Wednesday, August 15, 2012

Install Unbound di Ubuntu


Install Unbound Di Ubuntu

Bagi kalangan para squider mungkin dah ga’ asing lagi dengan nama PDNSD, BIND, DNSMASQ dll yang gunanya sebagai dns resolver. Kali ini gw akan mencoba menggunakan unbound sebagai pengganti DNS resolver diatas
sebelum melangkah lebih jauh silahkan ditengok graphic dibawah ini Unbound
okey langsung saja qta mulai tahap instalasinya di ubuntu.cukup simpel koq

1

$ sudo apt-get install unbound
klo udah silahkan lakukan konfigurasi file dibawah ini :

1

$ cd /etc/unbound

1

$ sudo wget  ftp://FTP.INTERNIC.NET/domain/named.cache

1
2
3

$ sudo unbound-control-setup
$ sudo chown unbound:root unbound_*
$ sudo chmod 440 unbound_*
sesuaikan config **/etc/unbound/unbound.conf**, dan servis dns lainnya **(bind/dnsmasq dll)** harus di **stop** agar tidak bentrok) sekarang kita konfigurasi isi unboundnya. silahkan disesuaikan bagi yang mencobanya 

1

$ sudo vi /etc/unbound/unbound.conf
(unbound.conf) download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

server:
         verbosity: 1
         statistics-interval: 120
         num-threads: 1
         interface: 0.0.0.0

         outgoing-range: 512
         num-queries-per-thread: 1024

         msg-cache-size: 16m
         rrset-cache-size: 32m

         msg-cache-slabs: 4
         rrset-cache-slabs: 4

         cache-max-ttl: 86400
         infra-host-ttl: 60
         infra-lame-ttl: 120

         infra-cache-numhosts: 10000
         infra-cache-lame-size: 10k

         do-ip4: yes
         do-ip6: no
         do-udp: yes
         do-tcp: yes
         do-daemonize: yes

         #access-control: 0.0.0.0/0 allow
         access-control: 192.168.100.0/27 allow
         #access-control: 172.16.0.0/12 allow
         #access-control: 10.0.0.0/8 allow
         access-control: 127.0.0.0/8 allow
         access-control: 0.0.0.0/0 refuse

         chroot: "/usr/local/etc/unbound"
         username: "unbound"
         directory: "/usr/local/etc/unbound"
         #logfile: "/usr/local/etc/unbound/unbound.log"
         #use-syslog: yes
         logfile: ""
         use-syslog: no
         pidfile: "/usr/local/etc/unbound/unbound.pid"
         root-hints: "/usr/local/etc/unbound/named.cache"

        identity: "DNS"
        version: "1.4"
        hide-identity: yes
        hide-version: yes
        harden-glue: yes
        do-not-query-address: 127.0.0.1/8
        do-not-query-localhost: yes
        module-config: "iterator"

        #zone localhost
        local-zone: "localhost." static
        local-data: "localhost. 10800 IN NS localhost."
        local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
        local-data: "localhost. 10800 IN A 127.0.0.1"

        local-zone: "127.in-addr.arpa." static
        local-data: "127.in-addr.arpa. 10800 IN NS localhost."
        local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
        local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

        #zone dns.indolini.org
        #local-zone: "dns.indolini.org." static
        #local-data: "dns.indolini.org. 86400 IN NS ns1.dns.indolini.org."
        #local-data: "dns.indolini.org. 86400 IN SOA dns.indolini.org. hostmaster.dns.indolini.org.  3 3600 1200 604800 86400"
        #local-data: "dns.indolini.org. 86400 IN A 192.168.xx.xx"
        #local-data: "www.dns.indolini.org. 86400 IN A 192.168.xx.xx"
        #local-data: "ns1.dns.indolini.org. 86400 IN A 192.168.xx.xx"

        #local-data: "mail.dns.indolini.org. 86400 IN A 192.168.100.5"
        #local-data: "dns.indolini.org. 86400 IN MX 10 mail.dns.indolini.org."
        #local-data: "dns.indolini.org. 86400 IN TXT v=spf1 a mx ~all"

       #local-zone: "xx.168.192.in-addr.arpa." static
       #local-data: "xx.168.192.in-addr.arpa. 10800 IN NS dns.indolini.org."
       #local-data: "xx.168.192.in-addr.arpa. 10800 IN SOA dns.indolini.org. hostmaster.dns.indolini.org. 4 3600 1200 604800 864000"
       #local-data: "xx.xx.168.192.in-addr.arpa. 10800 IN PTR dns.indolini.org."

forward-zone:
        name: "."
        forward-addr: 8.8.8.8
        forward-addr: 8.8.4.4

remote-control:
        control-enable: yes
        control-interface: 127.0.0.1
        control-port: 953
        server-key-file: "/usr/local/etc/unbound/unbound_server.key"
        server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
        control-key-file: "/usr/local/etc/unbound/unbound_control.key"
        control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"
klo udah silahkan cek filenya dl siapa tau ada yang error dengan perintah 
1

$ sudo unbound-checkconf /etc/unbound/unbound.conf
yang gw kasih tanda pagar silahkan sesuaikan dengan ip(yg ada **xx**nya) dan zonenya masing2. untuk modem ato yang pake dhcp silahkan dipagar aja di depan masing2 kalimat yang gw bold diatas klo udah silahkan restart unboundnya 
1

$ sudo /etc/init.d/unbound restart
sekarang tes (asumsi dah jalan) 
1
2
3
4
5

root@indolini:~$ nslookup 192.168.xx.xx
Server: 127.0.0.1
Address: 127.0.0.1#53

x.xx.168.192.in-addr.arpa name = dns.indolini.org.

1
2
3
4
5
6

root@indolini:~$ nslookup dns.indolini.org
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: dns.indolini.org
Address: 192.168.xx.xx
klo udah silahkan tambahkan dns localhost di squid.conf nya 
1

dns_nameservers 127.0.0.1
lalu rekonfigurasi ulang squidnya (dah tau jg khan perintahnya ) untuk melihat performanya silahkan di cek dengan perintah ini 
1

$ sudo unbound-control stats  
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)