NSD Sebagai DNS Server
Bismillah,
Saya menggunakan NSD sebagai DNS server menggantikan BIND. OpenBSD sejak versi 5.7 sudah mengganti BIND dengan NSD dan Unbound.
Setting yang saya gunakan, adalah seminimal mungkin, sehingga di harapkan memudahkan bagi yang ingin mencobanya. Adapun pembahasan lebih lanjut tentang NSD ini, silahkan merujuk ke Daftar Pustaka.
-
Beli Domain dan Atur Nameserver
Disini, kita membeli sebuah domain, misalnya example.com, kemudian atur agar Nameserver nya merujuk ke IP Publik VPS yang kita miliki, misalnya 192.0.2.72
-
Setting nsd.conf
muhammad$ doas cat /var/nsd/etc/nsd.conf
# $OpenBSD: nsd.conf,v 1.13 2018/08/16 17:59:12 florian Exp $ server: hide-version: yes verbosity: 1 interface: 192.0.2.72 remote-control: control-enable: yes control-interface: /var/run/nsd.sock zone: name: "example.com" zonefile: "master/example.com.zone" zone: name: "2.0.192.in-addr.arpa" zonefile: "master/2.0.192.in-addr.arpa.zone"
-
Setting file zone
muhammad$ doas cat /var/nsd/zones/master/example.com.zone
$TTL 86400 @ IN SOA muntaza.example.com. root.localhost ( 17 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttl ) IN NS muntaza @ IN A 192.0.2.72 muntaza IN A 192.0.2.72 openaset IN A 192.0.2.72
muhammad$ doas cat /var/nsd/zones/master/2.0.192.in-addr.arpa.zone
$TTL 86400 @ IN SOA muntaza.example.com. root.localhost ( 17 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttl ) @ IN NS 192.0.2.72. 72 IN PTR muntaza.example.com. 72 IN PTR openaset.example.com. muhammad$
-
Setting pf.conf
PF Firewall perlu kita sesuaikan dengan membuka port 53 agar bisa menerima query Name Server.
muhammad$ doas cat /etc/pf.conf
# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $ # # See pf.conf(5) and /etc/examples/pf.conf set skip on lo block return # block stateless traffic pass out # establish keep-state services = "{ 22, 53, 80, 443, 4443 }" pass in proto tcp to port $services pass in proto udp to port 53 # By default, do not permit remote connections to X11 block return in on ! lo0 proto tcp to port 6000:6010 # Port build user does not need network block return out log proto {tcp udp} user _pbuild
-
Aktifkan NSD di rc.conf.local
muhammad$ doas cat /etc/rc.conf.local | grep nsd
nsd_flags=
Nah, sekian apa yang saya ringkaskan mengenai NSD ini, lebih lanjut, silahkan lihat pada Daftar Pustaka.
Alhamdulillah
Daftar Pustaka
- OpenBSD Manual: nsd.conf(5)
- OpenBSD Manual: nsd(8)
- OpenBSD Manual: rcctl(8)
- How To Use NSD, an Authoritative-Only DNS Server, on Ubuntu 14.04
- Setting up nsd DNS server
- NSD DNS Tutorial
- 12 Dig Command Examples To Query DNS In Linux
- Using dig to Query a Specific DNS Server (Name Server) Directly (Linux, BSD, OSX)
- IPv4 Address Blocks Reserved for Documentation