Selasa, 27 September 2011

Membuat DNS Server Lokal Linux

 Membuat DNS Server Lokal

akhirnya jalan juga DNS lokal nya..seharian nyari di mbah ga nemu, akhirnya kilik2 dikit jadi dah..lg pake freeBSD, tapi konfigurasinya bisa koq di linux lainnya, cuma beda tempat aja..

konfigurasi networknya :

Inet ---- Firewall ------ DNS Server ----- DNS Lokal ------- Client

langsung aja biar nda lupa, selagi masih inget..

konfigurasi IP gw :

localhost# ifconfig
em0: flags=8843 mtu 1500
        options=b
        inet 192.168.1.253 netmask 0xffffff00 broadcast 192.168.1.255
        ether 00:04:23:b3:8a:94
        media: Ethernet autoselect (1000baseTX )
        status: active

xl0: flags=8843 mtu 1500
        options=8
        inet 172.16.1.6 netmask 0xffffffe0 broadcast 172.16.1.31
        ether 00:60:08:3e:bb:61
        media: Ethernet autoselect (100baseTX )
        status: active
 
yang mau di jadiin DNS lokal adalah IP 172.16.1.6
login dulu menggunakan root 
  localhost$ su -
  password :
 localhost#  nano /etc/rc.conf
 named_enable="YES"  <<---tambahkan ini agar service dns servernya berjalan setiap restart



 


edit di /etc/resolv.conf  ditambahi nameserver (iplocal yang mo di  jadiin dns )




localhost# nano /etc/resolv.conf


 domain  testing.com
nameserver      172.16.1.6

di /etc/host.conf ~ dibalik jadi 1.dns 2.hosts  jgn lupa backup dulu yak..


localhost# nano /etc/host.conf


#hosts       <<---remark aja lah


dns


hosts



konfigurasi named.conf tambahkan zona baru
# cd /etc/namedb/
# cp named.conf  named.conf.old
# vi named.conf


/etc/namedb/named.conf
options {
directory "/etc/namedb";
pid-file
"/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
// listen-on { 127.0.0.1; };
// listen-on-v6 { ::1; };
/*
forwarders {
          127.0.0.1;
};
*/
};
zone "." {
               type hint;
               file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
               type master;
               file "master/localhost.rev";
};
// RFC 3152
zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6
.ARPA"
{
               type master;
               file "master/localhost-v6.rev";
};
// RFC 1886 -- deprecated
zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6
.INT" {
              type master;
              file "master/localhost-v6.rev";
};
zone "testing.com" {
              type master;
              file "master/testing.zone";
};
zone "16.172.in-addr.arpa" {
                  type master;
                  file "master/testing.rev";
};


bangkitkan file localhost.rev dengan menjalankan make-localhost. Kemudian buat file
eone.rev
# sh make-localhost
# cd master
# cp localhost.rev testing.rev
# vi testing.rev

edit testing.rev , Serial disesuaikan saja dengan ditambahkan waktu setempat cth : 20110916 tambahkan menjadi 2011091621  <<-- 21  jam 9 malem nih...



/etc/namedb/master/testing.rev
$TTL 3600
                                  @ IN SOA testing.com. root.testing.com (
                                                             2011091621 ; Serial
                                                             3600 ; Refresh
                                                             900 ; Retry
                                                             3600000 ; Expire
                                                             3600 ) ; Minimum
                    IN                 NS               testing.com

16.1             IN                 PTR             ns3.

100.1           IN                 PTR             oprek.testing.com   

101.1           IN                 PTR             setan.testing.com

Buat file testing.zone
# cp testing.rev testing.zone
# vi testing.zone


/etc/namedb/master/testing.zone
$TTL 3600
                                   @ IN SOA testing.com. root.testing.com. (
                                                               2011091621      ; Serial
                                                               3600    ; Refresh
                                                               900     ; Retry
                                                              3600000 ; Expire
                                                              3600 )  ; Minimum
                IN             NS                        ns3.testing.com.

ns3           IN              A                         172.16.1.6
testing      IN          CNAME                   ns3



; Lokal Server Lainnya 

oprek       IN               A                         192.168.1.100  <<-- nama server lainnya

setan         IN              A                          192.168.1.101  <<--nama server lainnya






bangkitkan rndc.conf

# rndc-confgen > rndc.conf


/etc/namedb/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "l2wc2DlvXJk/ZtB0N1P3wg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};

# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as
needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "l2wc2DlvXJk/ZtB0N1P3wg==";
# };

#
# controls {
# inet 127.0.0.1 port 953
#
allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf

dalam rndc.conf terdapat konfigurasi untuk file named.conf yang tidak diaktifkan (#
comment) tambahkan pada named.conf

# cat rndc.conf >> named.conf
# vi named.conf


/etc/namedb/named.conf
options {
directory "/etc/namedb";
pid-file
"/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
// listen-on { 127.0.0.1; };
// listen-on-v6 { ::1; };
/*
forwarders {
                         127.0.0.1;
};
*/
};
zone "." {
               type hint;
               file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
                 type master;
                 file "master/localhost.rev";
};
// RFC 3152
zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6
.ARPA" {
               type master;
               file "master/localhost-v6.rev";
};
// RFC 1886 -- deprecated
zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6
.INT" {
                type master;

                 file "master/localhost-v6.rev";
};
zone "eone.org" {
                           type master;
                           file "master/testing.zone";
};
zone "16.172.in-addr.arpa" {
                          type master;
                          file "master/testing.rev";
};
key "rndc-key" {
                        algorithm hmac-md5;
                       secret "l2wc2DlvXJk/ZtB0N1P3wg==";
};
controls {
                inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf

konfigurasi selesai saatnya menjalankan DNS


# /etc/rc.d/named start
Starting named                        OK


Ujicoba, jika output sama dengan dibawah ini maka DNS berhasil.


# nslookup
> ns
Server:
172.16.1.6
Address:
172.16.1.6#53
Name: ns3.testing.com
Address: 172.16.1.6
> 172.16.1.6
Server:
172.16.1.6
Address:
172.16.1.6#536.1.16.172.in-addr.arpa name = ns3.











atau coba dengan dig

localhost# dig setan.testing.com


; <<>> DiG 9.3.4 <<>> setan.testing.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38351
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;setan.testing.com.       IN      A

;; ANSWER SECTION:
setan.testing.com. 3600   IN      A       192.168.1.101

;; AUTHORITY SECTION:
testing.com.         3600    IN      NS      ns3.testing.com.

;; ADDITIONAL SECTION:
ns3.testing.com.     3600    IN      A       172.16.1.6

;; Query time: 0 msec
;; SERVER: 172.16.1.6#53(172.16.1.6)
;; WHEN: Tue Sep 27 17:16:55 2011
;; MSG SIZE  rcvd: 91






segitu aja...terima kasih untuk mbah google, 


walau nemunya banyak yg ngasal trus kebanyakan kopas..yg penting dah jalan..hehehe..


InsyaAllah klo ada yg mo nanya bila inget akan di jawab yach...






Thanks










Write By



di





Tidak ada komentar:
  





























          

        

          

        

Senin, 19 September 2011


          

        










RedHat / CentOS Install and Configure Cacti Network Graphing Tool










Cacti is a network graphing tool 
similar to MRTG. How do I install and configure common options to 
collect SNMP data and various other data (such as system load, network 
link status, hard disk space, logged in users etc) into an RRD?



From the official project site:



Cacti is a complete frontend to RRDTool, it stores all of
 the necessary information to create graphs and populate them with data 
in a MySQL database. The frontend is completely PHP driven. Along with 
being able to maintain Graphs, Data Sources, and Round Robin Archives in
 a database, cacti handles the data gathering. There is also SNMP 
support for those used to creating traffic graphs with MRTG.





Required software(s)

You need to install the following software on RHEL / Fedora / CentOS Linux:


    

  1. MySQL Server : Store cacti data.
    2. 

  2. NET-SNMP server - SNMP (Simple Network Management Protocol) is a protocol used for network management. 
    3. 

  3. PHP with net-snmp module - Access SNMP data using PHP. 
    4. 

  4. Apache / lighttpd / ngnix webserver : Web server to display graphs created with PHP and RRDTOOL.
    5. 





Install the software

First, login as root user and type the following command to install mysql, apache and php:

# yum install mysql-server mysql php-mysql php-pear php-common 
php-gd php-devel php php-mbstring php-cli php-snmp php-pear-Net-SMTP 
php-mysql httpd




Configure MySQL server

First, set root password:

# mysqladmin -u root password NEWPASSWORD




Create cacti MySQL database

Create a database called cacti, enter:

# mysql -u root -p -e 'create database cacti'

Create a user called cacti with a password called zYn95ph43zYtq, enter:

# mysql -u root -p


mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'zYn95ph43zYtq';
mysql> FLUSH privileges;
mysql> \q




Install snmpd

Type the following command to install net-snmpd

# yum install net-snmp-utils php-snmp net-snmp-libs

Configure snmpd, open /etc/snmp/snmpd.conf

# vi /etc/snmp/snmpd.conf

Append / modify it as follows (see snmpd.conf man page  for details):


com2sec local     localhost           public
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
view all    included  .1                               80
access MyRWGroup ""      any       noauth    exact  all    all    none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root  (configure /etc/snmp/snmp.local.conf)
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat

Save and close the file. Turn on snmpd service:

# /etc/init.d/snmpd start

# chkconfig snmpd on

Make sure you are getting information from snmpd:

# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

Sample ouptut:


IP-MIB::ipAdEntIfIndex.10.10.29.68 = INTEGER: 2
IP-MIB::ipAdEntIfIndex.67.yy.zz.eee = INTEGER: 3
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1




Install cacti

First, make sure EPEL repo is enabled. Type the following command to install cacti:

# yum install cacti




Install cacti tables

Type the following command to find out cacti.sql path:

# rpm -ql cacti | grep cacti.sql

Sample output:


/usr/share/doc/cacti-0.8.7d/cacti.sql

Type the following command to install cacti tables (you need to type the cacti user password):

# mysql -u cacti -p cacti < /usr/share/doc/cacti-0.8.7d/cacti.sql




Configure cacti

Open /etc/cacti/db.php file, enter:

# vi /etc/cacti/db.php

Make changes as follows:


 
/* make sure these values refect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "zYn95ph43zYtq";
$database_port = "3306";
 

Save and close the file.




Configure httpd

Open /etc/httpd/conf.d/cacti.conf file, enter:

# vi /etc/httpd/conf.d/cacti.conf

You need to update  allow from line. Either set to ALL or your LAN subnet to allow access to cacti:


 
#
# Cacti: An rrd based graphing tool
#
Alias /cacti    /usr/share/cacti
 

        Order Deny,Allow
        Deny from all
        Allow from 10.0.0.0/8
 

Another option is create /usr/share/cacti/.htaccess file and password protect the directory. Finally, restart httpd:

# service httpd restart




Setup cacti cronjob

Open /etc/cron.d/cacti file, enter:

# vi /etc/cron.d/cacti

Uncomment the line:


*/5 * * * *     cacti   /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

Save and close the file.




Run cacti installer

Now cacti is ready to install. Fire a webbrowser and type the url:

http://your.example.com/cacti/

OR

http://your.server.ip.address/cacti/

Just follow on screen instructions. The default username and password 
for cacti is admin / admin. Upon first login, you will be force to 
change the default password.




How do I configure SNMP data collection?

SNMP can be used to monitor server traffic. Once installed login to cacti.

=> Click on Devices

=> Select Localhost 

=> Make sure SNMP options are selected as follows:



Fig.01: SNMP configuration
	



Fig.01: SNMP configuration



Finally, click on Save button.




How do I create SNMP graphs?

Click on "Create Graphs for this Host" link on top right side.

Select SNMP - Interface Statistics

Select a graph type (such as In/Out bytes with total bandwidth)

Finally, click on Create button. 




How do I view graphs?

To view graphs click on Graphs tab. Here is sample graph from one my own box:



Fig.02: Cacti in Action - Memory, CPU and Network Usage
	



Fig.02: Cacti in Action - Memory, CPU and Network Usage





(Fig.02: Cacti in action)




Fig.03: Cacti in Action Disk, Load average and User stats
	



Fig.03: Cacti in Action Disk, Load average and User stats












Write By



di





Tidak ada komentar:
  





























        

      









Langganan:
Postingan (Atom)