Kau bisa bersembunyi dari kesalahanmu, tapi tidak dari penyesalanmu. Kau bisa bermain dengan dramamu, tapi tidak dengan karmamu.

  • About

    Seorang Teknisi Jaringan yang pernah berkecimpung di Internet Service Provider (ISP) dan akhirnya memutuskan diri untuk menjadi freelancer yang berdomisili di Solo, Surakarta Hadiningrat.

  • Services

    Melayani jasa pasang Internet berbasis Wireless maupun Fiber Optic, Jasa Pasang Tower/Pipa, Pointing Wireless, Setting Router, CCTV, Hotspot, Proxy, Web Server, Network Managed dan Monitoring

  • Contact

    Berbagai saran, kritikan, keluhan dan masukan akan sangat berarti bagi saya. Anda dapat menghubungi/whatsapp saya di nomor:08564-212-8686 atau melalui BBM:2128686

    Wednesday, March 23, 2016

    Instalasi Unbound

    Posted by .::[ RahoX ]::. 4:43 PM No comments

    Apa itu Unbound ?
    Unbound adalah salah satu aplikasi DNS Server.
    Fungsinya apa ?
    Sebagai resolver
    Apa itu resolver ?
    Untuk menerjemahkan Domain ke IP.
    Misalkan detik.com itu ip servernya 203.190.242.69 dan 203.190.241.43
    Maka butuh DNS Server untuk meresolve detik.com ke ip tadi
    • Install Unbound
    root@pi:/home/pi# apt-get install unbound
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following extra packages will be installed:
      libunbound2 unbound-anchor
    The following NEW packages will be installed:
      libunbound2 unbound unbound-anchor
    0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
    Need to get 864 kB of archives.
    After this operation, 1,998 kB of additional disk space will be used.
    Do you want to continue? [Y/n]
    Get:1 http://kartolo.sby.datautama.net.id/debian/ jessie/main libunbound2 armhf 1.4.22-3 [272 kB]
    Get:2 http://kartolo.sby.datautama.net.id/debian/ jessie/main unbound-anchor armhf 1.4.22-3 [96.6 kB]
    Get:3 http://kartolo.sby.datautama.net.id/debian/ jessie/main unbound armhf 1.4.22-3 [495 kB]
    Fetched 864 kB in 1s (707 kB/s)
    Selecting previously unselected package libunbound2:armhf.
    (Reading database ... 31542 files and directories currently installed.)
    Preparing to unpack .../libunbound2_1.4.22-3_armhf.deb ...
    Unpacking libunbound2:armhf (1.4.22-3) ...
    Selecting previously unselected package unbound-anchor.
    Preparing to unpack .../unbound-anchor_1.4.22-3_armhf.deb ...
    Unpacking unbound-anchor (1.4.22-3) ...
    Selecting previously unselected package unbound.
    Preparing to unpack .../unbound_1.4.22-3_armhf.deb ...
    Unpacking unbound (1.4.22-3) ...
    Processing triggers for man-db (2.7.0.2-5) ...
    Processing triggers for systemd (215-17+deb8u3) ...
    Setting up libunbound2:armhf (1.4.22-3) ...
    Setting up unbound-anchor (1.4.22-3) ...
    Setting up unbound (1.4.22-3) ...
    Processing triggers for libc-bin (2.19-18+deb8u3) ...
    Processing triggers for systemd (215-17+deb8u3) ...
    root@pi:/home/pi#

    •  Lalu masuk ke directory /etc/unbound

    root@pi:/home/pi# cd /etc/unbound/
    root@pi:/etc/unbound# wget ftp://ftp.internic.net/domain/named.cache
    --2016-03-23 09:20:07--  ftp://ftp.internic.net/domain/named.cache
               => ‘named.cache’
    Resolving ftp.internic.net (ftp.internic.net)... 192.0.32.9, 2620:0:2d0:200::9
    Connecting to ftp.internic.net (ftp.internic.net)|192.0.32.9|:21... connected.
    Logging in as anonymous ... Logged in!
    ==> SYST ... done.    ==> PWD ... done.
    ==> TYPE I ... done.  ==> CWD (1) /domain ... done.
    ==> SIZE named.cache ... 3171
    ==> PASV ... done.    ==> RETR named.cache ... done.
    Length: 3171 (3.1K) (unauthoritative)

    named.cache                               100%[=======================================================================================>]   3.10K  --.-KB/s   in 0.002s

    2016-03-23 09:20:13 (1.99 MB/s) - ‘named.cache’ saved [3171]

    root@pi:/etc/unbound#

    • ubah permission unbound
    root@pi:/etc/unbound# unbound-control-setup
    setup in directory /etc/unbound
    unbound_server.key exists
    unbound_control.key exists
    create unbound_server.pem (self signed certificate)
    create unbound_control.pem (signed client certificate)
    Signature ok
    subject=/CN=unbound-control
    Getting CA Private Key
    Setup success. Certificates created.
    root@pi:/etc/unbound# chown unbound:root unbound_*
    root@pi:/etc/unbound# chmod 440 unbound_*
    root@pi:/etc/unbound#

    • edit file /etc/unbound/unbound.conf
    server:
 verbosity: 1
# statistics-interval: 120 = default
 statistics-interval: 0
# statistics-cumulative: yes = default
 statistics-cumulative: yes
# num-threads:    = sesuaikan dengan core prosesor
 num-threads: 2
 interface: 0.0.0.0
# outgoing-range: 512  = default
 outgoing-range: 4096
# num-queries-per-thread: 1024 = default
 num-queries-per-thread: 4096
# msg-cache-size: 16m  = default
 msg-cache-size: 128m
# rrset-cache-size: 32m  = default
 rrset-cache-size: 128m
# msg-cache-slabs: 4  = default
 msg-cache-slabs: 1
# rrset-cache-slabs: 4  = default
 rrset-cache-slabs: 1
 cache-max-ttl: 86400
 infra-host-ttl: 60
 infra-lame-ttl: 120
 infra-cache-numhosts: 10000
 infra-cache-lame-size: 10k
 do-ip4: yes
 do-ip6: no
 do-udp: yes
 do-tcp: yes
 do-daemonize: yes
# REFUSE ALL
 access-control: 0.0.0.0/0 refuse
# TELKOM
# access-control: 36.64.0.0/12 allow
#       access-control: 36.80.0.0/13 allow
#       access-control: 36.88.0.0/16 allow
#       access-control: 61.94.0.0/16 allow
#       access-control: 110.136.0.0/14 allow
#       access-control: 118.96.0.0/15 allow
#       access-control: 118.98.0.0/17 allow
#       access-control: 125.160.0.0/13 allow
#       access-control: 180.241.0.0/12 allow
#       access-control: 202.134.0.0/21 allow
#       access-control: 222.124.0.0/16 allow
#       access-control: 203.130.192.0/18 allow
# My Subnet
 access-control: xx.xxx.2.0/24 allow
# localhost
 access-control: 127.0.0.0/8 allow
# rfc1918
 access-control: 192.168.0.0/16 allow
 access-control: 172.16.0.0/12 allow
 access-control: 10.0.0.0/8 allow

 chroot: "/etc/unbound"
 username: "unbound"
 directory: "/etc/unbound"
 logfile: "/etc/unbound/unbound.log"
 use-syslog: no
 pidfile: "/var/run/unbound.pid"
 root-hints: "/etc/unbound/named.cache"

 identity: "DNS"
 version: "1.4"
 hide-identity: yes
 hide-version: yes
 harden-glue: yes
 do-not-query-address: 127.0.0.1/8
 do-not-query-localhost: yes
 module-config: "iterator"

 #zone localhost
 local-zone: "localhost." static
 local-data: "localhost. 10800 IN NS localhost."
 local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
 local-data: "localhost. 10800 IN A 127.0.0.1"
 local-zone: "127.in-addr.arpa." static
 local-data: "127.in-addr.arpa. 10800 IN NS localhost."
 local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
 local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

        #zone rahox.net.id
        local-zone: "rahox.net.id." static
        local-data: "rahox.net.id. 86400 IN NS ns1.rahox.net.id."
        local-data: "rahox.net.id. 86400 IN SOA rahox.net.id. hostmaster.rahox.net.id. 3 3600 1200 604800 86400"
        local-data: "rahox.net.id. 86400 IN A 49.128.181.202"
        local-data: "www.rahox.net.id. 86400 IN A 49.128.181.202"
        local-data: "koe-asu.com. 86400 IN A 172.16.16.2"
        local-data: "koe-asu.com. 86400 IN A 172.16.16.2"
        local-data: "cache.google.com. 86400 IN A 118.98.111.1"
        local-data: "ns1.rahox.net.id. 86400 IN A 49.128.181.202"
        local-data: "mail.rahox.net.id. 86400 IN A 49.128.181.202"
        local-data: "rahox.net.id. 86400 IN MX 10 mail.rahox.net.id."
        local-data: "rahox.net.id. 86400 IN TXT v=spf1 a mx ~all"

# PTR RECORD
        local-zone: "181.128.49.in-addr.arpa." static
        local-data: "181.128.49.in-addr.arpa. 10800 IN NS rahox.net.id."
        local-data: "181.128.49.in-addr.arpa. 10800 IN SOA rahox.net.id. hostmaster.rahox.net.id. 4 3600 1200 604800 864000"
        local-data: "202.181.128.49.in-addr.arpa. 10800 IN PTR rahox.net.id."

# STATIC RESOLVER
# START HERE
 local-data: "images.via.com. 86400 IN A 23.200.179.234"
        local-data: "cfs.u-ad.info. 86400 IN A 127.0.0.1"
        local-data: "www.hao123.com. 86400 IN A 74.125.68.100"
# fbstatic-a.akamaihd.net
# local-data: "fbstatic-a.akamaihd.net. 86400 IN A 114.4.39.203"
# local-data: "fbstatic-a.akamaihd.net. 86400 IN A 114.4.39.224"
# local-data: "fbstatic-a.akamaihd.net. 86400 IN A 114.4.39.210"
# download.microsoft.com
        local-data: "download.microsoft.com. 86400 IN A 184.29.95.47"
        local-data: "download.microsoft.com. 86400 IN A 118.98.42.121"
# www2.ati.com
        local-data: "www2.ati.com. 86400 IN A 23.51.11.227"
# akamai vimeo
# local-data: "skyfiregcs-a.akamaihd.net. 86400 IN A 118.98.95.82"
#       local-data: "skyfiregcs-a.akamaihd.net. 86400 IN A 118.98.95.75"
# local-data: "pdlvimeocdn-a.akamaihd.net. 86400 IN A 118.98.93.48"
#       local-data: "pdlvimeocdn-a.akamaihd.net. 86400 IN A 118.98.93.50"
# fbcdn-video - ip 88,97,121,136,146
        local-data: "fbcdn-video-a-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-b-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-c-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-d-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-e-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-f-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-g-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-h-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-i-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-j-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-k-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-l-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-m-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-n-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-o-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-p-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-a-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-b-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-c-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-d-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-e-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-f-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-g-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-h-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-i-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-j-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-k-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-l-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-m-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-n-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-o-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-p-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-a-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-b-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-c-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-d-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-e-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-f-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-g-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-h-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-i-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-j-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-k-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-l-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-m-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-n-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-o-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-p-a.akamaihd.net. 86400 IN A 118.98.42.121"

# login garenaplus messenger
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.172.49"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.207"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.177"
               local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.144"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.174"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.141"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.204"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.173"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.200"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.146"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.172"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.178"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.150"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.188"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.176"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.190"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.148"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.201"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.171"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.175"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.142"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.206"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.186"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.187"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.170"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.143"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.149"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.147"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.189"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.202"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.203"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.145"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.205"
# acer
        local-data: "global-download.acer.com. 86400 IN A 118.98.37.40"
        local-data: "global-download.acer.com. 86400 IN A 118.98.37.50"
# asus
        local-data: "dlcdnet.asus.com. 86400 IN A  125.160.18.32"
        local-data: "dlcdnet.asus.com. 86400 IN A  125.160.18.35"
        local-data: "dlcdnet.asus.com.edgesuite.net. 86400 IN A  125.160.18.32"
        local-data: "dlcdnet.asus.com.edgesuite.net. 86400 IN A  125.160.18.35"
# samsung
        local-data: "downloadcenter.samsung.com. 86400 IN A  125.160.18.48"
        local-data: "downloadcenter.samsung.com. 86400 IN A  125.160.18.33"
# nvidia
        local-data: "us.download.nvidia.com. 86400 IN A  125.160.18.48"
        local-data: "us.download.nvidia.com. 86400 IN A  125.160.18.33"
# wdc
        local-data: "download.wdc.com. 86400 IN A  125.160.18.48"
        local-data: "download.wdc.com. 86400 IN A  125.160.18.33"
        local-data: "download.wdc.com. 86400 IN A  118.98.93.48"
        local-data: "download.wdc.com. 86400 IN A  118.98.93.19"
# adobe
        local-data: "get3.adobe.com. 86400 IN A  23.192.114.114"
# oracle
        local-data: "download.oracle.com. 86400 IN A 125.160.18.24"
        local-data: "download.oracle.com. 86400 IN A 125.160.18.43"
# intel
        local-data: "ark.intel.com. 86400 IN A 125.160.18.27"
        local-data: "ark.intel.com. 86400 IN A 125.160.18.58"

forward-zone:
        name: "dl.garenanow.com"
        forward-addr:118.98.44.166
        forward-addr:118.98.44.100
forward-zone:
        name: "cdn.garenanow.com"
        forward-addr:118.98.44.166
        forward-addr:118.98.44.100
forward-zone:
        name: "akamai.net"
        forward-addr:118.98.44.166
        forward-addr:114.5.5.77
forward-zone:
        name: "google.com"
        forward-addr:118.98.44.166
        forward-addr:114.5.5.77
forward-zone:
        name: "google.co.id"
        forward-addr:118.98.44.166
        forward-addr:114.5.5.77

forward-zone:
 name: "."
 forward-addr: 8.8.8.8
 forward-addr: 208.67.222.222


remote-control:
 control-enable: yes
 control-interface: 127.0.0.1
 control-port: 953
 server-key-file: "/etc/unbound/unbound_server.key"
 server-cert-file: "/etc/unbound/unbound_server.pem"
 control-key-file: "/etc/unbound/unbound_control.key"
 control-cert-file: "/etc/unbound/unbound_control.pem"

    Sampai di sini sudah selesai, jangan lupa restart service unbound
    root@pi:/etc/unbound# /etc/init.d/unbound restart
    [ ok ] Restarting unbound (via systemctl): unbound.service.

     Jangan lupa seting resolv.conf seperti berikut ini
    root@pi:/etc/unbound# cat /etc/resolv.conf
    # Generated by resolvconf
    nameserver 127.0.0.1

    Dan pada network interfaces konfigurasinya ganti seperti berikut
    # interfaces(5) file used by ifup(8) and ifdown(8)
    # Please note that this file is written to be used with dhcpcd
    # For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

    # Include files from /etc/network/interfaces.d:
    source-directory /etc/network/interfaces.d

    auto lo
    iface lo inet loopback

    auto eth0
    allow-hotplug eth0
    iface eth0 inet static
            address 172.16.17.18
            netmask 255.255.255.252
            gateway 172.16.17.17
            dns-nameservers 127.0.0.1

     Restart interfaces
    root@pi:/etc/unbound# /etc/init.d/networking restart
    [ok] Restarting networking (via systemctl): networking.service

    Sekarang tahap uji coba apakah Unbound telah berjalan sebagaimana mestinya
    root@pi:/etc/unbound# nslookup detik.com
    Server:         127.0.0.1
    Address:        127.0.0.1#53

    Non-authoritative answer:
    Name:   detik.com
    Address: 203.190.242.69
    Name:   detik.com
    Address: 203.190.241.43


    ,

    0 comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)

    ABOUT ME

    BLOG ROLL

    FOLLOWERS