BIND9 Kominfo

1. Install BIND9
2.  
3. # apt-get install bind9
4. # apt-get install dnsutils
5. # mkdir /etc/bind/rpz
6.  
7. untuk sync RPZ Kominfo (https://chat.whatsapp.comIKJXzHEgqixGjt4QeopqOT), pastikan ip server sudah terdaftar (jika belum kontak pak OKY)
8. edit file named.conf.options
9.  
10. # nano /etc/bind/named.conf.options
11. copas file di bawah
12.  
13. --------------------------------------------------------------------------------------
14. acl MyISP {
15.     localhost;
16.     localnets;
17.     0.0.0.0/0; ## IP yang di allow ##
18. };
19.  
20. options {
21.         directory "/var/cache/bind";
22.         listen-on port 53 { any; };
23.         allow-query {
24.                MyISP;
25.         };
26.  
27.         max-ncache-ttl 180;
28.         minimal-responses yes ;
29.         recursion yes;
30.         max-cache-size 2048M;
31.         dnssec-enable no;
32.         dnssec-validation no;
33.         dnssec-lookaside no;
34.         recursive-clients 10000;
35.         tcp-clients 1000;
36.         bindkeys-file "/etc/bind/bind.keys";
37.         response-policy {
38.         zone "trustpositifkominfo";
39. };
40.      
41.         auth-nxdomain no;    # conform to RFC1035
42.         listen-on-v6 { ::1; };
43.         version "unknown";
44. };
45.  
46. logging {
47.      channel default_log {
48.           file "/var/log/named/default" versions 3 size 20m;
49.           print-time yes;
50.           print-category yes;
51.           print-severity yes;
52.           severity info;
53.      };
54.      channel auth_servers_log {
55.           file "/var/log/named/auth_servers" versions 100 size 20m;
56.           print-time yes;
57.           print-category yes;
58.           print-severity yes;
59.           severity info;
60.      };
61.      channel dnssec_log {
62.           file "/var/log/named/dnssec" versions 3 size 20m;
63.           print-time yes;
64.           print-category yes;
65.           print-severity yes;
66.           severity info;
67.      };
68.      channel zone_transfers_log {
69.           file "/var/log/named/zone_transfers" versions 3 size 20m;
70.           print-time yes;
71.           print-category yes;
72.           print-severity yes;
73.           severity info;
74.      };
75.      channel ddns_log {
76.           file "/var/log/named/ddns" versions 3 size 20m;
77.           print-time yes;
78.           print-category yes;
79.           print-severity yes;
80.           severity info;
81.      };
82.      channel client_security_log {
83.           file "/var/log/named/client_security" versions 3 size 20m;
84.           print-time yes;
85.           print-category yes;
86.           print-severity yes;
87.           severity info;
88.      };
89.      channel rate_limiting_log {
90.           file "/var/log/named/rate_limiting" versions 3 size 20m;
91.           print-time yes;
92.           print-category yes;
93.           print-severity yes;
94.           severity info;
95.      };
96.      channel rpz_log {
97.           file "/var/log/named/rpz" versions 3 size 20m;
98.           print-time yes;
99.           print-category yes;
100.           print-severity yes;
101.           severity info;
102.      };
103.      channel dnstap_log {
104.           file "/var/log/named/dnstap" versions 3 size 20m;
105.           print-time yes;
106.           print-category yes;
107.           print-severity yes;
108.           severity info;
109.      };
110.  
111. //  category security { bind_log; };
112. //  category queries { bind_log; };
113. //  category lame-servers { bind_log; };
114. };
115.  
116. zone "trustpositifkominfo" IN {
117.         type slave;
118.         masters { 103.8.238.25; };
119.         allow-notify { 103.8.238.25; };
120.         file "/etc/bind/rpz/tr";
121.         check-names     ignore;
122.         allow-query {
123.                MyISP;
124.         };
125.         allow-transfer { none; };
126. };
127.  
128. zone "trustpositif.kominfo.go.id" {
129.         type master;
130.         file "/etc/bind/trustpositif.kominfo.go.id";
131.         allow-query {
132.                 MyISP;
133.         };
134. };
135.  
136. -----------------------------------------------------------------------------------
137.  
138. # nano /etc/bind/trustpositif.kominfo.go.id
139.  
140. -------------------------------------------------------------------------------------
141. $TTL 3h;
142. @       IN      SOA     trustpositif.kominfo.go.id. aduankonten.mail.kominfo.go.id. (
143.                         2018120600      ; serial, todays date + todays serial #
144.                         3h              ; refresh, seconds
145.                         3h              ; retry, seconds
146.                         3h              ; expire, seconds
147.                         3h )            ; minimum, seconds
148.         NS  127.0.0.1
149.  
150. @       IN      A       xxx.xxx.xxx.xxx
151. *       IN      A       xxx.xxx.xxx.xxx
152. ----------------------------------------------------------------------------------------
153.  
154. # nano /etc/apparmor.d/usr.sbin.named
155.  tambahkan folder2 yang akan di berikan akses read write
156.  
157. # chown bind:bind /etc/bind/rpz/
158. # chown bind:bind /etc/bind/rpz/**
159. # chmod 755 /etc/bind/rpz/
160. # chmod 755 /etc/bind/rpz/**
161. # /etc/init.d/bind9 restart
162. # dig @103.8.238.25 trustpositifkominfo AXFR