Shell Scripting : Setup DNS Server (Bind9): Difference between revisions

#!/bin/bash
# ==============================================
# SIMPLE BIND9 DNS SERVER SETUP
# Reverse zone format FIXED - IP dibalik
# ==============================================

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

print_status() { echo -e "${BLUE}[INFO]${NC} $1"; }
print_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
print_error() { echo -e "${RED}[ERROR]${NC} $1"; }

# Check if running as root
if [ "$EUID" -ne 0 ]; then
    print_error "Script harus dijalankan dengan sudo!"
    exit 1
fi

# Banner
echo "=========================================="
echo "    SIMPLE BIND9 DNS SETUP SCRIPT"
echo "     Reverse Zone Format FIXED"
echo "=========================================="
echo ""

# Step 1: System Update
print_status "Step 1: Update system packages..."
apt update && apt upgrade -y
print_success "System update completed"

# Step 2: Install BIND9
print_status "Step 2: Installing BIND9 DNS Server..."
apt install -y bind9 bind9utils bind9-doc dnsutils
print_success "BIND9 installed successfully"

# Step 3: Get Domain Information
echo ""
print_status "Step 3: Domain Configuration"

read -p "Masukkan nama domain utama (contoh: mycompany.local): " domain_name

if [ -z "$domain_name" ]; then
    print_error "Domain name tidak boleh kosong!"
    exit 1
fi

# Step 4: Get Server IP Address
print_status "Mendeteksi IP address server..."
server_ip=$(hostname -I | awk '{print $1}')

read -p "Masukkan IP address server [$server_ip]: " custom_ip
server_ip=${custom_ip:-$server_ip}

# Extract network parts untuk reverse zone
ip_part1=$(echo $server_ip | cut -d. -f1)
ip_part2=$(echo $server_ip | cut -d. -f2) 
ip_part3=$(echo $server_ip | cut -d. -f3)
ip_part4=$(echo $server_ip | cut -d. -f4)

# Reverse zone format: 100.168.192.in-addr.arpa
reverse_zone="$ip_part3.$ip_part2.$ip_part1.in-addr.arpa"

echo ""
print_status "Konfigurasi Domain:"
echo "• Domain Utama: $domain_name"
echo "• Server IP: $server_ip"
echo "• Reverse Zone: $reverse_zone"
echo "• Subdomain yang akan dibuat:"
echo "  - $domain_name"
echo "  - www.$domain_name"
echo "  - mail.$domain_name" 
echo "  - ftp.$domain_name"
echo "  - db.$domain_name"

read -p "Lanjutkan? (y/N): " confirm
if [ "$confirm" != "y" ] && [ "$confirm" != "Y" ]; then
    print_error "Setup dibatalkan!"
    exit 1
fi

# Step 5: Configure BIND Options
print_status "Step 4: Mengkonfigurasi BIND options..."

cat > /etc/bind/named.conf.options << EOF
options {
    directory "/var/cache/bind";
    listen-on port 53 { any; };
    listen-on-v6 port 53 { any; };
    allow-query { any; };
    
    // Simple forwarders
    forwarders {
        8.8.8.8;
        8.8.4.4;
    };
    
    // Allow recursion
    recursion yes;
    allow-recursion { any; };
    
    dnssec-validation auto;
    auth-nxdomain no;
};
EOF

print_success "BIND options configured"

# Step 6: Create Forward Zone File
print_status "Step 5: Membuat forward zone file..."

cat > /etc/bind/db.$domain_name << EOF
; BIND data file for $domain_name
\$TTL    604800
@       IN      SOA     $domain_name. root.$domain_name. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL

; Name servers
@       IN      NS      ns1.$domain_name.

; A records
@       IN      A       $server_ip
ns1     IN      A       $server_ip
www     IN      A       $server_ip
mail    IN      A       $server_ip
ftp     IN      A       $server_ip
db      IN      A       $server_ip
cpanel  IN      A       $server_ip
admin   IN      A       $server_ip

; MX record
@       IN      MX 10   mail.$domain_name.
EOF

print_success "Forward zone file created: /etc/bind/db.$domain_name"

# Step 7: Create Reverse Zone File (FIXED FORMAT)
print_status "Step 6: Membuat reverse zone file (format dibalik)..."

cat > /etc/bind/db.$reverse_zone << EOF
; BIND reverse data file for $reverse_zone
\$TTL    604800
@       IN      SOA     $domain_name. root.$domain_name. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL

; Name servers
@       IN      NS      ns1.$domain_name.

; PTR records
$ip_part4       IN      PTR     $domain_name.
$ip_part4       IN      PTR     ns1.$domain_name.
$ip_part4       IN      PTR     www.$domain_name.
$ip_part4       IN      PTR     mail.$domain_name.
$ip_part4       IN      PTR     ftp.$domain_name.
$ip_part4       IN      PTR     db.$domain_name.
EOF

print_success "Reverse zone file created: /etc/bind/db.$reverse_zone"

# Step 8: Configure Zone in named.conf.local (FIXED)
print_status "Step 7: Mengkonfigurasi zones di named.conf.local..."

cat > /etc/bind/named.conf.local << EOF
// Forward Zone
zone "$domain_name" {
    type master;
    file "/etc/bind/db.$domain_name";
};

// Reverse Zone  
zone "$reverse_zone" {
    type master;
    file "/etc/bind/db.$reverse_zone";
};
EOF

print_success "Zone configuration added"

# Step 9: Set Permissions
print_status "Step 8: Mengatur permissions..."
chown bind:bind /etc/bind/db.*
chmod 644 /etc/bind/db.*
print_success "Permissions configured"

# Step 10: Test Configuration
print_status "Step 9: Testing configuration..."

# Test main config
if named-checkconf; then
    print_success "BIND configuration syntax OK"
else
    print_error "BIND configuration has errors!"
    exit 1
fi

# Test zone files
if named-checkzone $domain_name /etc/bind/db.$domain_name; then
    print_success "Forward zone syntax OK"
else
    print_error "Forward zone has errors!"
    exit 1
fi

if named-checkzone $reverse_zone /etc/bind/db.$reverse_zone; then
    print_success "Reverse zone syntax OK" 
else
    print_error "Reverse zone has errors!"
    exit 1
fi

# Step 11: Restart BIND Service
print_status "Step 10: Restarting BIND service..."
systemctl stop bind9
systemctl start bind9
systemctl enable bind9

# Step 12: Configure resolv.conf
print_status "Step 11: Mengkonfigurasi DNS resolver..."
cat > /etc/resolv.conf << EOF
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver $server_ip
search $domain_name
EOF

print_success "DNS resolver configured"

# Step 13: Test DNS Functionality
print_status "Step 12: Testing DNS functionality..."
sleep 3

echo ""
print_status "Testing forward lookups:"

domains=("$domain_name" "www.$domain_name" "mail.$domain_name" "ftp.$domain_name" "db.$domain_name")
for domain in "${domains[@]}"; do
    result=$(dig @127.0.0.1 $domain +short 2>/dev/null)
    if [ -n "$result" ]; then
        echo -e "  ${GREEN}✓${NC} $domain -> $result"
    else
        echo -e "  ${RED}✗${NC} $domain -> FAILED"
    fi
done

echo ""
print_status "Testing reverse lookup:"
reverse_result=$(dig @127.0.0.1 -x $server_ip +short 2>/dev/null)
if [ -n "$reverse_result" ]; then
    echo -e "  ${GREEN}✓${NC} $server_ip -> $reverse_result"
else
    echo -e "  ${RED}✗${NC} Reverse lookup failed"
fi

# Step 14: Final Summary
echo ""
echo "=========================================="
print_success "DNS SERVER SETUP COMPLETED!"
echo "=========================================="
echo ""
echo "📋 FILES CREATED:"
echo "----------------"
echo "• /etc/bind/db.$domain_name (Forward zone)"
echo "• /etc/bind/db.$reverse_zone (Reverse zone)" 
echo "• /etc/bind/named.conf.local (Zone config)"
echo ""
echo "🌐 DOMAINS ACTIVE:"
echo "-----------------"
echo "• $domain_name"
echo "• www.$domain_name" 
echo "• mail.$domain_name"
echo "• ftp.$domain_name"
echo "• db.$domain_name"
echo ""
echo "🔧 TEST COMMANDS:"
echo "----------------"
echo "• nslookup $domain_name 127.0.0.1"
echo "• dig @127.0.0.1 www.$domain_name"
echo "• dig @127.0.0.1 -x $server_ip (reverse lookup)"
echo "• systemctl status bind9"
echo ""
echo "🎉 REVERSE ZONE FORMAT SUDAH BENAR! IP DIBALIK!"