Domain Name System (DNS) adalah suatu bentuk database yang terdistribusi, dimana pengelolaan secara lokal terhadap suatu data akan segera diteruskan ke seluruh jaringan (internet) dengan menggunakan skema client-server. Suatu program yang dinamakan name server, mengandung semua segmen informasi dari database dan juga merupakan resolver bagi client-client yang berhubungan ataupun menggunakannya, beruntunglah ada teknologi ini membantu memudahkan manusia untuk berkomunikasi di alam digital.
Di Universitas Lampung sendiri telah disiapkan 3 Name Server Public untuk meng-handle query resolv zone domain dan PTR record unila.ac.id ;
- Primary Name Server : ns1.unila.ac.id/103.3.46.2
- Secondary Name Server : ns2.unila.ac.id/103.3.46.3
- Secondary Name Server : ns3.unila.ac.id/103.3.46.4
Belajar dari pengalaman kemarin yang sempat saya posting disini http://gigihfordanama.wordpress.com/2011/09/29/cname-and-mx-record-will-effect-email-problem , juga hasil dari diskusi dengan Bos Admin CS-UI (Pak Maman Sutarman) problem mail kadang kala juga berasal dari resolv dns yang tidak berhasil, sehingga perlu disiapkan Name Server dengan lokasi berbeda dengan ISP kita , lebih dari dua lebih baik. terhitung sejak kemarin akhirnya saya memutuskan untuk menggunakan layanan freeDNS dari Hurricane Electric (http://dns.he.net) , dengan langkah praktis adalah sebagai berikut;
- Register di http://dns.he.net
- Buat Record Zone domain agar bisa transfer zone ke NS1.HE.NET
-
zone "unila.ac.id" { type master; file "db.unila.mora"; allow-query { any; }; allow-transfer { 216.218.186.2; }; }; - Dan Tambahkan record NS dengan menambahkan entry NS1.HE.NET di zona unila tadi, kira kira seperti berikut
-
$TTL 3600 @ IN SOA ns1.unila.ac.id. gigih.unila.ac.id. ( 2011092704 ; serial 3600 ; Refresh 900 ; Retry 3600000 ; Expire 3600 ) ; Minimum IN NS ns1.unila.ac.id. IN NS ns2.unila.ac.id. IN NS ns1.he.net. IN MX 10 barracuda.unila.ac.id. IN A 103.3.46.1 IN MX 20 zimbra.unila.ac.id. IN MX 30 mailgate.unila.ac.id. IN AAAA 2001:470:18:aa7::2
- Akses http://dns.he.net
Klik AddNew Slave dengan parameter berikut
Tidak lama berselang HE.NET akan menerima transfer zone persis sama dengan Master Domain.
Selesai, tinggal di Check apakah sudah bisa diresolv dari luar atau belum,
ns1 ~>dig @ns5.speedcast.com unila.ac.id SOA ; <<>> DiG 9.3.2-P1 <<>> @ns5.speedcast.com unila.ac.id SOA ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58821 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1 ;; QUESTION SECTION: ;unila.ac.id. IN SOA ;; ANSWER SECTION: unila.ac.id. 3600 IN SOA ns1.unila.ac.id. gigih.unila.ac.id. 2011092704 3600 900 3600000 3600 ;; AUTHORITY SECTION: unila.ac.id. 274 IN NS ns2.unila.ac.id. unila.ac.id. 274 IN NS ns1.unila.ac.id. unila.ac.id. 274 IN NS ns1.he.net. ;; ADDITIONAL SECTION: ns1.he.net. 20252 IN A 216.218.130.2 ;; Query time: 137 msec ;; SERVER: 202.174.158.10#53(202.174.158.10) ;; WHEN: Fri Sep 30 09:22:41 2011 ;; MSG SIZE rcvd: 147 ns1 ~>
Jika ns1.he.net sudah muncul berarti sudah berhasil, tinggal check query ke NS1.HE.NET bertanya resolv domain unila,
ns1 ~>dig @ns1.he.net www.unila.ac.id SOA ; <<>> DiG 9.3.2-P1 <<>> @ns1.he.net www.unila.ac.id SOA ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62638 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.unila.ac.id. IN SOA ;; AUTHORITY SECTION: unila.ac.id. 86400 IN SOA ns1.he.net. gigih.unila.ac.id. 2011092903 3600 900 3600000 3600 ;; Query time: 205 msec ;; SERVER: 216.218.130.2#53(216.218.130.2) ;; WHEN: Fri Sep 30 09:24:38 2011 ;; MSG SIZE rcvd: 85 ns1 ~> ns1 ~>dig @ns1.he.net unila.ac.id MX ; <<>> DiG 9.3.2-P1 <<>> @ns1.he.net unila.ac.id MX ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7730 ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3 ;; QUESTION SECTION: ;unila.ac.id. IN MX ;; ANSWER SECTION: unila.ac.id. 3600 IN MX 20 zimbra.unila.ac.id. unila.ac.id. 3600 IN MX 30 mailgate.unila.ac.id. unila.ac.id. 3600 IN MX 10 barracuda.unila.ac.id. ;; ADDITIONAL SECTION: barracuda.unila.ac.id. 3600 IN A 103.3.46.252 zimbra.unila.ac.id. 3600 IN A 103.3.46.21 mailgate.unila.ac.id. 3600 IN A 103.3.46.5 ;; Query time: 228 msec ;; SERVER: 216.218.130.2#53(216.218.130.2) ;; WHEN: Fri Sep 30 09:25:09 2011 ;; MSG SIZE rcvd: 151 ns1 ~>
Selamat kita sudah memiliki secondary Name Server yang di hosting diluar, dan ini gratis sodara-sodara.
Ini saya cuplik hasil query test dari dnstool di Checko http://www.dns-info.cz/en/dns-test/dom.php
Test results – unila.ac.id
| Authoritative name servers | |||||||
| DNS server | TTL | IPv4 address | IPv4 glue | IPv6 address | serial No. | reaction | |
| ns2.unila.ac.id | 1800 | 30m | 103.3.46.3 | 103.3.46.3 | 2011092704 | 385 ms | |
| ns1.he.net | 1800 | 30m | 216.218.130.2 | 2011092704 | 181 ms | ||
| ns1.unila.ac.id (pri) | 1800 | 30m | 103.3.46.2 | 103.3.46.2 | 2001:470:35:2b8::2 | 2011092704 | 383 ms |
| Subnets and autonomous systems of name servers | ||||||
| name | IPv4 address | subnet | ASN | |||
| ns2.unila.ac.id | 103.3.46.3 | 103.3.46.0/24 | 56237 | |||
| ns1.he.net | 216.218.130.2 | 216.218.128.0/17 | 6939 | |||
| ns1.unila.ac.id | 103.3.46.2 | 103.3.46.0/24 | 56237 | |||
| SOA record (ns1.unila.ac.id) | |||
| item | value | description | |
| serial | 2011092704 | domain zone serial number | |
| mname | ns1.unila.ac.id | name of primary name server for this zone | |
| rname | gigih.unila.ac.id | zone administrator’s e-mail address | |
| refresh | 3600 | 1h | interval for checking availabilty of new zone on primary name server (seconds) |
| retry | 900 | 15m | interval for repeating new zone check on primary name server when the previous attemp failed (seconds) |
| expire | 3600000 | 41d 16h | time after which the zone is discarded when the secodary server is unable to contact primary name server to check new zone (seconds) |
| minimum | 3600 | 1h | TTL for caching negative responses (seconds) |
| NS records from the zone (ns1.unila.ac.id) | ||||
| domain name | TTL | value | ||
| unila.ac.id | 3600 | 1h | ns1.he.net | |
| unila.ac.id | 3600 | 1h | ns1.unila.ac.id | |
| unila.ac.id | 3600 | 1h | ns2.unila.ac.id | |
| MX records from the zone (ns1.unila.ac.id) | |||||
| domain name | TTL | value | IPv4 address | IPv6 address | |
| unila.ac.id | 3600 | 1h | 10 barracuda.unila.ac.id | 103.3.46.252 | |
| unila.ac.id | 3600 | 1h | 20 zimbra.unila.ac.id | 103.3.46.21 | |
| unila.ac.id | 3600 | 1h | 30 mailgate.unila.ac.id | 103.3.46.5 | |
| A records from the zone (ns1.unila.ac.id) | ||||
| domain name | TTL | value | ||
| unila.ac.id | 3600 | 1h | 103.3.46.1 | |
| www.unila.ac.id | 3600 | 1h | 103.3.46.1 | |
| AAAA records from the zone (ns1.unila.ac.id) | ||||
| domain name | TTL | value | ||
| unila.ac.id | 3600 | 1h | 2001:470:18:aa7::2 | |
| www.unila.ac.id | 3600 | 1h | 2001:470:18:aa7::2 | |
| SRV SIP records from the zone (ns1.unila.ac.id) | |||||||
| domain name | TTL | pref | weight | target | IPv4 | IPv6 | |
| No records found | |||||||
| Results of DNS and domain tests | ||||
| test name and result description | result | |||
| DNS servers response (info) | PASS | |||
| All name servers for this domain name respond to DNS queries | ||||
| zone serial numbers (info) | PASS | |||
All name servers return the same serial number in SOA record
|
||||
| authoritativity of name servers for the domain (info) | PASS | |||
| All name servers are authoritative for this domain name | ||||
| attendance of required glue records at parent server (info) | PASS | |||
| There are all required glue records on parent server | ||||
| glue records and A records in zone matching (info) | PASS | |||
| Glue records match with A records in the zone | ||||
| attendance of NS records in the zone (info) | PASS | |||
| Zone of the domain name contains NS records | ||||
| NS records and authoritative name servers matching (info) | PASS | |||
| NS records from the zone match NS records from parent server | ||||
| recursive queries (info) | WARNING | |||
Some nameservers provide recursive services. It is a bad idea to run authoritative and caching services on one DNS server, because it can cause difficulties in some conditions.
|
||||
| public zone transfer (AXFR) (info) | PASS | |||
| None of name servers offer zone transfer (AXFR) for this domain name | ||||
| name servers on public IP (info) | PASS | |||
| All name servers are on public IP addresses | ||||
| recommended number of name servers (info) | PASS | |||
| The domain has recommended 2-7 name servers | ||||
| TTL values in NS records on parent server (info) | PASS | |||
| TTL values of NS records at parent server matches | ||||
| TTL values in NS records in the zone (info) | PASS | |||
| TTL values of NS records in the zone matches | ||||
| reverse records of name servers (info) | PASS | |||
| Reverse records of DNS servers matches with their IP addresses | ||||
| name servers in different autonomous systems (AS) (info) | PASS | |||
| DNS servers are at least in 2 different autonomous systems (AS) thus their availability is not dependent on one network | ||||
| name servers in different subnets (info) | PASS | |||
| DNS servers are at least in 2 different subnets | ||||
| different IPv4 addresses of name servers (info) | PASS | |||
| DNS servers have different IP addresses | ||||
| server from SOA MNAME as NS record (info) | PASS | |||
DNS server from SOA MNAME entry is listed as NS record in the zone
|
||||
| MNAME entry check (info) | PASS | |||
| SOA MNAME entry is syntactically valid | ||||
| similar MNAME in SOA from all name servers (info) | PASS | |||
All DNS servers return the name MNAME value in SOA record
|
||||
| RNAME entry check (info) | PASS | |||
| SOA RNAME entry is syntactically valid | ||||
| recommended format of serial number (YYYYMMDDnn) (info) | PASS | |||
The serial number of the zone has recommended syntax YYYYMMDDnn
|
||||
| REFRESH value check (info) | PASS | |||
| SOA REFRESH value is within recommended range 20m-12h | ||||
| RETRY value check (info) | PASS | |||
| SOA RETRY value is less than REFRESH value and is at least 15m | ||||
| EXPIRE value check (info) | NOTICE | |||
| SOA EXPIRE value is higher than recommended maximum 31 days. | ||||
| MINIMUM value check (info) | PASS | |||
| SOA MINIMUM value is within recommended range 1-3h | ||||
| contact WWW server (info) | PASS | |||
| Connection to WWW server using HTTP protocol is all right | ||||
| HTTP response code (info) | PASS | |||
| Response from WWW server is correct, no error detected | ||||
| Mailserver software detection (info) | INFO | |||
Software of WWW server has been determned
|
||||
| AAAA records presence (info) | INFO | |||
| Domain has A records and also AAAA records | ||||
| TTL values in A records (info) | PASS | |||
| TTL values in A records are equal | ||||
| TTL values in AAAA records (info) | PASS | |||
| TTL values in AAAA records are equal | ||||
| Reverse records of WWW server (info) | PASS | |||
| Reverse records matches with their IP addresses | ||||
| Number of MX records (info) | INFO | |||
| Domain has at least 2 MX records, thus the domain accepts e-mail messages and has a backup mailserver for the case of failure of primary mailserver. | ||||
| Syntax check of MX records (info) | PASS | |||
| All MX records are syntactically correct | ||||
| Resolve MX records to IP address (info) | PASS | |||
| All MX records can be correctly resolved to IP address | ||||
| MX records duplicity (info) | PASS | |||
| MX records are not duplicated | ||||
| TTL values of MX records (info) | PASS | |||
| TTL values of MX records are equal | ||||
| Reverse reverse records of MX records (info) | PASS | |||
| Reverse records match with their IP addresses | ||||
| Connection with primary mailserver (info) | ERROR | |||
| The mailserver does not accept e-mails for postmaster@domain | ||||
| Connection to other mailservers (info) | ERROR | |||
| Can’t connect to some of backup mailservers | ||||
| Mailserver software detection (info) | INFO | |||
| Mailserver software could not be detected | ||||
| Detection of available extensions (ESMTP) (info) | PASS | |||
Mailserver offer ESMTP extensions
|
||||
| Greylisting (info) | skipped | |||
| AAAA records presence (info) | INFO | |||
| None of mailservers does not have IPv6 (AAAA record) | ||||
| SPF records presence (info) | INFO | |||
| Domain does not have SFP or TXT (v=spf1) record | ||||
| Open relay mailservers (info) | PASS | |||
| None of mailserver is open relay, thus they accepts e-mails only for domains that are configured for. | ||||
| Mail servers in DNSBL blacklists (info) | PASS | |||
| None of mailservers is listed in any DNSBL servers thus they are not the source of spam | ||||
| SRV SIP records presence (info) | INFO | |||
| Domain does not provide SIP services | ||||
| Syntax check of SRV records (info) | skipped | |||
| Resolve SIP servers from SRV records to IP addresses (info) | skipped | |||
| SRV records duplicity (info) | skipped | |||
| TTL values check for SRV records (info) | skipped | |||
| Reverse records for SIP servers (info) | skipped | |||
| AAAA records presence for SIP servers (info) | skipped | |||
| DNSKEY record presence (info) | INFO | |||