DNS Server FreeBSD menggunakan Bind9

Ketika pertama kali fresh install tidak mengapa kamu gunakan terlebih dahulu DNS server publik seperti google 8.8.8.8 karena kita membutuhkan akses ke internet untuk mendownload paket bind9

DNS Server Master

Update

pkg update

Install nano text editor.

pkg install nano

Tambahkan pengenalan host di /etc/hosts

nano /etc/hosts

Tambahkan bari seperti berikut

127.0.0.1               localhost localhost.my.domain
172.19.19.221           ns1     ns1.warscloud.local
172.19.19.222           ns2     ns2.warscloud.local

Dengan ditambahkannya pengenalan kedalam file host kita bisa melakukan ping menggunakan domain tanpa terhubung ke dns server

Pencarian dan melihat versi bind

pkg search bind9

Install bind *dalam contoh kali ini kami menggunakan versi bind918

pkg install bind918

Agar service bind9 dimulai saat startup ikuti langkah berikut.

Ubah /etc/rc.conf

nano /etc/rc.conf

Tambahkan parameter

named_enable="YES"

Sehingga menjadi seperti berikut

Reboot

reboot

Masuk kedalam direktori

cd /usr/local/etc/namedb/

Disarankan untuk menyalin file original agar ketika ada kesalahan konfigurasi masih ada file cadangan.

cp named.conf named.conf.bak

Edit named.conf untuk mengkonfigurasi bind9.

nano named.conf

Berikan comment/disable beberapa baris berikut dengan menambahkan symbol //

Comment parameter listen-on agar DNS server bisa dihubungi dari IP mana saja (jika server memiliki beberapa IP address)

Sehingga menjadi seperti berikut.

*Optional, Jika ISP kita memperbolehkan query langsung ke root server set parameter forwarders dengan menghapus symbol comment /* dan */ lalu set ke DNS public providers semisal google 8.8.8.8 sehingga menjadi seperti berikut. dan jika ISP kita memperbolehkan untuk query ke root server maka lebih baik biarkan terdisable

Tambahkan baris berikut

Buat ACL (Access Control List), tambahkan di baris paling bawah agar terlihat rapi (preferensi pribadi).

acl nama-acl {
        10.30.20.1;
        172.19.16.0/21;
        172.16.255.0/24;

};

Sehingga menjadi seperti berikut.

Tambahkan beberapa parameter allow di baris options *scroll ada di atas.

        allow-recursion { nama-acl; };
        allow-query { nama-acl; };
        allow-query-cache { nama-acl; };

Sehingga menjadi seperti berikut.

Konfigurasi Zone, Masih dalam file named.conf kita deklarasikan zone beserta path file zone yang akan kita buat.

Contoh pembuatan zone

Zone forward

zone "nama.domain.com" {
        type master;
        file "/usr/local/etc/namedb/primary/nama.domain.com-forward.db";
        allow-transfer { 172.19.19.222; };
        also-notify { 172.19.19.222; };
};

Sehingga menjadi seperti berikut.

Zone Reverse

zone "16.19.172.in-addr.arpa" {
        type master;
        file "/usr/local/etc/namedb/primary/16.19.172.in-addr.arpa-reverse.db";
        allow-transfer { 172.19.19.222; };
        also-notify { 172.19.19.222; };
};

Sehingga menjadi seperti berikut.

Pembuatan file zone

Zone Forward

nano /usr/local/etc/namedb/primary/nama.domain.com-forward.db

Isikan seperti berikut dan sesuaikan.


; base zone file for local.warscloud.net
$TTL 2d    ; default TTL for zone
$ORIGIN local.warscloud.net. ; base domain-name
; Start of Authority RR defining the key characteristics of the zone (domain)
@         IN      SOA   ns1.local.warscloud.net. hostmaster.local.warscloud.net. (
                                2024021507 ; serial number
                                12h        ; refresh
                                15m        ; update retry
                                3w         ; expiry
                                2h         ; minimum
                                )
; name server RR for the domain
           IN      NS      ns1.local.warscloud.net.
; the second name server is external to this zone (domain)
           IN      NS      ns2.local.warscloud.net.
; mail server RRs for the zone (domain)
        3w IN      MX  10  mail.local.warscloud.net.
; the second  mail servers is  external to the zone (domain)
           IN      MX  20  mail2.local.example.net.
; domain hosts includes NS and MX records defined above
; plus any others required
; for instance a user query for the A RR of joe.example.com will
; return the IPv4 address 192.168.254.6 from this zone file
ns1             IN      A       172.19.19.221
ns2             IN      A       172.19.19.222
@               IN      A       172.19.19.216
www             IN      CNAME   local.warscloud.net.
tlib            IN      A       172.19.19.215   ; vm
chr             IN      A       172.19.19.240   ; vm
web             IN      A       172.19.19.216   ; vm
docker          IN      A       172.19.19.214   ; vm
pve             IN      A       172.19.19.214   ; npm proxy
homer           IN      A       172.19.19.214   ; npm proxy
npm             IN      A       172.19.19.214   ; npm proxy
userman         IN      A       172.19.19.214   ; npm proxy
speedtest       IN      A       172.19.19.216   ; vhost
ipam            IN      A       172.19.19.216   ; vhost
nms             IN      A       172.19.19.210   ; vm
torrent         IN      A       172.19.19.214   ; npm proxy
voucher         IN      A       172.19.19.216   ; vhost
next            IN      A       172.19.19.213   ; vm
ipam-king       IN      A       172.19.19.216

Zone Reverse

nano /usr/local/etc/namedb/primary/16.19.172.in-addr.arpa-reverse.db

Isikan seperti berikut dan sesuaikan


; base zone file for 16.19.172.in-addr.arpa
$TTL 2d    ; default TTL for zone
$ORIGIN 16.19.172.in-addr.arpa. ; base domain-name
; Start of Authority RR defining the key characteristics of the zone (domain)
@         IN      SOA   ns1.local.warscloud.net. hostmaster.local.warscloud.net. (
                                2024021501 ; serial number
                                12h        ; refresh
                                15m        ; update retry
                                3w         ; expiry
                                2h         ; minimum
                                )

@       IN      NS      ns1.local.warscloud.net.
@       IN      NS      ns2.local.warscloud.net.
0       IN      PTR     ip-16-0.local.warscloud.net.
1       IN      PTR     ip-16-1.local.warscloud.net.
2       IN      PTR     ip-16-2.local.warscloud.net.
3       IN      PTR     ip-16-3.local.warscloud.net.
4       IN      PTR     ip-16-4.local.warscloud.net.
5       IN      PTR     ip-16-5.local.warscloud.net.
6       IN      PTR     ip-16-6.local.warscloud.net.
7       IN      PTR     ip-16-7.local.warscloud.net.
8       IN      PTR     ip-16-8.local.warscloud.net.
9       IN      PTR     ip-16-9.local.warscloud.net.
10      IN      PTR     ip-16-10.local.warscloud.net.
11      IN      PTR     ip-16-11.local.warscloud.net.
12      IN      PTR     ip-16-12.local.warscloud.net.
13      IN      PTR     ip-16-13.local.warscloud.net.
14      IN      PTR     ip-16-14.local.warscloud.net.
15      IN      PTR     ip-16-15.local.warscloud.net.
16      IN      PTR     ip-16-16.local.warscloud.net.
17      IN      PTR     ip-16-17.local.warscloud.net.
18      IN      PTR     ip-16-18.local.warscloud.net.
19      IN      PTR     ip-16-19.local.warscloud.net.
20      IN      PTR     ip-16-20.local.warscloud.net.
21      IN      PTR     ip-16-21.local.warscloud.net.
22      IN      PTR     ip-16-22.local.warscloud.net.
23      IN      PTR     ip-16-23.local.warscloud.net.
24      IN      PTR     ip-16-24.local.warscloud.net.
25      IN      PTR     ip-16-25.local.warscloud.net.
26      IN      PTR     ip-16-26.local.warscloud.net.
27      IN      PTR     ip-16-27.local.warscloud.net.
28      IN      PTR     ip-16-28.local.warscloud.net.
29      IN      PTR     ip-16-29.local.warscloud.net.
30      IN      PTR     ip-16-30.local.warscloud.net.
31      IN      PTR     ip-16-31.local.warscloud.net.
32      IN      PTR     ip-16-32.local.warscloud.net.
33      IN      PTR     ip-16-33.local.warscloud.net.
34      IN      PTR     ip-16-34.local.warscloud.net.
35      IN      PTR     ip-16-35.local.warscloud.net.
36      IN      PTR     ip-16-36.local.warscloud.net.
37      IN      PTR     ip-16-37.local.warscloud.net.
38      IN      PTR     ip-16-38.local.warscloud.net.
39      IN      PTR     ip-16-39.local.warscloud.net.
40      IN      PTR     ip-16-40.local.warscloud.net.
41      IN      PTR     ip-16-41.local.warscloud.net.
42      IN      PTR     ip-16-42.local.warscloud.net.
43      IN      PTR     ip-16-43.local.warscloud.net.
44      IN      PTR     ip-16-44.local.warscloud.net.
45      IN      PTR     ip-16-45.local.warscloud.net.
46      IN      PTR     ip-16-46.local.warscloud.net.
47      IN      PTR     ip-16-47.local.warscloud.net.
48      IN      PTR     ip-16-48.local.warscloud.net.
49      IN      PTR     ip-16-49.local.warscloud.net.
50      IN      PTR     ip-16-50.local.warscloud.net.
51      IN      PTR     ip-16-51.local.warscloud.net.
52      IN      PTR     ip-16-52.local.warscloud.net.
53      IN      PTR     ip-16-53.local.warscloud.net.
54      IN      PTR     ip-16-54.local.warscloud.net.
55      IN      PTR     ip-16-55.local.warscloud.net.
56      IN      PTR     ip-16-56.local.warscloud.net.
57      IN      PTR     ip-16-57.local.warscloud.net.
58      IN      PTR     ip-16-58.local.warscloud.net.
59      IN      PTR     ip-16-59.local.warscloud.net.
60      IN      PTR     ip-16-60.local.warscloud.net.
61      IN      PTR     ip-16-61.local.warscloud.net.
62      IN      PTR     ip-16-62.local.warscloud.net.
63      IN      PTR     ip-16-63.local.warscloud.net.
64      IN      PTR     ip-16-64.local.warscloud.net.
65      IN      PTR     ip-16-65.local.warscloud.net.
66      IN      PTR     ip-16-66.local.warscloud.net.
67      IN      PTR     ip-16-67.local.warscloud.net.
68      IN      PTR     ip-16-68.local.warscloud.net.
69      IN      PTR     ip-16-69.local.warscloud.net.
70      IN      PTR     ip-16-70.local.warscloud.net.
71      IN      PTR     ip-16-71.local.warscloud.net.
72      IN      PTR     ip-16-72.local.warscloud.net.
73      IN      PTR     ip-16-73.local.warscloud.net.
74      IN      PTR     ip-16-74.local.warscloud.net.
75      IN      PTR     ip-16-75.local.warscloud.net.
76      IN      PTR     ip-16-76.local.warscloud.net.
77      IN      PTR     ip-16-77.local.warscloud.net.
78      IN      PTR     ip-16-78.local.warscloud.net.
79      IN      PTR     ip-16-79.local.warscloud.net.
80      IN      PTR     ip-16-80.local.warscloud.net.
81      IN      PTR     ip-16-81.local.warscloud.net.
82      IN      PTR     ip-16-82.local.warscloud.net.
83      IN      PTR     ip-16-83.local.warscloud.net.
84      IN      PTR     ip-16-84.local.warscloud.net.
85      IN      PTR     ip-16-85.local.warscloud.net.
86      IN      PTR     ip-16-86.local.warscloud.net.
87      IN      PTR     ip-16-87.local.warscloud.net.
88      IN      PTR     ip-16-88.local.warscloud.net.
89      IN      PTR     ip-16-89.local.warscloud.net.
90      IN      PTR     ip-16-90.local.warscloud.net.
91      IN      PTR     ip-16-91.local.warscloud.net.
92      IN      PTR     ip-16-92.local.warscloud.net.
93      IN      PTR     ip-16-93.local.warscloud.net.
94      IN      PTR     ip-16-94.local.warscloud.net.
95      IN      PTR     ip-16-95.local.warscloud.net.
96      IN      PTR     ip-16-96.local.warscloud.net.
97      IN      PTR     ip-16-97.local.warscloud.net.
98      IN      PTR     ip-16-98.local.warscloud.net.
99      IN      PTR     ip-16-99.local.warscloud.net.
100     IN      PTR     ip-16-100.local.warscloud.net.
101     IN      PTR     ip-16-101.local.warscloud.net.
102     IN      PTR     ip-16-102.local.warscloud.net.
103     IN      PTR     ip-16-103.local.warscloud.net.
104     IN      PTR     ip-16-104.local.warscloud.net.
105     IN      PTR     ip-16-105.local.warscloud.net.
106     IN      PTR     ip-16-106.local.warscloud.net.
107     IN      PTR     ip-16-107.local.warscloud.net.
108     IN      PTR     ip-16-108.local.warscloud.net.
109     IN      PTR     ip-16-109.local.warscloud.net.
110     IN      PTR     ip-16-110.local.warscloud.net.
111     IN      PTR     ip-16-111.local.warscloud.net.
112     IN      PTR     ip-16-112.local.warscloud.net.
113     IN      PTR     ip-16-113.local.warscloud.net.
114     IN      PTR     ip-16-114.local.warscloud.net.
115     IN      PTR     ip-16-115.local.warscloud.net.
116     IN      PTR     ip-16-116.local.warscloud.net.
117     IN      PTR     ip-16-117.local.warscloud.net.
118     IN      PTR     ip-16-118.local.warscloud.net.
119     IN      PTR     ip-16-119.local.warscloud.net.
120     IN      PTR     ip-16-120.local.warscloud.net.
121     IN      PTR     ip-16-121.local.warscloud.net.
122     IN      PTR     ip-16-122.local.warscloud.net.
123     IN      PTR     ip-16-123.local.warscloud.net.
124     IN      PTR     ip-16-124.local.warscloud.net.
125     IN      PTR     ip-16-125.local.warscloud.net.
126     IN      PTR     ip-16-126.local.warscloud.net.
127     IN      PTR     ip-16-127.local.warscloud.net.
128     IN      PTR     ip-16-128.local.warscloud.net.
129     IN      PTR     ip-16-129.local.warscloud.net.
130     IN      PTR     ip-16-130.local.warscloud.net.
131     IN      PTR     ip-16-131.local.warscloud.net.
132     IN      PTR     ip-16-132.local.warscloud.net.
133     IN      PTR     ip-16-133.local.warscloud.net.
134     IN      PTR     ip-16-134.local.warscloud.net.
135     IN      PTR     ip-16-135.local.warscloud.net.
136     IN      PTR     ip-16-136.local.warscloud.net.
137     IN      PTR     ip-16-137.local.warscloud.net.
138     IN      PTR     ip-16-138.local.warscloud.net.
139     IN      PTR     ip-16-139.local.warscloud.net.
140     IN      PTR     ip-16-140.local.warscloud.net.
141     IN      PTR     ip-16-141.local.warscloud.net.
142     IN      PTR     ip-16-142.local.warscloud.net.
143     IN      PTR     ip-16-143.local.warscloud.net.
144     IN      PTR     ip-16-144.local.warscloud.net.
145     IN      PTR     ip-16-145.local.warscloud.net.
146     IN      PTR     ip-16-146.local.warscloud.net.
147     IN      PTR     ip-16-147.local.warscloud.net.
148     IN      PTR     ip-16-148.local.warscloud.net.
149     IN      PTR     ip-16-149.local.warscloud.net.
150     IN      PTR     ip-16-150.local.warscloud.net.
151     IN      PTR     ip-16-151.local.warscloud.net.
152     IN      PTR     ip-16-152.local.warscloud.net.
153     IN      PTR     ip-16-153.local.warscloud.net.
154     IN      PTR     ip-16-154.local.warscloud.net.
155     IN      PTR     ip-16-155.local.warscloud.net.
156     IN      PTR     ip-16-156.local.warscloud.net.
157     IN      PTR     ip-16-157.local.warscloud.net.
158     IN      PTR     ip-16-158.local.warscloud.net.
159     IN      PTR     ip-16-159.local.warscloud.net.
160     IN      PTR     ip-16-160.local.warscloud.net.
161     IN      PTR     ip-16-161.local.warscloud.net.
162     IN      PTR     ip-16-162.local.warscloud.net.
163     IN      PTR     ip-16-163.local.warscloud.net.
164     IN      PTR     ip-16-164.local.warscloud.net.
165     IN      PTR     ip-16-165.local.warscloud.net.
166     IN      PTR     ip-16-166.local.warscloud.net.
167     IN      PTR     ip-16-167.local.warscloud.net.
168     IN      PTR     ip-16-168.local.warscloud.net.
169     IN      PTR     ip-16-169.local.warscloud.net.
170     IN      PTR     ip-16-170.local.warscloud.net.
171     IN      PTR     ip-16-171.local.warscloud.net.
172     IN      PTR     ip-16-172.local.warscloud.net.
173     IN      PTR     ip-16-173.local.warscloud.net.
174     IN      PTR     ip-16-174.local.warscloud.net.
175     IN      PTR     ip-16-175.local.warscloud.net.
176     IN      PTR     ip-16-176.local.warscloud.net.
177     IN      PTR     ip-16-177.local.warscloud.net.
178     IN      PTR     ip-16-178.local.warscloud.net.
179     IN      PTR     ip-16-179.local.warscloud.net.
180     IN      PTR     ip-16-180.local.warscloud.net.
181     IN      PTR     ip-16-181.local.warscloud.net.
182     IN      PTR     ip-16-182.local.warscloud.net.
183     IN      PTR     ip-16-183.local.warscloud.net.
184     IN      PTR     ip-16-184.local.warscloud.net.
185     IN      PTR     ip-16-185.local.warscloud.net.
186     IN      PTR     ip-16-186.local.warscloud.net.
187     IN      PTR     ip-16-187.local.warscloud.net.
188     IN      PTR     ip-16-188.local.warscloud.net.
189     IN      PTR     ip-16-189.local.warscloud.net.
190     IN      PTR     ip-16-190.local.warscloud.net.
191     IN      PTR     ip-16-191.local.warscloud.net.
192     IN      PTR     ip-16-192.local.warscloud.net.
193     IN      PTR     ip-16-193.local.warscloud.net.
194     IN      PTR     ip-16-194.local.warscloud.net.
195     IN      PTR     ip-16-195.local.warscloud.net.
196     IN      PTR     ip-16-196.local.warscloud.net.
197     IN      PTR     ip-16-197.local.warscloud.net.
198     IN      PTR     ip-16-198.local.warscloud.net.
199     IN      PTR     ip-16-199.local.warscloud.net.
200     IN      PTR     ip-16-200.local.warscloud.net.
201     IN      PTR     ip-16-201.local.warscloud.net.
202     IN      PTR     ip-16-202.local.warscloud.net.
203     IN      PTR     ip-16-203.local.warscloud.net.
204     IN      PTR     ip-16-204.local.warscloud.net.
205     IN      PTR     ip-16-205.local.warscloud.net.
206     IN      PTR     ip-16-206.local.warscloud.net.
207     IN      PTR     ip-16-207.local.warscloud.net.
208     IN      PTR     ip-16-208.local.warscloud.net.
209     IN      PTR     ip-16-209.local.warscloud.net.
210     IN      PTR     ip-16-210.local.warscloud.net.
211     IN      PTR     ip-16-211.local.warscloud.net.
212     IN      PTR     ip-16-212.local.warscloud.net.
213     IN      PTR     ip-16-213.local.warscloud.net.
214     IN      PTR     ip-16-214.local.warscloud.net.
215     IN      PTR     ip-16-215.local.warscloud.net.
216     IN      PTR     ip-16-216.local.warscloud.net.
217     IN      PTR     ip-16-217.local.warscloud.net.
218     IN      PTR     ip-16-218.local.warscloud.net.
219     IN      PTR     ip-16-219.local.warscloud.net.
220     IN      PTR     ip-16-220.local.warscloud.net.
221     IN      PTR     ip-16-221.local.warscloud.net.
222     IN      PTR     ip-16-222.local.warscloud.net.
223     IN      PTR     ip-16-223.local.warscloud.net.
224     IN      PTR     ip-16-224.local.warscloud.net.
225     IN      PTR     ip-16-225.local.warscloud.net.
226     IN      PTR     ip-16-226.local.warscloud.net.
227     IN      PTR     ip-16-227.local.warscloud.net.
228     IN      PTR     ip-16-228.local.warscloud.net.
229     IN      PTR     ip-16-229.local.warscloud.net.
230     IN      PTR     ip-16-230.local.warscloud.net.
231     IN      PTR     ip-16-231.local.warscloud.net.
232     IN      PTR     ip-16-232.local.warscloud.net.
233     IN      PTR     ip-16-233.local.warscloud.net.
234     IN      PTR     ip-16-234.local.warscloud.net.
235     IN      PTR     ip-16-235.local.warscloud.net.
236     IN      PTR     ip-16-236.local.warscloud.net.
237     IN      PTR     ip-16-237.local.warscloud.net.
238     IN      PTR     ip-16-238.local.warscloud.net.
239     IN      PTR     ip-16-239.local.warscloud.net.
240     IN      PTR     ip-16-240.local.warscloud.net.
241     IN      PTR     ip-16-241.local.warscloud.net.
242     IN      PTR     ip-16-242.local.warscloud.net.
243     IN      PTR     ip-16-243.local.warscloud.net.
244     IN      PTR     ip-16-244.local.warscloud.net.
245     IN      PTR     ip-16-245.local.warscloud.net.
246     IN      PTR     ip-16-246.local.warscloud.net.
247     IN      PTR     ip-16-247.local.warscloud.net.
248     IN      PTR     ip-16-248.local.warscloud.net.
249     IN      PTR     ip-16-249.local.warscloud.net.
250     IN      PTR     ip-16-250.local.warscloud.net.
251     IN      PTR     ip-16-251.local.warscloud.net.
252     IN      PTR     ip-16-252.local.warscloud.net.
253     IN      PTR     ip-16-253.local.warscloud.net.
254     IN      PTR     ip-16-254.local.warscloud.net.
255     IN      PTR     ip-16-255.local.warscloud.net.

Jika sudah lakukan restart service bind9

service named restart

Lakukan pergantian DNS server menggunakan alamat IP Sendiri

nano /etc/resolve.conf

Ubah DNS yang ada menjadi berikut.

nameserver 172.19.19.221
nameserver 172.19.19.222

Sehingga menjadi seperti berikut.

Selesai.

Bila perlu lakukan reboot.

reboot

DNS Server Slave

Update

pkg update

Install nano text editor

pkg install nano

Tambahkan pengenalan host di /etc/hosts

nano /etc/hosts

Tambahkan bari seperti berikut

127.0.0.1               localhost localhost.my.domain
172.19.19.221           ns1     ns1.warscloud.local
172.19.19.222           ns2     ns2.warscloud.local

Dengan ditambahkannya pengenalan kedalam file host kita bisa melakukan ping menggunakan domain tanpa terhubung ke dns server

Pencarian dan melihat versi bind

pkg search bind9

Install bind *dalam contoh kali ini kami menggunakan versi bind918

pkg install bind918

Agar service bind9 dimulai saat startup ikuti langkah berikut.

Ubah /etc/rc.conf

nano /etc/rc.conf

Tambahkan parameter

named_enable="YES"

Sehingga menjadi seperti berikut

Reboot

reboot

Masuk kedalam direktori

cd /usr/local/etc/namedb/

Disarankan untuk menyalin file original agar ketika ada kesalahan konfigurasi masih ada file cadangan.

cp named.conf named.conf.bak

Edit named.conf untuk mengkonfigurasi zone forward dan reverse

nano named.conf

Berikan comment/disable beberapa baris berikut dengan menambahkan symbol //

Comment parameter listen-on agar DNS server bisa dihubungi dari IP mana saja (jika server memiliki beberapa IP address)

Sehingga menjadi seperti berikut.

*Optional, Jika ISP kita memperbolehkan query langsung ke root server set parameter forwarders dengan menghapus symbol comment /* dan */ lalu set ke DNS public providers semisal google 8.8.8.8 sehingga menjadi seperti berikut. dan jika ISP kita memperbolehkan untuk query ke root server maka lebih baik biarkan terdisable

Tambahkan baris berikut

Buat ACL (Access Control List), tambahkan di baris paling bawah agar terlihat rapi (preferensi pribadi).

acl nama-acl {
        10.30.20.1;
        172.19.16.0/21;
        172.16.255.0/24;

};

Sehingga menjadi seperti berikut.

Tambahkan beberapa parameter allow di baris options *scroll ada di atas.

        allow-recursion { nama-acl; };
        allow-query { nama-acl; };
        allow-query-cache { nama-acl; };

Sehingga menjadi seperti berikut.

Karena saat ini kita set DNS Server Slave maka kita set zone nya sebagai berikut. (tidak perlu set file zone)

Langkah terkahir restart service bind9

service named restart

Membuat Response Policy Zones (RPZ)

Konfigurasi di DNS Server Master

Edit file named.conf

nano /usr/local/etc/namedb/named.conf

Tambahkan baris berikut pada parameter options.

       response-policy { zone "rpz.zone"; };

Sehingga menjadi seperti berikut

Buat RPZ zone.
Masih didalam file named.conf buat definisikan zone dipaling bawah agar terlihat rapi (preferensi pribadi).

zone "rpz.zone" {
        type master;
        file "/usr/local/etc/namedb/primary/rpz.zone";
        allow-transfer { 172.19.19.222; };
        also-notify { 172.19.19.222; };
};

Buat file zone, masukkan ini dan sesuaikan.

$TTL 2d    ; default TTL for zone
; Start of Authority RR defining the key characteristics of the zone (domain)
@         IN      SOA   rpz.zone. root.rpz.zone. (
                                2024021509 ; serial number
                                12h        ; refresh
                                15m        ; update retry
                                3w         ; expiry
                                2h         ; minimum
                                )
; name server RR for the domain
@           IN      NS      rpz.zone.
; the second name server is external to this zone (domain)
@       IN      A       172.19.19.221
xvideos.com     IN      A   172.19.19.216 ;masukkan ip redirect atau ip yang salah
www.xvideos.com IN      A   172.19.19.216 ;masukkan ip redirect atau ip yang salah


Membuat log untuk RPZ (Optional)

Edit file named.conf lalu masukkan ini dibagian paling bawah (preferensi pribadi)

logging {
    channel rpzlog {
  	file "/var/log/named/rpz.log" versions unlimited size 100m;
    	print-time yes;
    	print-category yes;
    	print-severity yes;
    	severity info;
    };
    category rpz { rpzlog; };
};

Buat direktori untuk tempat log disimpan.

mkdir /var/log/named

Ubah permission dan kepemilikannya menjadi bind:bind.

chown -R bind:bind /var/log/named/

Restart service

service named restart

Konfigurasi di DNS Server Slave