Home > World Of ICT > Secondary DNS dengan memanfaatkan layanan Gratis dari HE.NET

Secondary DNS dengan memanfaatkan layanan Gratis dari HE.NET


Domain Name System (DNS) adalah suatu bentuk database yang terdistribusi, dimana pengelolaan secara lokal terhadap suatu data akan segera diteruskan ke seluruh jaringan (internet) dengan menggunakan skema client-server. Suatu program yang dinamakan name server, mengandung semua segmen informasi dari database dan juga merupakan resolver bagi client-client yang berhubungan ataupun menggunakannya, beruntunglah ada teknologi ini membantu memudahkan manusia untuk berkomunikasi di alam digital.

Di Universitas Lampung sendiri telah disiapkan 3 Name Server Public untuk meng-handle query resolv zone domain dan PTR record unila.ac.id ;

  • Primary     Name Server :  ns1.unila.ac.id/103.3.46.2
  • Secondary Name Server : ns2.unila.ac.id/103.3.46.3
  • Secondary Name Server : ns3.unila.ac.id/103.3.46.4

Belajar dari pengalaman kemarin yang sempat saya posting disini https://gigihfordanama.wordpress.com/2011/09/29/cname-and-mx-record-will-effect-email-problem , juga hasil dari diskusi dengan Bos Admin CS-UI (Pak Maman Sutarman) problem mail kadang kala juga berasal dari resolv dns yang tidak berhasil, sehingga perlu disiapkan Name Server dengan lokasi berbeda dengan ISP kita , lebih dari dua lebih baik. terhitung sejak kemarin akhirnya saya memutuskan untuk menggunakan layanan freeDNS dari Hurricane Electric (http://dns.he.net) , dengan langkah praktis adalah sebagai berikut;

  • Register di http://dns.he.net
  • Buat Record Zone domain agar bisa transfer zone ke NS1.HE.NET
  • zone "unila.ac.id" {
            type master;
            file "db.unila.mora";
            allow-query { any; };
            allow-transfer { 216.218.186.2; };
    };
  • Dan Tambahkan record NS dengan menambahkan entry NS1.HE.NET di zona unila tadi, kira kira seperti berikut
  • $TTL    3600
    @       IN      SOA     ns1.unila.ac.id. gigih.unila.ac.id.  (
                                    2011092704 ; serial
                                    3600       ; Refresh
                                    900        ; Retry
                                    3600000    ; Expire
                                    3600 )     ; Minimum
            IN      NS      ns1.unila.ac.id.
            IN      NS      ns2.unila.ac.id.
            IN      NS      ns1.he.net.
            IN      MX 10   barracuda.unila.ac.id.
            IN       A      103.3.46.1
            IN      MX 20   zimbra.unila.ac.id.
            IN      MX 30   mailgate.unila.ac.id.
            IN      AAAA    2001:470:18:aa7::2

    
    
  • Akses http://dns.he.net
  • Klik AddNew Slave dengan parameter berikut
  • Tidak lama berselang HE.NET akan menerima transfer zone persis sama dengan Master Domain.

Selesai, tinggal di Check apakah sudah bisa diresolv dari luar atau belum,

ns1 ~>dig @ns5.speedcast.com unila.ac.id SOA

; <<>> DiG 9.3.2-P1 <<>> @ns5.speedcast.com unila.ac.id SOA
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58821
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1

;; QUESTION SECTION:
;unila.ac.id.                   IN      SOA

;; ANSWER SECTION:
unila.ac.id.            3600    IN      SOA     ns1.unila.ac.id. gigih.unila.ac.id. 2011092704 3600 900 3600000 3600

;; AUTHORITY SECTION:
unila.ac.id.            274     IN      NS      ns2.unila.ac.id.
unila.ac.id.            274     IN      NS      ns1.unila.ac.id.
unila.ac.id.            274     IN      NS      ns1.he.net.

;; ADDITIONAL SECTION:
ns1.he.net.             20252   IN      A       216.218.130.2

;; Query time: 137 msec
;; SERVER: 202.174.158.10#53(202.174.158.10)
;; WHEN: Fri Sep 30 09:22:41 2011
;; MSG SIZE  rcvd: 147
ns1 ~>

Jika ns1.he.net sudah muncul berarti sudah berhasil, tinggal check query ke NS1.HE.NET bertanya resolv domain unila,

ns1 ~>dig @ns1.he.net www.unila.ac.id SOA

; <<>> DiG 9.3.2-P1 <<>> @ns1.he.net www.unila.ac.id SOA
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62638
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.unila.ac.id.               IN      SOA

;; AUTHORITY SECTION:
unila.ac.id.            86400   IN      SOA     ns1.he.net. gigih.unila.ac.id. 2011092903 3600 900 3600000 3600

;; Query time: 205 msec
;; SERVER: 216.218.130.2#53(216.218.130.2)
;; WHEN: Fri Sep 30 09:24:38 2011
;; MSG SIZE  rcvd: 85

ns1 ~>
ns1 ~>dig @ns1.he.net unila.ac.id MX

; <<>> DiG 9.3.2-P1 <<>> @ns1.he.net unila.ac.id MX
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7730
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3

;; QUESTION SECTION:
;unila.ac.id.                   IN      MX

;; ANSWER SECTION:
unila.ac.id.            3600    IN      MX      20 zimbra.unila.ac.id.
unila.ac.id.            3600    IN      MX      30 mailgate.unila.ac.id.
unila.ac.id.            3600    IN      MX      10 barracuda.unila.ac.id.

;; ADDITIONAL SECTION:
barracuda.unila.ac.id.  3600    IN      A       103.3.46.252
zimbra.unila.ac.id.     3600    IN      A       103.3.46.21
mailgate.unila.ac.id.   3600    IN      A       103.3.46.5

;; Query time: 228 msec
;; SERVER: 216.218.130.2#53(216.218.130.2)
;; WHEN: Fri Sep 30 09:25:09 2011
;; MSG SIZE  rcvd: 151

ns1 ~>

Selamat kita sudah memiliki secondary Name Server yang di hosting diluar, dan ini gratis sodara-sodara.

 

Ini saya cuplik hasil query test dari dnstool di Checko http://www.dns-info.cz/en/dns-test/dom.php

 

Test results – unila.ac.id

Authoritative name servers
DNS server TTL IPv4 address IPv4 glue IPv6 address serial No. reaction
ns2.unila.ac.id 1800 30m 103.3.46.3 103.3.46.3 2011092704 385 ms
ns1.he.net 1800 30m 216.218.130.2 2011092704 181 ms
ns1.unila.ac.id (pri) 1800 30m 103.3.46.2 103.3.46.2 2001:470:35:2b8::2 2011092704 383 ms
Subnets and autonomous systems of name servers
name IPv4 address subnet ASN
ns2.unila.ac.id 103.3.46.3 103.3.46.0/24 56237
ns1.he.net 216.218.130.2 216.218.128.0/17 6939
ns1.unila.ac.id 103.3.46.2 103.3.46.0/24 56237
SOA record (ns1.unila.ac.id)
item value description
serial 2011092704 domain zone serial number
mname ns1.unila.ac.id name of primary name server for this zone
rname gigih.unila.ac.id zone administrator’s e-mail address
refresh 3600 1h interval for checking availabilty of new zone on primary name server (seconds)
retry 900 15m interval for repeating new zone check on primary name server when the previous attemp failed (seconds)
expire 3600000 41d 16h time after which the zone is discarded when the secodary server is unable to contact primary name server to check new zone (seconds)
minimum 3600 1h TTL for caching negative responses (seconds)
NS records from the zone (ns1.unila.ac.id)
domain name TTL value
unila.ac.id 3600 1h ns1.he.net
unila.ac.id 3600 1h ns1.unila.ac.id
unila.ac.id 3600 1h ns2.unila.ac.id
MX records from the zone (ns1.unila.ac.id)
domain name TTL value IPv4 address IPv6 address
unila.ac.id 3600 1h 10 barracuda.unila.ac.id 103.3.46.252
unila.ac.id 3600 1h 20 zimbra.unila.ac.id 103.3.46.21
unila.ac.id 3600 1h 30 mailgate.unila.ac.id 103.3.46.5
A records from the zone (ns1.unila.ac.id)
domain name TTL value
unila.ac.id 3600 1h 103.3.46.1
http://www.unila.ac.id 3600 1h 103.3.46.1
AAAA records from the zone (ns1.unila.ac.id)
domain name TTL value
unila.ac.id 3600 1h 2001:470:18:aa7::2
http://www.unila.ac.id 3600 1h 2001:470:18:aa7::2
SRV SIP records from the zone (ns1.unila.ac.id)
domain name TTL pref weight target IPv4 IPv6
No records found
Results of DNS and domain tests
test name and result description result
 DNS servers response (info) PASS
All name servers for this domain name respond to DNS queries
 zone serial numbers (info) PASS
All name servers return the same serial number in SOA record

  • 2011092704
 authoritativity of name servers for the domain (info) PASS
All name servers are authoritative for this domain name
 attendance of required glue records at parent server (info) PASS
There are all required glue records on parent server
 glue records and A records in zone matching (info) PASS
Glue records match with A records in the zone
 attendance of NS records in the zone (info) PASS
Zone of the domain name contains NS records
 NS records and authoritative name servers matching (info) PASS
NS records from the zone match NS records from parent server
 recursive queries (info) WARNING
Some nameservers provide recursive services. It is a bad idea to run authoritative and caching services on one DNS server, because it can cause difficulties in some conditions.

  • ns2.unila.ac.id
  • ns1.unila.ac.id
 public zone transfer (AXFR) (info) PASS
None of name servers offer zone transfer (AXFR) for this domain name
 name servers on public IP (info) PASS
All name servers are on public IP addresses
 recommended number of name servers (info) PASS
The domain has recommended 2-7 name servers
 TTL values in NS records on parent server (info) PASS
TTL values of NS records at parent server matches
 TTL values in NS records in the zone (info) PASS
TTL values of NS records in the zone matches
 reverse records of name servers (info) PASS
Reverse records of DNS servers matches with their IP addresses
 name servers in different autonomous systems (AS) (info) PASS
DNS servers are at least in 2 different autonomous systems (AS) thus their availability is not dependent on one network
 name servers in different subnets (info) PASS
DNS servers are at least in 2 different subnets
 different IPv4 addresses of name servers (info) PASS
DNS servers have different IP addresses
 server from SOA MNAME as NS record (info) PASS
DNS server from SOA MNAME entry is listed as NS record in the zone

  • ns1.unila.ac.id
 MNAME entry check (info) PASS
SOA MNAME entry is syntactically valid
 similar MNAME in SOA from all name servers (info) PASS
All DNS servers return the name MNAME value in SOA record

  • ns1.unila.ac.id
 RNAME entry check (info) PASS
SOA RNAME entry is syntactically valid
 recommended format of serial number (YYYYMMDDnn) (info) PASS
The serial number of the zone has recommended syntax YYYYMMDDnn

  • 2011092704
 REFRESH value check (info) PASS
SOA REFRESH value is within recommended range 20m-12h
 RETRY value check (info) PASS
SOA RETRY value is less than REFRESH value and is at least 15m
 EXPIRE value check (info) NOTICE
SOA EXPIRE value is higher than recommended maximum 31 days.
 MINIMUM value check (info) PASS
SOA MINIMUM value is within recommended range 1-3h
 contact WWW server (info) PASS
Connection to WWW server using HTTP protocol is all right
 HTTP response code (info) PASS
Response from WWW server is correct, no error detected
 Mailserver software detection (info) INFO
Software of WWW server has been determned

  • Apache/2.2.16
  • FreeBSD
  • mod_ssl/2.2.16
  • OpenSSL/0.9.8n
  • DAV/2
  • PHP/5.2.14
  • Suhosin-Patch
  • PHP/5.2.14
 AAAA records presence (info) INFO
Domain has A records and also AAAA records
 TTL values in A records (info) PASS
TTL values in A records are equal
 TTL values in AAAA records (info) PASS
TTL values in AAAA records are equal
 Reverse records of WWW server (info) PASS
Reverse records matches with their IP addresses
 Number of MX records (info) INFO
Domain has at least 2 MX records, thus the domain accepts e-mail messages and has a backup mailserver for the case of failure of primary mailserver.
 Syntax check of MX records (info) PASS
All MX records are syntactically correct
 Resolve MX records to IP address (info) PASS
All MX records can be correctly resolved to IP address
 MX records duplicity (info) PASS
MX records are not duplicated
 TTL values of MX records (info) PASS
TTL values of MX records are equal
 Reverse reverse records of MX records (info) PASS
Reverse records match with their IP addresses
 Connection with primary mailserver (info) ERROR
The mailserver does not accept e-mails for postmaster@domain
 Connection to other mailservers (info) ERROR
Can’t connect to some of backup mailservers
 Mailserver software detection (info) INFO
Mailserver software could not be detected
 Detection of available extensions (ESMTP) (info) PASS
Mailserver offer ESMTP extensions

  • SIZE 100000000
  • PIPELINING
  • 8BITMIME
  • HELP
 Greylisting (info) skipped
 AAAA records presence (info) INFO
None of mailservers does not have IPv6 (AAAA record)
 SPF records presence (info) INFO
Domain does not have SFP or TXT (v=spf1) record
 Open relay mailservers (info) PASS
None of mailserver is open relay, thus they accepts e-mails only for domains that are configured for.
 Mail servers in DNSBL blacklists (info) PASS
None of mailservers is listed in any DNSBL servers thus they are not the source of spam
 SRV SIP records presence (info) INFO
Domain does not provide SIP services
 Syntax check of SRV records (info) skipped
 Resolve SIP servers from SRV records to IP addresses (info) skipped
 SRV records duplicity (info) skipped
 TTL values check for SRV records (info) skipped
 Reverse records for SIP servers (info) skipped
 AAAA records presence for SIP servers (info) skipped
 DNSKEY record presence (info) INFO
  1. September 30, 2011 at 2:51 am

    ns1.he.net didaftarkan juga ke pandi.
    kalau itb pakai ini http://www.isc.org/solutions/sns

  2. September 30, 2011 at 7:01 am

    Iya bang ns1.he.net udah didaftarin ke pandi, sejak kemarin malem (Dini hari) sekarang baru keupdate diseluruh dunia, berjam-jam juga yah hehehe.

    ns1# dig @ns1.id unila.ac.id NS

    ; <> DiG 9.3.2-P1 <> @ns1.id unila.ac.id NS
    ; (1 server found)
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13825
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3

    ;; QUESTION SECTION:
    ;unila.ac.id. IN NS

    ;; AUTHORITY SECTION:
    unila.ac.id. 1800 IN NS ns2.unila.ac.id.
    unila.ac.id. 1800 IN NS ns1.he.net.
    unila.ac.id. 1800 IN NS ns1.unila.ac.id.

    ;; ADDITIONAL SECTION:
    ns1.unila.ac.id. 13300 IN A 103.3.46.2
    ns1.unila.ac.id. 13300 IN AAAA 2001:470:23:cc::2
    ns2.unila.ac.id. 13300 IN A 103.3.46.3

    ;; Query time: 8 msec
    ;; SERVER: 202.155.30.227#53(202.155.30.227)
    ;; WHEN: Fri Sep 30 14:01:16 2011
    ;; MSG SIZE rcvd: 149

    ns1#

  3. October 3, 2011 at 2:20 am

    hiehieh setuju dengan @dikshiedikshie
    UNY juga pake sns-isc, pake paket non-profit😀

  4. October 3, 2011 at 2:43 am

    http://www.isc.org/solutions/sns sudah isi formnya, dari tahun kemaren nggak dibales sama admin-nya makanya gak dihost disana hehe.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: