Ip address yang merekues. Kalau semua diijinkan = 0/0
–dport = port tujuan yang diminta dari sisi publik
-j DNAT = Target Destination NAT
–to-destination = ke tujuan ip lokal yang diinginkan
Misal kita memiliki ip publik202.130.202.111 dan webserver ada pada sisi lokal 192.168.0.250 maka kita bisa melakukan seperti ini
iptables - t nat -I PREROUTING -p tcp -s 0/0 –dport 80 -j DNAT –to-destination 192.168.0.250:80
Atau jika port 80 telah digunakan oleh server itu sendiri, kitabisa memanfaatkan port yang kosong dari sisi server tersebut misal
iptables - t nat -I PREROUTING -p tcp -s 0/0 –dport 88 -j DNAT –to-destination 192.168.0.250:80
Namun, proses pemanggilan dalam browser harus lengkap menggunakan port
http://202.130.202.111:88
Ya, langkah ini juga bisa di balik apabila seorang administrator jaringan ingin merouting jaringan, agar rekuest ke port tertentu, dapat dialihkan ke route lain, namun logika dibalik dan port destination di belakang di hilangkan. Contoh:
iptables -t nat -I PREROUTING -p tcp -s 192.168.0.0/24 –dport 80 -j DNAT –to-destination 202.130.202.111
Langkah ini juga bisa di gunakan untuk protokol lain juga selain web seperti ssh, remote server dal protokol lainnya.
Sumber : http://intrix.wordpress.com — Thx
Related posts
February 10, 2008 No Comments
Setting PC Router dan Firewall pada LINUX
Setting PC Router dan Firewall pada LINUX
Artikel ini hanyalah sepenggal catatan kecil (referensi pribadi) yang di susun kembali berdasarkan sumber-sumber lain dari internet, hasil diskusi dengan paman Google dan bibi Yahoo :-). Dengan harapan diposting disini untuk mengingat-ingat kembali dan bisa pula menjadi referensi bagi semuanya terutama buat eKa yang meminta postingan ini melalui Shoutbox beberapa hari yang lalu. Dan khususnya bagi siswa saya TKJ yang sedang belajar LINUX dan menghadapi Lomba Kegiatan Siswa (LKS).
Sebenarnya sudah banyak website/blog yang ngulik masalah ini secara tuntas, sebut saja Forum Linux, Info Linux, Gudang Linux, DiskusiWeb, Linux Online dll. Akan tetapi disini saya cuma membahas bagaimana menjadikan Linux yang kita miliki sebagai gateway yang akan menghubungkan jaringan lokal (LAN) ke dunia luar (Internet). Dimana, sistem Linux ini akan dijadikan sebagai PC Router dengan konfigurasi Ip_forwarding, dan NAT+MASQUERADE dengan settingan standard yang sederhana. Sementara untuk penggunaan Firewall, URL Filter, Squid serta Delay Pools (manajemen bandwidth) akan dibahas pada postingan berikutnya.
Installasi ini sudah berhasil dilakukan pada distro linux redhat 9.0 dan fedora core 6.0 (LINUX TEXT) dengan spesifikasi komputer Intel PIII 866MHz, RAM 256, HDD 20GB, dan 2 buah Ethernet Card (Intel PRO/100 S Desktop Adapter – Realtek RTL8139/810x Familiy Fast Ethernet NIC).
DNS3 : 203.130.193.74
NETWORK : 192.168.10.0
Catatan, loginlah ke mesin linux anda dengan username sebagai ROOT. Untuk melakukan perubahan tekan tomboll (insert) dan untuk menyimpan perubahan tekan escape : wq (write quit).
ONBOOT=yes
ONBOOT=yes
GATEWAY=192.168.1.1
nameserver 203.130.193.74
ONBOOT=yes
# ifconfig|more
rubah net.ipv4.ip_forward = 0 menjadi net.ipv4.ip_forward = 1
# /etc/rc.d/init.d/network restart
# ping 192.168.10.0/24
Jika hasilnya Reply berarti settingnya sudah berhasil dan tinggal selangkah lagi.
# vi /etc/rc.d/rc.nat
/sbin/iptables -t nat -A PREROUTING -i eth1 -s 192.168.10/24 -p udp –dport 8080 -j REDIRECT –to-ports 3128
# iptables –L –t nat
echo “”
Semoga memberikan pencerahan..
Sumber : http://riska-robianto.blogspot.com/2007/11/setting-pc-router-dan-firewall-pada.html
Related posts
February 10, 2008 No Comments
Membuat Internet Gateway Di Fedora Core 5
Membuat Internet Gateway Di Fedora Core 5
Sebelum memulainya kita harus tahu dulu info lengkap dari ISP seperti : IP Address, NetMask, DNS Server dll pokoknya harus lengkap. Dan jangan lupa berdoa, sediakan cemilan dan minuman ringan biar nggak stress.
Contoh :
Konfigurasi WAN :
IP Address = 192.168.1.100
NETMASK = 255.255.255.0
GATEWAY = 192.168.1.1
DNS = 192.168.1.1
Konfigurasi LAN :
IP Address = 192.168.0.1
NETMASK = 255.255.255.0
Tahap pertama | Topologi Jaringan
Internet — Internet Gateway — Client
Tahap kedua | Konfigurasi eth0 (To Internet / Modem ADSL)
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes
USERCTL=no
IPV6INIT=no
PEERDNS=yes
TYPE=Ethernet
DEVICE=eth0
HWADDR=00:18:f3:23:87:79
BOOTPROTO=none
NETMASK=255.255.255.0
IPADDR=192.168.1.100
GATEWAY=192.168.1.1
Tahap ketiga | Konfigurasi eth1 (To LAN)
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1
ONBOOT=yes
USERCTL=no
IPV6INIT=no
PEERDNS=yes
TYPE=Ethernet
DEVICE=eth1
HWADDR=00:40:f4:4f:fa:27
BOOTPROTO=none
NETMASK=255.255.255.0
IPADDR=192.168.0.1
Tahap keempat | Konfigurasi Name Server (DNS)
[root@localhost ~]# vi /etc/resolv.conf
search localdomain
nameserver 192.168.1.1
Tahap kelima | Konfigurasi ipv4 forwarding
[root@localhost ~]# vi /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 0
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
Tahap keenam | Konfigurasi Internet Sharing (IPTables)
[root@localhost ~]# vi /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Mon Nov 19 19:23:54 2007
*nat
:PREROUTING ACCEPT [59:7516]
:POSTROUTING ACCEPT [532:36819]
:OUTPUT ACCEPT [527:36516]
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth0 -j SNAT –to-source 192.168.1.100
atau
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE (Jika eth0 menggunakan DHCP)
# Completed on Mon Nov 19 19:23:54 2007
Tahap ketujuh | Aktifkan service
[root@localhost ~]# /etc/init.d/iptables restart
[root@localhost ~]# /etc/init.d/network restart
Selamat mencoba dan semoga berhasil 
Related posts
February 10, 2008 No Comments
