Tujuan Pembelajaran
Setelah menyelesaikan praktikum ini, mahasiswa mampu:
- Memahami konsep dan arsitektur DNS (Domain Name System)
- Menginstall dan mengkonfigurasi DNS server menggunakan BIND9
- Memahami konsep dan workflow DHCP (Dynamic Host Configuration Protocol)
- Menginstall dan mengkonfigurasi DHCP server
- Melakukan testing dan troubleshooting layanan DNS dan DHCP
Teori Pendukung
Konsep DNS (Domain Name System)
Fungsi DNS
Translasi nama domain → IP address dan sebaliknya
Arsitektur Hierarkis
Root → TLD → Authoritative Servers
Record Types
A, AAAA, CNAME, MX, NS, PTR, TXT
Konsep DHCP (Dynamic Host Configuration Protocol)
Discover
Client mencari server
Offer
Server menawarkan IP
Request
Client meminta IP
Acknowledge
Server mengkonfirmasi
DNS Record Types
| Record |
Fungsi |
Contoh |
Keterangan |
| A |
IPv4 Address |
server A 192.168.1.10 |
Map hostname ke IPv4 |
| AAAA |
IPv6 Address |
server AAAA 2001:db8::1 |
Map hostname ke IPv6 |
| CNAME |
Canonical Name |
www CNAME server |
Alias untuk hostname lain |
| MX |
Mail Exchange |
@ MX 10 mail |
Server mail untuk domain |
| NS |
Name Server |
@ NS ns1 |
Authoritative name server |
| PTR |
Pointer Record |
10 PTR server |
Reverse DNS lookup |
DHCP Components
Range IP addresses yang tersedia untuk distribusi
192.168.1.100 - 192.168.1.200
Durasi waktu IP address diberikan ke client
default-lease-time 3600;
max-lease-time 7200;
DNS Server Configuration (BIND9)
1. Install BIND9
sudo apt update
sudo apt install bind9 bind9utils bind9-doc -y
sudo systemctl status bind9
2. Konfigurasi Options DNS Server
sudo nano /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
listen-on { 192.168.100.10; };
listen-on-v6 { none; };
allow-query { 192.168.100.0/24; localhost; };
recursion yes;
forwarders {
8.8.8.8;
8.8.4.4;
};
dnssec-validation auto;
auth-nxdomain no;
};
3. Buat Zone File untuk Domain Local
sudo nano /etc/bind/named.conf.local
zone "lab.local" {
type master;
file "/etc/bind/db.lab.local";
};
zone "100.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192.168.100";
};
4. Buat Database Zone Forward (Domain ke IP)
sudo nano /etc/bind/db.lab.local
$TTL 604800
@ IN SOA dns-server.lab.local. admin.lab.local. (
2024120101 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; Name servers
@ IN NS dns-server.lab.local.
;
; A records
dns-server IN A 192.168.100.10
web-server IN A 192.168.100.30
mail-server IN A 192.168.100.40
client-pc IN A 192.168.100.20
;
; CNAME records
www IN CNAME web-server.lab.local.
ftp IN CNAME web-server.lab.local.
5. Buat Database Zone Reverse (IP ke Domain)
sudo nano /etc/bind/db.192.168.100
$TTL 604800
@ IN SOA dns-server.lab.local. admin.lab.local. (
2024120101 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; Name servers
@ IN NS dns-server.lab.local.
;
; PTR records
10 IN PTR dns-server.lab.local.
20 IN PTR client-pc.lab.local.
30 IN PTR web-server.lab.local.
40 IN PTR mail-server.lab.local.
DHCP Server Configuration
1. Install DHCP Server
sudo apt install isc-dhcp-server -y
2. Tentukan Interface yang akan melayani DHCP
sudo nano /etc/default/isc-dhcp-server
INTERFACESv4="ens33"
INTERFACESv6=""
3. Konfigurasi DHCP Scope
sudo nano /etc/dhcp/dhcpd.conf
option domain-name "lab.local";
option domain-name-servers 192.168.100.10;
option subnet-mask 255.255.255.0;
option routers 192.168.100.1;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.100 192.168.100.200;
option broadcast-address 192.168.100.255;
# Fixed address untuk client tertentu
host client-pc {
hardware ethernet 08:00:27:aa:bb:cc; # Ganti dengan MAC client
fixed-address 192.168.100.20;
}
}
Langkah-langkah Praktikum
A. Persiapan Environment Jaringan
sudo hostnamectl set-hostname dns-server.local
echo "192.168.100.10 dns-server.local" | sudo tee -a /etc/hosts
sudo hostnamectl set-hostname client.local
echo "192.168.100.20 client.local" | sudo tee -a /etc/hosts
sudo nano /etc/netplan/01-netcfg.yaml
network:
version: 2
ethernets:
ens33:
addresses: [192.168.100.10/24]
gateway4: 192.168.100.1
nameservers:
addresses: [192.168.100.10, 8.8.8.8]
sudo netplan apply
B. Validasi dan Start DNS Service
sudo named-checkconf
sudo named-checkzone lab.local /etc/bind/db.lab.local
sudo named-checkzone 100.168.192.in-addr.arpa /etc/bind/db.192.168.100
sudo systemctl restart bind9
sudo systemctl enable bind9
sudo systemctl status bind9
C. Testing DNS Server
dig web-server.lab.local @192.168.100.10
nslookup 192.168.100.30 192.168.100.10
host client-pc.lab.local 192.168.100.10
sudo nano /etc/systemd/resolved.conf
[Resolve]
DNS=192.168.100.10
Domains=lab.local
sudo systemctl restart systemd-resolved
dig web-server.lab.local
nslookup mail-server.lab.local
ping web-server.lab.local
D. Validasi dan Start DHCP Service
sudo dhcpd -t
sudo systemctl restart isc-dhcp-server
sudo systemctl enable isc-dhcp-server
sudo systemctl status isc-dhcp-server
E. Testing DHCP Server
sudo nano /etc/netplan/01-netcfg.yaml
network:
version: 2
ethernets:
ens33:
dhcp4: true
sudo netplan apply
ip addr show ens33
cat /var/lib/dhcp/dhclient.leases
cat /var/lib/dhcp/dhcpd.leases
F. Integrasi DNS Dynamic Update dengan DHCP
sudo nano /etc/dhcp/dhcpd.conf
ddns-update-style interim;
update-static-leases on;
zone lab.local. {
primary 192.168.100.10;
}
zone 100.168.192.in-addr.arpa. {
primary 192.168.100.10;
}
sudo nano /etc/bind/named.conf.local
zone "lab.local" {
type master;
file "/etc/bind/db.lab.local";
allow-update { key rndc-key; };
};
Advanced Configuration
1. DNS Load Balancing dengan Round Robin
web-server IN A 192.168.100.30
web-server IN A 192.168.100.31
web-server IN A 192.168.100.32
2. DHCP Failover Configuration
failover peer "dhcp-failover" {
primary;
address 192.168.100.10;
port 647;
peer address 192.168.100.11;
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
load balance max seconds 3;
}
3. DNS Security (DNSSEC)
cd /etc/bind
dnssec-keygen -a RSASHA256 -b 2048 -n ZONE lab.local
dnssec-keygen -f KSK -a RSASHA256 -b 4096 -n ZONE lab.local
dnssec-signzone -A -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) -N INCREMENT -o lab.local -t db.lab.local
4. DHCP Options untuk PXE Boot
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.100 192.168.100.200;
option broadcast-address 192.168.100.255;
next-server 192.168.100.50; # TFTP server
filename "pxelinux.0"; # PXE boot file
}
Troubleshooting dan Monitoring
1. DNS Troubleshooting Commands
dig lab.local
nslookup lab.local
host lab.local
dig lab.local MX
dig lab.local NS
dig -x 192.168.100.10
dig lab.local +trace
2. DHCP Troubleshooting Commands
sudo systemctl status isc-dhcp-server
sudo journalctl -u isc-dhcp-server -f
cat /var/lib/dhcp/dhcpd.leases
dhcp-lease-list
sudo dhclient -v
ip addr show
3. Network Monitoring
sudo netstat -tulnp | grep -E '(53|67)'
sudo ss -tulnp | grep -E '(53|67)'
sudo tcpdump -i ens33 port 53 or port 67
sudo tcpdump -i ens33 -n port 53
4. Log Monitoring
sudo tail -f /var/log/syslog | grep named
sudo tail -f /var/log/syslog | grep dhcp
sudo rndc querylog
sudo tail -f /var/log/bind/query.log
5. Common Issues dan Solutions
| Masalah |
Penyebab |
Solusi |
| DNS query timeout |
Service tidak jalan, firewall block |
systemctl status bind9
ufw allow 53
|
| Client tidak dapat IP |
DHCP scope penuh, network issue |
cat /var/lib/dhcp/dhcpd.leases
dhcp-lease-list
|
| Reverse DNS tidak bekerja |
PTR record tidak ada/salah |
dig -x IP
Perbaiki PTR records
|
| Dynamic update gagal |
Permission, key problem |
rndc status
Check zone permissions
|
Tugas dan Evaluasi
- Jelaskan perbedaan antara forward lookup dan reverse lookup zone!
- Apa yang dimaksud dengan DHCP lease time dan mengapa perlu dikonfigurasi?
- Bagaimana cara reservasi IP address tertentu untuk client spesifik?
- Apa keuntungan integrasi DNS dynamic update dengan DHCP?
- Buat skenario: Perusahaan dengan 50 client membutuhkan DNS internal untuk domain company.local dan DHCP dengan range 192.168.1.100-200. Tulis konfigurasi lengkapnya!
Case Study: Implementasi untuk UKM
DNS Configuration for ukm.local domain
cat > /etc/bind/db.ukm.local << 'EOF'
$TTL 604800
@ IN SOA dns.ukm.local. admin.ukm.local. (
2024120101
604800
86400
2419200
604800 )
@ IN NS dns.ukm.local.
dns IN A 192.168.1.10
www IN A 192.168.1.100
mail IN A 192.168.1.101
ftp IN CNAME www.ukm.local.
EOF
DHCP Configuration for 30 clients
cat > /etc/dhcp/dhcpd.conf << 'EOF'
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.50 192.168.1.80;
option routers 192.168.1.1;
option domain-name-servers 192.168.1.10;
option domain-name "ukm.local";
default-lease-time 3600;
max-lease-time 7200;
}
EOF
Best Practices
- Gunakan meaningful hostnames
- Implementasi DNSSEC untuk security
- Setup monitoring dan alerting
- Regular backup zone files
- Use separate views untuk internal/external
- Monitor query logs untuk anomalies
- Plan IP address range dengan baik
- Implementasi DHCP failover
- Monitor lease usage
- Use reservations untuk critical devices
- Regular cleanup old leases
- Document scope configurations
Security Considerations
Important Security Measures:
- Restrict zone transfers hanya ke authorized servers
- Use firewall rules untuk membatasi akses ke port 53
- Implementasi rate limiting untuk mencegah DNS amplification attacks
- Regularly update BIND dan DHCP server software
- Monitor untuk suspicious DNS queries