install DNS UNBOUND
# apt-get install unbound
# cd /etc/unbound
# wget ftp://FTP.INTERNIC.NET/domain/named.cache
# unbound-control-setup
# chown unbound:root unbound_*
# chmod 440 unbound_*
saya menganjurkan backup unbound.conf dulu sebelum diobok-obok
# cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.asli
hapus semua isi tulisan file /etc/unbound/unbound.conf dan isikan ini
#######################################################################
#######################################################################
server:
verbosity: 1
statistics-interval: 0
extended-statistics: yes
statistics-cumulative: no
interface: 192.168.102.250 # saya revisi harus ada lan / eth1
interface: 127.0.0.1
# penggunaan cpu, nilai 1 = no threading, nilai 2 = go threading
num-threads: 2
# nilai 2 kali dari num-threads: 2
msg-cache-slabs: 4
rrset-cache-slabs: 4
infra-cache-slabs: 4
key-cache-slabs: 4
# gunakan 1/10 dari memory misal memory 512 mb
# msg-cache size = 512 / 10 = 51,2 ato 50 m
# untuk rrset-cache-size = msg-cache-size X 2
rrset-cache-size: 1640m
msg-cache-size: 820m
# rumus untuk single core pentium 4 adalah memory : 2
# sedangkan untuk dual core dan lainya rumusnya 1024/cores - 50
outgoing-range: 4096
# Larger socket buffer. OS may need config.
so-rcvbuf: 4m
num-queries-per-thread: 1024
cache-max-ttl: 86400
infra-host-ttl: 900
infra-lame-ttl: 900
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
key-cache-size: 4m
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
access-control: 0.0.0.0/0 refuse
access-control:192.168.102.0/24 allow # saya revisi juga harus ada lan / eth1
access-control: 127.0.0.0/8 allow
chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
#logfile: "/squid-log/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
#pidfile: "/etc/unbound/unbound.pid"
root-hints: "/etc/unbound/named.cache"
identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address:192.168.102.0/24 # saya revisi harus ada lan / eth1
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"
#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
#########
#########
#zone tns.net, samakan dengan dhcp
local-zone: "tns.net." static
local-data: "tns.net. 86400 IN NS ns1.tns.net."
local-data: "tns.net. 86400 IN SOA tns.net. hostmaster.tns.net. 3 3600 1200 604800 86400"
local-data: "tns.net. 86400 IN A 10.10.108.40"
local-data: "www.tns.net. 86400 IN A 10.10.108.40"
local-data: "ns1.tns.net. 86400 IN A 10.10.108.40" # sama didhcp server
# layanan mail
local-data: "mail1.tns.net. 86400 IN A 192.168.2.2"
local-data: "tns.net. 86400 IN MX 10 mail1.tns.net."
local-data: "tns.net. 86400 IN TXT v=spf1 a mx ~all"
# dns bind hanya diremove systemnya bukan file nya dengan tasksel
local-zone: "168.192.in-addr.arpa." static
local-data: "168.192.in-addr.arpa. 10800 IN NS tns.net."
local-data: "168.192.in-addr.arpa. 10800 IN SOA tns.net. hostmaster.tns.net. 4 3600 1200 604800 864000"
local-data: "250.102.168.192.in-addr.arpa. 10800 IN PTR tns.net."
#########
#########
forward-zone:
name: "."
forward-addr:192.168.102.250 # ini saya revisi forward dns local harus ada
forward-addr: 180.131.144.144
forward-addr: 180.131.145.145
# anda bisa menambah lebih banyak lagi dns spidol
remote-control:
control-enable: yes
control-interface:192.168.102.250 # saya revisi lan / eth1 harus ada
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
#######################################################################
#######################################################################
save dan tutup kemudian check konfigurasi unbound diputty
# unbound-checkconf /etc/unbound/unbound.conf
jika komeng keluarnya gini
unbound-checkconf: no errors in /etc/unbound/unbound.conf
berarti konfigurasi sudah betul.
tambahkan dns option pada file /etc/network/interfaces agar modem bisa mengarah ke localhost 127.0.0.1
buka file /etc/network/interfaces. tambahakan baris berikut setelah gateway modem dan sebelum auto eth1
lihat tulisan merah
auto eth0
iface eth0 inet static
address 192.168.3.2
netmask 255.255.255.0
broadcast 192.168.3.255
gateway 192.168.3.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1
auto eth1
iface eth1 inet static
address 192.168.2.2
netmask 255.255.255.0
broadcast 192.168.2.255
save dan restart networking
No comments:
Post a Comment