6.6 Configure Bind Server in DNSSEC on CentOS7

yang di pakai
Centos Gui = ip 172.16.50.101/16
netmask 255.255.0.0
gateway 172.16.50.101
dns 172.16.50.101

Centos cli (server) ip 172.16.12.100/16
gateway 172.16.12.100
dns 172.16.12.100

Window 10 ip 172.16.50.103
gate =172.16.12.51
dns=172.16.12.100

konfigurasi

*centos gui

#cmd -> ping 172.16.12.100

ssh root@172.16.12.100
yes
password -> gua g tau passwordnya

lalu intsal bind

yum install bind bind-utils -y
vi /etc/named.conf

options {
listen-on port 53 {127.0.0.1; 172.16.12.100; };
|
v
allow-query { localhost; 172.16.12.0/16; };
|
v
recursion yes;
forwarders {
172.16.12.1;
202.43.178.245;
};

zone "." IN{
type hint;
file "named.ca";
};

di copy yang di atas yang zone sampe };
lengkap 1 dari }; dan coy 2 kali

zone "tkj.net" IN{
type master;
file "/var/named/forward.zone";
};

zone "12.16.172.in-addr.arpa" IN{
type master;
file "/var/named/reverse.zone";
};

keluar pakek cara biasa wq

zone "12.16.172.in-addr.arpa" IN{
type master;
file "/var/named/reverse.zone";

copy yang di atas lalu paste di lengkap 1 nya

zone "tkj2.net" IN{
type master;
file "/var/named/forward.zone";
};

keluar pakek wq lagi

vi /var/named/forward.zone

$TTL 406800
@ IN SOA tkj.net root.tkj.net. (
2017111801 ;
10800 ;
3600 ;
406800 ;
);

@ IN NS ns.tkj.net.
ns IN A 172.16.12.100
www IN A 172.16.12.100
mail IN A 172 .16.12.100
tkj2 IN A 172.16.12.100

@ IN MX 10 mail.tkj.net.

penambahan domain baru

cp /var/named/forward.zone /var/named/reverse.zone

vi /var/named/reverse.zone

$TTL 406800
@ IN SOA tkj.net root.tkj.net. (
2017111801 ;
10800 ;
3600 ;
);

@ IN NS ns.tkj.net.
100 IN PTR ns.tkj.net.
100 IN PTR www.tkj.net.
100 in PTR mail.tkj.net

keluar pakek wq

named-checkzone 12 16.172.in-addr.arpa/var/named/reverse.zone

vi /var/named/reverse.zone

langsung keluar gw cuman nulis apa yang fiki lakuin

named-checkzone 12.16.172.in-addr.arpa/var/named/reverse.zone

vi /var/named/reverse.zone

keluar lagi

vi /var/named/forward.zone

keluar lagi

named-checkzone tkj.net /var/named/forward.zone

vi /var/named/forward.zone

$TTL 406800
@ IN SOA tkj.net root.tkj.net. (
2017111801 ;
10800 ;
3600 ;
406800 ;
406800;
);

@ IN NS ns.tkj.net.
ns IN A 172.16.12.100
www IN A 172.16.12.100
mail IN A 172 .16.12.100
tkj2 IN A 172.16.12.100

@ IN MX 10 mail.tkj.net.

named-checkzone tkj.net /var/named/forward.zone

vi /var/named/reverse.zone

$TTL 406800
@ IN SOA tkj.net root.tkj.net. (
2017111801 ;
10800 ;
3600 ;
406800 ;
406800 ;

);

@ IN NS ns.tkj.net.
100 IN PTR ns.tkj.net.
100 IN PTR www.tkj.net
100 IN PTR www.tkj2.net.
100 IN PTR mail.tkj.net

kelaur pakek wq

named-checkzone 12.16.172.in-addr.arpa/var/named/reverse.zone

firewall-cmd --permanent --add-port=53/tcp

firewall-cmd --permanent --add-port=53/udp

firewall-cmd --reload

systemctl restart named
systemctl enable named
systemctl start named
yum install dnssec-tools -y

kalo ada tulisan np package dnssex-tools itu wajar

cd /var/named/

ls

dnssec-keygen -r /dev/urandom -a RSASHA256 -b 1024 -n ZONE tkj.net

dnssec-keygen -r /dev/urandom -a RSASHA256 -b 2046 -n ZONE -f KSK tkj.net

cat Ktkj.net.+0008+*.key

cat Ktkj.net.+008+*.key >> forward.zone

vi forward.zone

keluar pakek wq

dnssec-signzone -t -g -o tkj.net forward.zone /var/named/Ktkj.net.+008+*.private

ls

vi /etc/named.conf

zone "tkj.net" IN{
type master;
file "/var/named/forward.zone";
};

diganti menjadi

zone "tkj.net" IN{
type master;
file "/var/named/forward.zone.signed";
};

systemctl restart named

dig DNSKEY tkj.net. @172.16.12.100

ping ns.tkj.net

LAKUKAN TEST DNSSEC PADA CLIENT WIN 10

ping www.tkj2.net

dig www.tkj2.net

BUKA WIN 10

ping 172.16.12.100
cat dsset-tkj.net.

buka putingya
masukan hostname ipnya

ip 172.16.12.100 portnya 22

login as root
masukan passwordnya

cd /var/named

cat dsset-tkj.net.

6.6 Configure Bind Server in DNSSEC on CentOS7

0 Response to "6.6 Configure Bind Server in DNSSEC on CentOS7"

Post a Comment