Tuesday, October 26, 2010

Install Unbound DNS Resolver di Ubuntu

Bagi kalangan para squider mungkin dah ga’ asing lagi dengan nama PDNSD,BIND,DNSMASQ dll yang gunanya sebagai dns resolver. Kali ini gw akan mencoba menggunakan unbound sebagai pengganti DNS resolver diatas :malu:
sebelum melangkah lebih jauh silahkan ditengok graphic dibawah ini



okey langsung saja qta mulai tahap instalasinya di ubuntu..cukup simpel koq :o

apt-get install unbound

klo udah silahkan lakukan konfigurasi file dibawah ini :
cd /etc/unbound
wget ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:root unbound_*
chmod 440 unbound_*
eksekusi perintah diatas dalam mode super user (dah tau khan perintahnya :D )
sesuaikan config /etc/unbound/unbound.conf, dan servis dns lainnya (bind/dnsmasq dll) harus di stop agar tidak bentrok)
sekarang qta konfigurasi isi unboundnya…silahkan disesuaikan bagi yang mencobanya

sudo gedit /etc/unbound/unbound.conf

server:
verbosity: 1
statistics-interval: 120
num-threads: 1
interface: 0.0.0.0

outgoing-range: 512
num-queries-per-thread: 1024

msg-cache-size: 16m
rrset-cache-size: 32m

msg-cache-slabs: 4
rrset-cache-slabs: 4

cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120

infra-cache-numhosts: 10000
infra-cache-lame-size: 10k

do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes

#access-control: 0.0.0.0/0 allow
access-control: 192.168.100.0/27 allow
#access-control: 172.16.0.0/12 allow
#access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 0.0.0.0/0 refuse

chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
#logfile: "/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
pidfile: "/etc/unbound/unbound.pid"
root-hints: "/etc/unbound/named.cache"

identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"

#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"

local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

#zone dns.xxx.org
#local-zone: "dns.xxx.org." static
#local-data: "dns.xxx.org. 86400 IN NS ns1.dns.itvps.org."
#local-data: "dns.xxx.org. 86400 IN SOA dns.xxx.org. hostmaster.dns.xxx.org. 3 3600 1200 604800 86400"
#local-data: "dns.xxx.org. 86400 IN A 192.168.x.x"
#local-data: "www.dns.xxx.org. 86400 IN A 192.168.x.x"
#local-data: "ns1.dns.xxx.org. 86400 IN A 192.168.x.x"

#local-data: "mail.dns.xxx.org. 86400 IN A 192.168.x.x"
#local-data: "dns.xxx.org. 86400 IN MX 10 mail.dns.xxx.org."
#local-data: "dns.xxx.org. 86400 IN TXT v=spf1 a mx ~all"

#local-zone: "x.x.192.in-addr.arpa." static
#local-data: "x.x.168.192.in-addr.arpa. 10800 IN NS dns.xxx.org."
#local-data: "x.x.192.in-addr.arpa. 10800 IN SOA dns.xxx.org. hostmaster.dns.xxx.org. 4 3600 1200 604800 864000"
#local-data: "x.x.168.192.in-addr.arpa. 10800 IN PTR dns.xxx.org."


forward-zone:
name: "."
forward-addr: 180.131.144.144
forward-addr: 180.131.145.145
forward-addr: 202.134.0.155
forward-addr: 203.130.196.155
forward-addr: 125.160.4.82
forward-addr: 202.134.0.61
forward-addr: 203.130.196.5
forward-addr: 222.124.198.150
forward-addr: 222.124.249.115
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4

remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"


klo udah silahkan cek filenya dl siapa tau ada yang error dengan perintah

unbound-checkconf /etc/unbound/unbound.conf

Note: Untuk yang diberi BOLD itu hanya bisa digunakan untuk pengguna IP Static (Ex: Speedy) kalo pengguna modem kayak saya engga bisa dipake jadi dikasih tanda pagar didepannya.

klo udah silahkan restart unboundnya

/etc/init.d/unbound restart

sekarang tes (asumsi dah jalan)

root@BLITZ:~# nslookup 192.168.xx.xx
Server: 127.0.0.1
Address: 127.0.0.1#53


x.xx.168.192.in-addr.arpa name = dns.xxx.org.

root@BLITZ:~# nslookup dns.xxx.org
Server: 127.0.0.1
Address: 127.0.0.1#53


Name: dns.xxx.org
Address: 192.168.xx.xx


klo udah silahkan tambahkan dns localhost di squid.conf nya

dns_nameservers 127.0.0.1

lalu rekonfigurasi ulang squidnya (dah tau jg khan perintahnya :p )
untuk melihat performanya silahkan di cek dengan perintah ini

unbound-control stats

udah segitu aja.

Source, Repost n Copas :Rh354