Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Install BIND9
- # apt-get install bind9
- # apt-get install dnsutils
- # mkdir /etc/bind/rpz
- untuk sync RPZ Kominfo (https://chat.whatsapp.comIKJXzHEgqixGjt4QeopqOT), pastikan ip server sudah terdaftar (jika belum kontak pak OKY)
- edit file named.conf.options
- # nano /etc/bind/named.conf.options
- copas file di bawah
- --------------------------------------------------------------------------------------
- acl MyISP {
- localhost;
- localnets;
- 0.0.0.0/0; ## IP yang di allow ##
- };
- options {
- directory "/var/cache/bind";
- listen-on port 53 { any; };
- allow-query {
- MyISP;
- };
- max-ncache-ttl 180;
- minimal-responses yes ;
- recursion yes;
- max-cache-size 2048M;
- dnssec-enable no;
- dnssec-validation no;
- dnssec-lookaside no;
- recursive-clients 10000;
- tcp-clients 1000;
- bindkeys-file "/etc/bind/bind.keys";
- response-policy {
- zone "trustpositifkominfo";
- };
- auth-nxdomain no; # conform to RFC1035
- listen-on-v6 { ::1; };
- version "unknown";
- };
- logging {
- channel default_log {
- file "/var/log/named/default" versions 3 size 20m;
- print-time yes;
- print-category yes;
- print-severity yes;
- severity info;
- };
- channel auth_servers_log {
- file "/var/log/named/auth_servers" versions 100 size 20m;
- print-time yes;
- print-category yes;
- print-severity yes;
- severity info;
- };
- channel dnssec_log {
- file "/var/log/named/dnssec" versions 3 size 20m;
- print-time yes;
- print-category yes;
- print-severity yes;
- severity info;
- };
- channel zone_transfers_log {
- file "/var/log/named/zone_transfers" versions 3 size 20m;
- print-time yes;
- print-category yes;
- print-severity yes;
- severity info;
- };
- channel ddns_log {
- file "/var/log/named/ddns" versions 3 size 20m;
- print-time yes;
- print-category yes;
- print-severity yes;
- severity info;
- };
- channel client_security_log {
- file "/var/log/named/client_security" versions 3 size 20m;
- print-time yes;
- print-category yes;
- print-severity yes;
- severity info;
- };
- channel rate_limiting_log {
- file "/var/log/named/rate_limiting" versions 3 size 20m;
- print-time yes;
- print-category yes;
- print-severity yes;
- severity info;
- };
- channel rpz_log {
- file "/var/log/named/rpz" versions 3 size 20m;
- print-time yes;
- print-category yes;
- print-severity yes;
- severity info;
- };
- channel dnstap_log {
- file "/var/log/named/dnstap" versions 3 size 20m;
- print-time yes;
- print-category yes;
- print-severity yes;
- severity info;
- };
- // category security { bind_log; };
- // category queries { bind_log; };
- // category lame-servers { bind_log; };
- };
- zone "trustpositifkominfo" IN {
- type slave;
- masters { 103.8.238.25; };
- allow-notify { 103.8.238.25; };
- file "/etc/bind/rpz/tr";
- check-names ignore;
- allow-query {
- MyISP;
- };
- allow-transfer { none; };
- };
- zone "trustpositif.kominfo.go.id" {
- type master;
- file "/etc/bind/trustpositif.kominfo.go.id";
- allow-query {
- MyISP;
- };
- };
- -----------------------------------------------------------------------------------
- # nano /etc/bind/trustpositif.kominfo.go.id
- -------------------------------------------------------------------------------------
- $TTL 3h;
- @ IN SOA trustpositif.kominfo.go.id. aduankonten.mail.kominfo.go.id. (
- 2018120600 ; serial, todays date + todays serial #
- 3h ; refresh, seconds
- 3h ; retry, seconds
- 3h ; expire, seconds
- 3h ) ; minimum, seconds
- NS 127.0.0.1
- @ IN A xxx.xxx.xxx.xxx
- * IN A xxx.xxx.xxx.xxx
- ----------------------------------------------------------------------------------------
- # nano /etc/apparmor.d/usr.sbin.named
- tambahkan folder2 yang akan di berikan akses read write
- # chown bind:bind /etc/bind/rpz/
- # chown bind:bind /etc/bind/rpz/**
- # chmod 755 /etc/bind/rpz/
- # chmod 755 /etc/bind/rpz/**
- # /etc/init.d/bind9 restart
- # dig @103.8.238.25 trustpositifkominfo AXFR
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement