Unbound adalah alternatif DNS resolver dan juga DNS server, konon Unbound lebih aman dan lebih cepat dalam melakukan resolving ke domain atau juga dalam melakukan query. Hm..., untuk mendukung warnet, maka Warnet Ciputih menggunakan Unbound yang di bundle dengan squid proxy server. penasaran juga dengan yang satu ini.
Tested on OS ubuntu ram 512MB, (include servis squid, apache2, & mrtg squid
Install Paket Yang dibutuhkan:
apt-get install build-essential libssl-dev
# apt-get install unbound
# cd /etc/unbound
# wget ftp://FTP.INTERNIC.NET/domain/named.cache
# unbound-control-setup
# groupadd unbound
# useradd -d /var/unbound -m -g unbound -s /bin/false unbound
dan sesuaikan config /etc/unbound/unbound.conf,
dan servis dns lainnya (bind/dnsmasq dll) harus di stop agar tidak bentrok)
# chown unbound:root unbound_*
# chmod 440 unbound_*
# nano
dan Copy paste dibawah ini
=====================
server:
verbosity: 1
statistics-interval: 120
statistics-cumulative: yes
num-threads: 1
interface: 0.0.0.0
outgoing-range: 512
num-queries-per-thread: 1024
msg-cache-size: 64m
rrset-cache-size: 32m
msg-cache-slabs: 4
rrset-cache-slabs: 4
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
access-control: 0.0.0.0/0 allow
# access-control: 192.168.88.0/16 allow
# access-control: 40.40.40.0/12 allow
# access-control: 10.0.0.0/8 allow
# access-control: 127.0.0.0/8 allow
# access-control: 0.0.0.0/0 refuse
chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
#logfile: "/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
pidfile: "/etc/unbound/unbound.pid"
root-hints: "/etc/unbound/named.cache"
identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"
#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
#zone ciputih.net
local-zone: "ciputih.net." static
local-data: "ciputih.net. 86400 IN NS ns1.ciputih.net."
local-data: "ciputih.net. 86400 IN SOA ciputih.net. hostmaster.ciputih.net. 3 3600 1200 604800 86400"
local-data: "ciputih.net. 86400 IN A 30.30.30.67"
local-data: "www.ciputih.net. 86400 IN A 30.30.30.67"
local-data: "ns1.ciputih.net. 86400 IN A 30.30.30.67"
local-data: "mail.ciputih.net. 86400 IN A 30.30.30.67"
local-data: "ciputih.net. 86400 IN MX 10 mail.ciputih.net."
local-data: "ciputih.net. 86400 IN TXT v=spf1 a mx ~all"
local-zone: "30.30.30.in-addr.arpa." static
local-data: "30.30.30.in-addr.arpa. 10800 IN NS ciputih.net."
local-data: "30.30.30.in-addr.arpa. 10800 IN SOA ciputih.net. hostmaster.ciputih.net. 4 3600 1200 604800 864000"
local-data: "67.30.30.30.in-addr.arpa. 10800 IN PTR ciputih.net."
forward-zone:
name: "."
forward-addr: 30.30.30.30
forward-addr: 202.134.0.155
forward-addr: 202.134.0.61
forward-addr: 203.130.193.74
forward-addr: 203.130.196.155
forward-addr: 202.134.1.5
forward-addr: 203.130.208.18
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
# End Conf
=============================
lalu save di /etc/unbound/unbound.conf
=============================
forward-zone : sesuaikan dengan DNS ISP anda
ip pada local data sesuaikan dengan ip ubuntu anda
setting ubuntu agar mengunakan DNS unbound :
edit file di /etc/resolv.conf :
# nano /etc/resolv.conf
tuliskan :
nameserver 127.0.0.1
edit file /etc/network/interfaces
# nano /etc/network/interfaces
iface eth0 inet static
address 30.30.30.67
netmask 255.255.255.0
network 30.30.30.0
broadcast 30.30.30.255
gateway 30.30.30.30
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1
reboot cpu anda....
untuk mengecek DNS unbound sudah jalan :
# /etc/init.d/unbound restart
Jika ada error atau bentrok dengan bind maka
apt-get autoremove bind
# nslookup 30.30.30.67
Server: 127.0.0.1
Address: 127.0.0.1#53
67.30.30.30.in-addr.arpa name = ciputih.net
# nslookup ciputih.net
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: ciputih.net
Address: 30.30.30.67
#unbound-control stats
thread0.num.queries=38
thread0.num.cachehits=7
thread0.num.cachemiss=31
thread0.num.recursivereplies=31
thread0.requestlist.avg=0.129032
thread0.requestlist.max=1
thread0.requestlist.overwritten=0
thread0.requestlist.exceeded=0
thread0.requestlist.current.all=0
thread0.requestlist.current.user=0
thread0.recursion.time.avg=0.088811
thread0.recursion.time.median=0.0185685
thread1.num.queries=10
thread1.num.cachehits=1
thread1.num.cachemiss=9
thread1.num.recursivereplies=9
thread1.requestlist.avg=0
thread1.requestlist.max=0
thread1.requestlist.overwritten=0
thread1.requestlist.exceeded=0
thread1.requestlist.current.all=0
thread1.requestlist.current.user=0
thread1.recursion.time.avg=0.049576
thread1.recursion.time.median=0.016384
total.num.queries=48
total.num.cachehits=8
total.num.cachemiss=40
total.num.recursivereplies=40
total.requestlist.avg=0.1
total.requestlist.max=1
total.requestlist.overwritten=0
total.requestlist.exceeded=0
total.requestlist.current.all=0
total.requestlist.current.user=0
total.recursion.time.avg=0.079984
total.recursion.time.median=0.0174763
time.now=1281681396.583885
time.up=7299.491047
time.elapsed=4177.655650