Bismillah,

Saya menggunakan NSD sebagai DNS server menggantikan BIND. OpenBSD sejak versi 5.7 sudah mengganti BIND dengan NSD dan Unbound.

Setting yang saya gunakan, adalah seminimal mungkin, sehingga di harapkan memudahkan bagi yang ingin mencobanya. Adapun pembahasan lebih lanjut tentang NSD ini, silahkan merujuk ke Daftar Pustaka.

• Beli Domain dan Atur Nameserver

  Disini, kita membeli sebuah domain, misalnya example.com, kemudian atur agar Nameserver nya merujuk ke IP Publik VPS yang kita miliki, misalnya 192.0.2.72

• Setting nsd.conf

  muhammad$ doas cat /var/nsd/etc/nsd.conf
  

  # $OpenBSD: nsd.conf,v 1.13 2018/08/16 17:59:12 florian Exp $
      
  server:
          hide-version: yes
          verbosity: 1
          interface: 192.0.2.72
      
      
  remote-control:
          control-enable: yes
          control-interface: /var/run/nsd.sock
      
  zone:
          name: "example.com"
          zonefile: "master/example.com.zone"
      
  zone:
          name: "2.0.192.in-addr.arpa"
          zonefile: "master/2.0.192.in-addr.arpa.zone"
  

• Setting file zone

  muhammad$ doas cat /var/nsd/zones/master/example.com.zone
  

  $TTL 86400
  @       IN      SOA     muntaza.example.com.         root.localhost (
                          17      ; serial
                          28800   ; refresh
                          7200    ; retry
                          604800  ; expire
                          86400   ; ttl
                          )
      
                  IN      NS      muntaza
  @               IN      A       192.0.2.72
  muntaza         IN      A       192.0.2.72
  openaset        IN      A       192.0.2.72
  

  muhammad$ doas cat /var/nsd/zones/master/2.0.192.in-addr.arpa.zone
  

  $TTL 86400
  @       IN      SOA     muntaza.example.com.         root.localhost (
                          17      ; serial
                          28800   ; refresh
                          7200    ; retry
                          604800  ; expire
                          86400   ; ttl
                          )
      
  @       IN       NS      192.0.2.72.
      
  72       IN      PTR     muntaza.example.com.
  72       IN      PTR     openaset.example.com.
  muhammad$
  

• Setting pf.conf

  PF Firewall perlu kita sesuaikan dengan membuka port 53 agar bisa menerima query Name Server.

  muhammad$ doas cat /etc/pf.conf
  

  #       $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
  #
  # See pf.conf(5) and /etc/examples/pf.conf
      
  set skip on lo
      
  block return    # block stateless traffic
  pass out                # establish keep-state
      
  services = "{ 22, 53, 80, 443, 4443 }"
      
  pass in proto tcp to port $services
      
  pass in proto udp to port 53
      
  # By default, do not permit remote connections to X11
  block return in on ! lo0 proto tcp to port 6000:6010
      
  # Port build user does not need network
  block return out log proto {tcp udp} user _pbuild
  

• Aktifkan NSD di rc.conf.local

  muhammad$ doas cat /etc/rc.conf.local | grep nsd
  

  nsd_flags=
  

Nah, sekian apa yang saya ringkaskan mengenai NSD ini, lebih lanjut, silahkan lihat pada Daftar Pustaka.

Alhamdulillah

Daftar Pustaka

1. OpenBSD Manual: nsd.conf(5)
2. OpenBSD Manual: nsd(8)
3. OpenBSD Manual: rcctl(8)
4. How To Use NSD, an Authoritative-Only DNS Server, on Ubuntu 14.04
5. Setting up nsd DNS server
6. NSD DNS Tutorial
7. 12 Dig Command Examples To Query DNS In Linux
8. Using dig to Query a Specific DNS Server (Name Server) Directly (Linux, BSD, OSX)
9. IPv4 Address Blocks Reserved for Documentation