| Home | Posts RSS | Comments RSS | Edit


Custom Search
CO.CC:Free Domain

Kamis, 19 Agustus 2010

yuk mainan unbound DNS resolver ........

Buat yang berkecimpung di dunia jaringan komputer sudah tidak asing dengan namanya DNS resolver. Tanya mbah google aja ya tentang apa itu DNS resolver? :D
Bagi saya yang telah terbiasa dengan DNS resolver bawaan mikrotik (dulu pakenya karena segi kepraktisan saja, tidak ada yang lain :D ), sejalan dengan bertambahnya cpu untuk kepentingan pengaturan internet kantor (tambah satu buat Proxy, saya pake OS FreeBSD yang didalamnya ditanam Lusca HEAD cache) ditambah racun dari forum mikrotik indonesiamaka diputuskan untuk mencobanya. Untuk caranya (dalam hal ini di FreeBSD) bisa merujuk ke link tadi atau bisa dilihat di hasil copas ini (credit to bro siber @ forummikrotik[dot]com) :
cara install :
cd /usr/ports/dns/unbound
make config (centang Libevent & Thread)
make install clean
cd /usr/local/etc/unbound
fetch ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:wheel unbound_*
chmod 440 unbound_*
mkdir /usr/local/etc/unbound/dev
echo "devfs /usr/local/etc/unbound/dev devfs rw \
0 0" >> /etc/fstab
echo 'unbound_enable="YES"' >> /etc/rc.conf
echo 'devfs_set_rulesets="/usr/local/etc/unbound/dev=unbound_ruleset"' \
>> /etc/rc.conf

cara config:
     

verbosity: 5
statistics-interval: 120
num-threads: 2
interface: 0.0.0.0

outgoing-range: 512
num-queries-per-thread: 1024

msg-cache-size: 16m
rrset-cache-size: 32m

msg-cache-slabs: 4
rrset-cache-slabs: 4

cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120

infra-cache-numhosts: 10000
infra-cache-lame-size: 10k

do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes

access-control: 0.0.0.0/0 allow
access-control: 127.0.0.0/8 allow

chroot: "/usr/local/etc/unbound"
username: "unbound"
directory: "/usr/local/etc/unbound"
#logfile: "/usr/local/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
pidfile: "/usr/local/etc/unbound/unbound.pid"
root-hints: "/usr/local/etc/unbound/named.cache"

identity: "DNS"
version: "1.0"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"

local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. \
nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"

local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. \
nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

local-zone: "xxxxx.net." static
local-data: "xxxxx.net. 86400 IN NS ns1.xxxxx.net."
local-data: "xxxxx.net. 86400 IN NS ns2.xxxxx.net."
local-data: "xxxxx.net. 86400 IN SOA xxxxx.net. \
hostmaster.xxxxx.net.net. 3 3600 1200 604800 86400"
local-data: "xxxxx.net. 86400 IN A 172.16.17.2"
local-data: "www.xxxxx.net. 86400 IN A 172.16.17.2"
local-data: "ns1.xxxxx.net. 86400 IN A 172.16.17.2"
local-data: "ns1.xxxxx.net. 86400 IN A 172.16.17.20"
local-data: "mail.x.x.x.net. 86400 IN A 192.168.70.1"
local-data: "xxxxx.net. 86400 IN MX 10 mail.xxxxx.net."
local-data: "xxxxx.net. 86400 IN TXT v=spf1 a mx ~all"

local-zone: "17.16.172.in-addr.arpa." static
local-data: "17.16.172.in-addr.arpa. 10800 IN NS xxxxx.net."
local-data: "17.16.172.in-addr.arpa. 10800 IN SOA xxxxx.net. \
hostmaster.xxxxx.net. 4 3600 1200 604800 864000"
local-data: "2.17.16.172.in-addr.arpa. 10800 IN PTR xxxxx.net."
local-data: "3.17.16.172.in-addr.arpa. 10800 IN PTR nms.xxxxx.net."
local-data: "4.17.16.172.in-addr.arpa. 10800 IN PTR sadewa.xxxxx.net."
forward-zone:
name: "."
forward-addr: 202.155.x.x
forward-addr: 202.155.x.x

remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/usr/local/etc/unbound/unbound_server.key"
server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
control-key-file: "/usr/local/etc/unbound/unbound_control.key"
control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"
cara pakai:
arahkan semua client untuk menggunakan DNS server dengan IP dimana unbound diinstall, semisal unbound diinstall di komputer dengan IP 192.168.0.200, maka DNS komputer client di isi dengan ip 192.168.0.200

happy oprek

Read More......
 
from my XP © Template Design by Herro