Home > World Of ICT > Upgrade to bind-9.8.1 on FreeBSD (Again…)

Upgrade to bind-9.8.1 on FreeBSD (Again…)


“Moral Of the Story” dari note dibawah adalah, kerjakan pekerjaan sampai tuntas, jangan mudah menyerah, dimana ada niat tentunya disitu ada jalan. Bagi yang mau mencoba silakan upgrade  DNS server ke versi 9.8  (saya coba malam ini dan berhasil selesai dalam waktu 30 Menit😀 , trust me )

dns# cd /usr/ports/dns/bind98/
dns# make config

┌──────────────────────────────────────────────────────────────┐ │
 │ │[X] SSL Building without OpenSSL removes DNSSEC │ │
 │ │[X] LINKS Create conf file symlinks in /usr/local │ │
 │ │[X] XML Support for xml statistics output │ │
 │ │[ ] IDN Add IDN support to dig, host, etc. │ │
 │ │[ ] REPLACE_BASE Replace base BIND with this version │ │
 │ │[ ] LARGE_FILE 64-bit file support │ │
 │ │[ ] SIGCHASE dig/host/nslookup will do DNSSEC validation │ │
 │ │[X] IPV6 IPv6 Support (autodetected by default) │ │
 │ │[X] THREADS Compile with thread support │ │
 │ │[ ] DLZ_POSTGRESQL DLZ Postgres driver │ │
 │ │[ ] DLZ_MYSQL DLZ MySQL driver (single-threaded BIND) │ │
 │ │[ ] DLZ_BDB DLZ BDB driver │ │
 │ │[ ] DLZ_LDAP DLZ LDAP driver │ │
 │ │[ ] DLZ_FILESYSTEM DLZ filesystem driver │ │
 │ │[ ] DLZ_STUB DLZ stub driver │ │
 ├─└────────────────────────────────────────────────┘─┤
 │ [ OK ] Cancel
>

dns# make config
dns# make && make install
===> Installing for bind98-9.8.1
===> bind98-9.8.1 depends on shared library: xml2.5 – found
===> Generating temporary packing list
===> Checking if dns/bind98 already installed
dns#

dns# cd /var/named/etc/namedb/
dns# rndc-confgen

akan ada output temporary data copy ke named.conf rndc.conf dan rndc.key
dns# more /var/named/etc/namedb/named.conf

acl "unila" {2001:df0:230::/48; 127.0.0.1/32; 192.168.0.0/16; 192.168.1.0/24; 103.3.46.0/24; };
 options {
 directory "/etc/namedb";
 pid-file "/var/run/named/pid";
 version "We forward your request version to /dev/null";
 listen-on-v6 { any; };
 allow-query {"unila";};
 allow-recursion {"unila";};
 minimal-responses yes;
forwarders {
 180.131.144.144;
 180.131.145.145;
};
 query-source address * port 53;
 dump-file "s/named_dump.db";
};
logging {
 category lame-servers { null; };
 };
zone "." IN {
 type hint;
 file "named.root";
 };
zone "localhost" IN {
 type master;
 file "db.localhost";
 allow-update { none; };
 };
zone "0.0.127.in-addr.arpa" IN {
 type master;
 file "db.127.0.0";
 allow-update { none; };
 };
zone "unila.ac.id" {
 type master;
 file "/var/named/etc/namedb/db/xxx/db.unila.ac.id";
 };
# Use with the following in named.conf, adjusting the allow list as needed:
 key "rndc-key" {
 algorithm hmac-md5;
 secret "3lkajkljasd5GPvhvrhec9gVZ7isE7GQ==";
 };
controls {
 inet 127.0.0.1 port 953
 allow { 127.0.0.1; } keys { "rndc-key"; };
 };

dns# more rndc.key

key "rndc-key" {
 algorithm hmac-md5;
 secret "3lkajkljasd5GPvhvrhec9gVZ7isE7GQ==";
 };

dns#

dns# more rndc.conf

# Start of rndc.conf
 key "rndc-key" {
 algorithm hmac-md5;
 secret "3lkajkljasd5GPvhvrhec9gVZ7isE7GQ==";
 };
options {
 default-key "rndc-key";
 default-server 127.0.0.1;
 default-port 953;
 };
 # End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
 # key "rndc-key" {
 # algorithm hmac-md5;
 # secret "3lkajkljasd5GPvhvrhec9gVZ7isE7GQ==;
 # };
 #
 # controls {
 # inet 127.0.0.1 port 953
 # allow { 127.0.0.1; } keys { "rndc-key"; };
 # };
 # End of named.conf
 dns#

terakhir buat zone unila.ac.id
dns# pwd
/var/named/etc/namedb/db

 dns# more db.unila.ac.id
 $TTL 86400
 @ IN SOA dns.unila.ac.id. root.unila.ac.id. (
 201204018 ; serial
 28800
 14400
 3600000
 86400
 )
IN NS dns.unila.ac.id.
 IN MX 10 barracuda.unila.ac.id.
 IN A 192.168.1.116
;layanan unila
 ;------------------
zimbra IN A 192.168.1.25
 IN MX 500 ns1
 IN MX 400 zimbra
 barracuda IN A 172.16.1.23
 IN MX 10 barracuda
 dns IN A 192.168.1.3
 ns1 IN A 192.168.1.8
BLAH..BLAH...BLAH..BLAH

Jalankan service Bind
dns# /usr/local/named/sbin/named -u named -c /usr/local/named/etc/named.conf

Buat jadi startup

dns# more /etc/rc.local

/usr/local/sbin/named -c /var/named/etc/namedb/named.conf

dns#

Lihat di log server ada masalah gak ??

dns# tail -f /var/log/messages
 Apr 11 19:37:24 dns named[27283]: built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-openssl=/usr' '--with-libxml2=/usr/local' '--without-idn' '--enable-ipv6' '--enable-threads' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=x86_64-portbld-freebsd8.1' 'build_alias=x86_64-portbld-freebsd8.1' 'CC=cc' 'CFLAGS=-O2 -pipe -fno-strict-aliasing' 'LDFLAGS= -rpath=/usr/lib:/usr/local/lib' 'CPPFLAGS=' 'CPP=cpp' 'CXX=c++' 'CXXFLAGS=-O2 -pipe -fno-strict-aliasing'
 Apr 11 19:37:24 dns named[27283]: could not listen on UDP socket: address in use
 Apr 11 19:37:24 dns named[27283]: creating IPv4 interface lo0 failed; interface ignored
 Apr 11 19:37:24 dns named[27283]: not listening on any interfaces
 Apr 11 19:37:24 dns named[27283]: couldn't add command channel 127.0.0.1#953: address in use
 Apr 11 19:37:25 dns named[27283]: command channel listening on ::1#953
 Apr 11 19:37:25 dns named[27283]: could not listen on UDP socket: address in use
 Apr 11 19:37:25 dns named[27283]: creating IPv4 interface lo0 failed; interface ignored
 Apr 11 19:37:25 dns named[27283]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
 Apr 11 19:37:25 dns named[27283]: running

Kalo gak ada masalah ya udah baru ditinggal, jangan maen tinggal aja kalau masih masalah

Terakhir check apakah bisa melakukan query dari luar network unila

lemlit# nslookup
 > server
 Default server: 192.168.1.3
 Address: 192.168.1.3#53
 > www.unila.ac.id
 Server: 192.168.1.3
 Address: 192.168.1.3#53
Name: www.unila.ac.id
 Address: 192.168.1.116
 > www.google.com
 Server: 192.168.1.3
 Address: 192.168.1.3#53
Non-authoritative answer:
 www.google.com canonical name = www.l.google.com.
 Name: www.l.google.com
 Address: 74.125.235.18
 Name: www.l.google.com
 Address: 74.125.235.19
 Name: www.l.google.com
 Address: 74.125.235.20
 Name: www.l.google.com
 Address: 74.125.235.16
 Name: www.l.google.com
 Address: 74.125.235.17
  1. dikshie
    April 11, 2012 at 1:43 pm

    9.8.2 udah release seminggu lalu dan ports tree nya juga sudah diupdate.

    • April 11, 2012 at 2:10 pm

      O iya lupa update port. Terlanjur deh . Karena OS yang diinstall anak-anak masih 8.3 release.

  2. dikshie
    April 11, 2012 at 1:46 pm

    1.apa alasan pakai forwarders?
    2.bagian zone “.” sebaiknya di-slave saja. bikin cepat dan mengurangi traffic. cuma harus sering dimonitor.

    • April 11, 2012 at 2:07 pm

      1. Dibuat forwarding dalam rangka mendukung blocking domain porn . Diforwardkan ke dns nawala jadi bisa combine filtering content di webproxy sekaligus dns filter . 2. Yang “.” Tadi memang masih dibuat default dari install, thnks sarannya bang besok di modif lagi.🙂

  3. dikshie
    April 11, 2012 at 4:39 pm

    1.oh i see. ke dns nawala. rupanya. kenapa dns nawala ngga menyediakan transfer zone ya?
    2.portmaster -tr bind 🙂

    • April 11, 2012 at 11:23 pm

      1. Harusnya gitu, biar query lebih cepet dgn zone transfer. Mungkin mereka males pusing nambahin acl manual one by one, allow transfer zone di server mereka.🙂

  1. August 6, 2012 at 6:48 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: