Konfigurasi DHCP server dengan Dynamic Update pada Bind9 di CentOS 6.3

DHCP Server dan Dynamic Update Bind9 DNS Server

Disini saya hanya akan membahas instalasi dan konfigurasi saja, untuk deskripsi dan penjelasan tentang apa itu dynamic update pada BIND9, silahkan mencari referensi di internet dan dokumentasi resmi dari isc.org. Konfigurasi yg saya tuliskan disini, sudah saya uji coba dan diterapkan di lingkungan kerja saya. Jika ada pertanyaan, silahkan tinggalkan komentar.

1. install dhcp server.

[root@dns ~]# [root@dns ~]# rpm -qa | grep dhcp
dhcp-common-4.1.1-31.P1.el6.i686
[root@dns ~]# yum install dhcp -y

2. Lakukan konfigurasi sesuai dengan keperluan anda.

[root@dns ~]# cd /etc/dhcp/
[root@dns dhcp]# ls -l
total 12
drwxr-xr-x. 2 root root 4096 Aug 15 22:29 dhclient.d
-rw-r--r--. 1 root root  193 Aug 15 22:29 dhcpd6.conf
-rw-r--r--. 1 root root  112 Aug 15 22:29 dhcpd.conf

[root@dns dhcp]# cat dhcpd.conf
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample
#   see 'man 5 dhcpd.conf'
#

3. Backup file lama, dan copy contoh konfigurasi untuk memudahkan kita meng-editnya kemudian.

[root@dns dhcp]# mv dhcpd.conf dhcpd.conf.ori
[root@dns dhcp]# cp /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample .

4. Konfigurasi file dhcpd.conf

[root@dns dhcp]# cat dhcp.d.conf.sample | grep -Ev "[#]" > dhcpd.conf
[root@dns dhcp]# nano dhcpd.conf

## Isi file dhcpd.conf
option domain-name "intranet.virtual";
option domain-name-servers dns.intranet.virtual;
default-lease-time 600;

max-lease-time 7200;
ddns-update-style interim;
include "/etc/rndc.key"; // key nya harus sama dengan key yg ada di dns server.

zone intranet.virtual {
	primary 192.168.8.2; // IP Address DNS Server.
	key rndc-key; // key samakan dengan di dns server.
}

zone 8.168.192.in-addr.arpa {
	primary 192.168.8.2; // IP Address DNS Server.
	key rndc-key; // key samakan dengan di dns server.
}

authoritative;
log-facility local6; // DHCPD log saya rubah menjadi local6

subnet 192.168.8.0 netmask 255.255.255.0 {  // dhcp range
	range 192.168.8.100 192.168.8.200;
        option routers 192.168.8.1;
}
## end of dhcpd.conf ##

5. Edit file named.conf dan tambahkan acl berikut:

acl "dhcpd" { key rndc-key; };

6. Edit file named.rfc1912.zones, dan tambahkan opsi allow-update { dhcpd; }; di zona domain yg kita buat, :

allow-update { dhcpd; };

7. Edit rsyslog.conf, tambahkan baris berikut, agar log dari ‘daemon dhcpd’ terpisah dari ‘messages’.

# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none;local6.none		/var/log/messages
# DHCPD Logging
local6.*	/var/log/dhcpd.log

8. restart service rsyslog, dhcpd dan named.

[root@dns named]# service rsyslog restart && service dhcpd restart && service named restart
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
Shutting down dhcpd:                                       [  OK  ]
Starting dhcpd:                                            [  OK  ]
Stopping named: .                                          [  OK  ]
Starting named:                                            [  OK  ]
[root@dns named]#

9. Aktifkan dhcpd daemon sejak startup.

[root@dns named]# chkcondifig dhcpd on
[root@dns named]# chkconfig dhcpd on| grep named dhcp
dhcpd          0:off1:off2:on3:on4:on5:on6:off
dhcpd6         0:off1:off2:off3:off4:off5:off6:off

10. Set SELinux polivy boolean menjadi true.

[root@dns named]# getsebool -a | grep named
named_write_master_zones --> off
[root@dns named]# setsebool -P named_write_master_zones true
[root@dns named]# getsebool -a | grep named
named_write_master_zones --> on

11. Lakukan uji coba menggunakan perintah nsupdate:

[root@dns named]# nsupdate -k /etc/rndc.key
> server 127.0.0.1
> update add tes.intranet.virtual 86400 A 192.168.8.200
> send
> quit
[root@dns named]#

12. Log dari perintah nsupdate:

[root@dns named]# tail -f /var/log/messages
Nov 27 17:37:15 dns named[2072]: client 127.0.0.1#11830: signer "rndc-key" approved
Nov 27 17:37:15 dns named[2072]: client 127.0.0.1#11830: updating zone 'intranet.virtual/IN': adding an RR at 'tes.intranet.virtual' A
Nov 27 17:37:15 dns named[2072]: zone intranet.virtual/IN: sending notifies (serial 3)
Nov 27 17:37:35 dns named[2072]: client 127.0.0.1#48488: transfer of 'intranet.virtual/IN': AXFR started
Nov 27 17:37:35 dns named[2072]: client 127.0.0.1#48488: transfer of 'intranet.virtual/IN': AXFR ended
Nov 27 17:38:01 dns named[2072]: client 127.0.0.1#28490: signer "rndc-key" approved
Nov 27 17:38:01 dns named[2072]: client 127.0.0.1#28490: updating zone 'intranet.virtual/IN': delete all rrsets from name 'tes.intranet.virtual'
Nov 27 17:38:01 dns named[2072]: zone intranet.virtual/IN: sending notifies (serial 4)
Nov 27 17:38:10 dns named[2072]: client 127.0.0.1#55302: transfer of 'intranet.virtual/IN': AXFR started
Nov 27 17:38:10 dns named[2072]: client 127.0.0.1#55302: transfer of 'intranet.virtual/IN': AXFR ended
^C
[root@dns named]#

jangan lupa untuk menghapus record tes.intranet.virtual yg tadi ditambahkan, karena jika tidak akan menimbulkan masalah di kemudian hari.

13. ini adalah log ketika dhcpd melayani request IP Address dari klien dan bind9 melakukan dynamic update.

[root@dns named]# tail -f /var/log/messages
Nov 27 16:08:15 dns dbus: [system] Reloaded configuration
Nov 27 16:08:19 dns setsebool: The named_write_master_zones policy boolean was changed to true by root
Nov 27 16:11:13 dns named[1823]: client 192.168.8.2#60260: signer "rndc-key" approved
Nov 27 16:11:13 dns named[1823]: client 192.168.8.2#60260: updating zone 'intranet.virtual/IN': adding an RR at 'MikroTik.intranet.virtual' A
Nov 27 16:11:13 dns named[1823]: client 192.168.8.2#60260: updating zone 'intranet.virtual/IN': adding an RR at 'MikroTik.intranet.virtual' TXT
Nov 27 16:11:13 dns named[1823]: zone intranet.virtual/IN: sending notifies (serial 2)
Nov 27 16:11:13 dns named[1823]: client 192.168.8.2#32924: signer "rndc-key" approved
Nov 27 16:11:13 dns named[1823]: client 192.168.8.2#32924: updating zone '8.168.192.in-addr.arpa/IN': deleting rrset at '100.8.168.192.in-addr.arpa' PTR
Nov 27 16:11:13 dns named[1823]: client 192.168.8.2#32924: updating zone '8.168.192.in-addr.arpa/IN': adding an RR at '100.8.168.192.in-addr.arpa' PTR
Nov 27 16:11:13 dns named[1823]: zone 8.168.192.in-addr.arpa/IN: sending notifies (serial 2)
^C
[root@dns named]#

12. Ternyata Bind tidak menyimpan record dari dynamic update nya secara langsung di file dns recordnya, melainkan akan menyimpannya di dalam file journal yg berekstensi “.jnl”. Untuk melihat record hasil dari dynamic update, kita bisa menggunakan perintah berikut:

[root@dns named]# host -l intranet.virtual
intranet.virtual name server dns.intranet.virtual.
dns.intranet.virtual has address 192.168.8.2
MikroTik.intranet.virtual has address 192.168.8.100
router.intranet.virtual has address 192.168.8.1
tes.intranet.virtual has address 192.168.8.200
[root@dns named]#

13. Dan ini adalah contoh isi dari file record dns yg telah di update via dynamic update.

[root@dns named]# cat /var/named/intranet.conf
$ORIGIN .
$TTL 86400      ; 1 day
intranet.virtual            IN SOA  dns.intranet.virtual. root.intranet.virtual. (
                                3          ; serial
                                86400      ; refresh (1 day)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                10800      ; minimum (3 hours)
                                )
                        NS      dns.intranet.virtual.
$ORIGIN intranet.virtual.
www                     CNAME   dns
dns                     A       192.168.7.2
$TTL 300        ; 5 minutes
klien1                  A       192.168.7.10 // #Ini adalah record yg dihasilkan dari dynamic update via dhcp service.
                        TXT     "31153f9ec49b2a056a068ef02b7dfbefa2" // #Sama.
klien2                  A       192.168.7.11 // #Ini adalah record yg dihasilkan dari dynamic update via dhcp service.
                        TXT     "312f96b04a3df6d3adf7f81a374559c9e2" // #Sama.
$TTL 86400      ; 1 day
router                  A       192.168.7.1
[root@dns named]#

Tips:

# Jika anda ingin menambahkan record statik ke dalam file dns record, gunakan perintah 'rndc freeze' untuk mencegah terjadinya problem. Setelah itu, jalankan perintah 'rndc unfreeze' atau bisa juga 'rndc thaw'.
S.E.L.E.S.A.I

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: