Skip to main content

DNS BIND " view" - memisahkan source view client

--perihal--

( ngomong nya gimana ya .... ??? )h...m.... Berdasarkan kasus : untuk membedakan hasil resolve dari client yang berbeda. Yang intinya jika dari loclahost hasil resolv nya 192.168.1.2 jika dari network lain hasil resolv nya 1.1.1.234. Ataupun sebalik nya sesuai selera. ( tergantung kebutuhan pribadi masing masing )

nb : dalam kasus ini saya memakai windows ;D

--1-- 

download bind dari site nya : http://www.isc.org/index.pl?/sw/bind/index.php
untuk installasi bisa mengarah ke sini
download file sample konfigurasi ke sini
setelah di download, simpan file sample configurasi ke dalam directory etc ( dalam kasus saya berada di directory : "C:\WINDOWS\dns\etc" )
file yang di butuhkan antara lain :
- named.conf
- rndc.key
- named.ca
- basiczone.com.zone
- 127.0.0.rev
- basiczone.com.in ( untuk internal )
- basiczone.com.ex ( untuk external )

sekarang mari kita kemon....

--2--

yang perlu di perhatikan adalah config sebagai berikut

untuk named.conf
options {
    #
    # Working directory from which all relative paths are based
    #
    directory "C:\WINDOWS\dns\etc";
    #

dan settingan intinya berada pada bagian "view"
view "dalam" {
    #
    # Handler for clients who exist on our local subnet(s) or loopback.
  match-clients { localhost; };
    #
    # Lookup requests we are not authoritative for.
    #
    recursion yes;
    # Specify the root name servers
    #
    zone "." IN {
        type hint;
        file "named.ca";
    };
    #
    # RFC 1537 recommended loopback zone, helps broken clients.
    #
    zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "127.0.0.rev";
    };

    #
    # The internal split for basiczone.com
    #
    zone "basiczone.com" IN {
        type master;
        file "basiczone.com.in";
    };
};

####################################
# Authoritative Server Configuration
#
view "luar" {
    #
    # Handler for anyone that doesn't match the above.
    #
    match-clients { 192.168.1.0/24; any; };

    #
    # We are not a public resolver.
    #
    recursion no;

    # Should BIND provide IP address information found in zones other than the
    # one that was queried?  Say yes if you trust the content of all of your
    # zones.
    #
    additional-from-auth yes;

    # Should BIND provide answers gotten from cache?  By saying no, you refuse
    # to provide answers for zones you're not authoritative for.
    #
    additional-from-cache no;

    # RFC 1537 recommended loopback zone, helps broken clients.
    #
    zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "127.0.0.rev";
    };

    # The external split for basiczone.com
    #
    zone "basiczone.com" IN {
        type master;
        file "basiczone.com.ex";
    };
};

singkatnya :
pada konfigurasi diatas di buat dua "view" dalam dan luar.
- view dalam match-clients nya adalah localhost yang berarti jika ada akses dari localhost maka yang di resolv menggunakan file basiczone.com.in
- view luar match-clients nya adalah network 192.168.1.0/24 yang berarti jika ada akses dari network tersebut, maka file yang digunakan untuk meresolv adalah file basiczone.com.ex

file basiczone.com.in
$TTL 900  ; 900 seconds default record (T)ime (T)o (L)ive in cache
; Authored by SilentRage
; Download Location:
; http://www.dollardns.net/bind/views/
@  SOA ns (  ; ns.basiczone.com is the primary server for basiczone.com
   postmaster ; contact email for basiczone.com is postmaster@basiczone.com
   2004041700 ; Serial ID in reverse date format
   21600  ; Refresh interval for slave servers
   1800  ; Retry interval for slave servers
   604800  ; Expire limit for cached info on slave servers
   900 )  ; Minimum Cache TTL in zone records

@  NS ns          ; ns.basiczone.com is a host for basiczone.com
@  A 192.168.1.2 ; basiczone.com's IP address is 192.168.1.2
@  MX 10 mail  ; Mail for *@basiczone.com is sent to mail.basiczone.com
ns  A 192.168.1.1 ; ns1.basiczone.com's IP address is 192.168.1.1
mail  A 192.168.1.254 ; mail.basiczone.com's IP address is 192.168.1.3
www A 192.168.1.2 ; www.basiczone.com's IP address is 192.168.1.2

file basiczone.com.ex
$TTL 900  ; 900 seconds default record (T)ime (T)o (L)ive in cache
; Authored by SilentRage
; Download Location:
; http://www.dollardns.net/bind/views/

@  SOA ns1 (  ; ns1.basiczone.com is the primary server for basiczone.com
   postmaster ; contact email for basiczone.com is postmaster@basiczone.com
   2004041700 ; Serial ID in reverse date format
   21600  ; Refresh interval for slave servers
   1800  ; Retry interval for slave servers
   604800  ; Expire limit for cached info on slave servers
   900 )  ; Minimum Cache TTL in zone records

@  NS ns1          ; ns1.basiczone.com is a host for basiczone.com
@  A 1.1.1.234  ; basiczone.com's IP address is 123.45.6.2
@  MX 10 mail  ; Mail for *@basiczone.com is sent to mail.basiczone.com
ns1  A 1.1.1.234  ; ns1.basiczone.com's IP address is 123.45.6.1
mail  A 1.1.1.234  ; mail.basiczone.com's IP address is 123.45.6.3
www A 1.1.1.234  ; www.basiczone.com's IP address is 123.45.6.2

--testing n jajal--

nslookup dari local komputer


nslookup dari net 192.168.1.227/24


sumber :
http://www.zytrax.com/books/dns/ch7/view.html

Comments

Popular posts from this blog

Webalizer - Statistik trafik/kunjungan web (ubuntu)

--goal--
make subdomain trafik statistik

--install--
run this command :
sudo apt-get install webalizeredit "/etc/apache2/apache2.conf" , set
HostnameLookups Off into :
HostnameLookups On
--1--
All we need is already prepared, now set log of vhost in "/etc/apache2/sites-enabled" to spesifict folder.
exp. $sudo vi /etc/apache2/sites-enabled/monitor CustomLog ${APACHE_LOG_DIR}/access.log into: CustomLog ${APACHE_LOG_DIR}/vhost/monitor/access.logrestart service
$sudo /etc/init.d/apache2 restart
--2--
create another file config of webalizer in /etc/webalizer
exp. vi /etc/webalier/monitor.conf
set the LogFile to apache2 logfile:
LogFile /var/log/apache2/vhost/monitor/access.log # apache log OutputDir /var/webalizer/monitor/ #webalizer report Incremental yes ReportTitle Usage statistics for HostName monitor.brekele.co.cc
--3--
create script to run webalizer via crontab
exp. vi /etc/webalizer/cron_job
#!/bin/bash echo "di jalankan pada: `date +"%d-%B-%Y %r"…

pgpoolAdmin, web interface for pgpool

--preparation--
next capter of pgpool from my last post ( here), now i wanna post about a tool that can manage pgpool from web interface called pgpoolAdmin. next... enjoy the post... ^_^

--1--
first we need to download pgpooladmin from here, extrak and copy or move to http directory( for exp : /var/www) 
$wget http://pgfoundry.org/frs/download.php/2964/pgpoolAdmin-3.0.3.tar.gz $tar zxvf pgpoolAdmin-3.0.3.tar.gz $sudo cp -Rf pgpoolAdmin-3.0.3 /var/www/test
 --2--
install pgpooladmin via web on: http://localhost/test/install


make sure owner of that file is "www-data"(of course have write akses) and check again



login with user that you create on /etc/pcp.conf (for more detail see my last post



and done.ya.. tooo.......!!!
 ^_^

send oracle 11g audit log to syslog server ( on other PC)

--preparation-- 
well...... this time i will write about syslog, and for this experiment what we need is :
- kiwi syslog server get from here and install it on your PC( i use xp for this server syslog)
- oracle db
- and of course, a cup of coffee is a must and other thing that make you relax and comfortable ( :p )

--scema--
first thing to do is redirect oracle audit log to syslog, and than from syslog send to syslog server( kiwi syslog)

--1--
 edit initSID.ora and add this folowing config :
create "/var/log/oracle/" firs
audit_file_dest='/var/log/oracle/' audit_trail='OS' AUDIT_SYSLOG_LEVEL=local1.warning after that edit /etc/syslog.conf, and add this folowing config :
#Save oracle rdbms audit trail to oracle_audit.log local1.warning /var/log/oracle/oracle_audit.log #Send oracle rdbms audit trail to remote syslog server local1.warning @1.1.1.1 #<= ip your syslog server--2--
restart syslog service with command :
/sbin/service syslog restart …