Apa itu Unbound ?
Unbound adalah salah satu aplikasi DNS Server.
Fungsinya apa ?
Sebagai resolver
Apa itu resolver ?
Untuk menerjemahkan Domain ke IP.
Misalkan detik.com itu ip servernya 203.190.242.69 dan 203.190.241.43
Maka butuh DNS Server untuk meresolve detik.com ke ip tadi
- Install Unbound
root@pi:/home/pi# apt-get install unbound
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libunbound2 unbound-anchor
The following NEW packages will be installed:
libunbound2 unbound unbound-anchor
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 864 kB of archives.
After this operation, 1,998 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://kartolo.sby.datautama.net.id/debian/ jessie/main libunbound2 armhf 1.4.22-3 [272 kB]
Get:2 http://kartolo.sby.datautama.net.id/debian/ jessie/main unbound-anchor armhf 1.4.22-3 [96.6 kB]
Get:3 http://kartolo.sby.datautama.net.id/debian/ jessie/main unbound armhf 1.4.22-3 [495 kB]
Fetched 864 kB in 1s (707 kB/s)
Selecting previously unselected package libunbound2:armhf.
(Reading database ... 31542 files and directories currently installed.)
Preparing to unpack .../libunbound2_1.4.22-3_armhf.deb ...
Unpacking libunbound2:armhf (1.4.22-3) ...
Selecting previously unselected package unbound-anchor.
Preparing to unpack .../unbound-anchor_1.4.22-3_armhf.deb ...
Unpacking unbound-anchor (1.4.22-3) ...
Selecting previously unselected package unbound.
Preparing to unpack .../unbound_1.4.22-3_armhf.deb ...
Unpacking unbound (1.4.22-3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for systemd (215-17+deb8u3) ...
Setting up libunbound2:armhf (1.4.22-3) ...
Setting up unbound-anchor (1.4.22-3) ...
Setting up unbound (1.4.22-3) ...
Processing triggers for libc-bin (2.19-18+deb8u3) ...
Processing triggers for systemd (215-17+deb8u3) ...
root@pi:/home/pi#
- Lalu masuk ke directory /etc/unbound
root@pi:/home/pi# cd /etc/unbound/
root@pi:/etc/unbound# wget ftp://ftp.internic.net/domain/named.cache
--2016-03-23 09:20:07-- ftp://ftp.internic.net/domain/named.cache
=> ‘named.cache’
Resolving ftp.internic.net (ftp.internic.net)... 192.0.32.9, 2620:0:2d0:200::9
Connecting to ftp.internic.net (ftp.internic.net)|192.0.32.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /domain ... done.
==> SIZE named.cache ... 3171
==> PASV ... done. ==> RETR named.cache ... done.
Length: 3171 (3.1K) (unauthoritative)
named.cache 100%[=======================================================================================>] 3.10K --.-KB/s in 0.002s
2016-03-23 09:20:13 (1.99 MB/s) - ‘named.cache’ saved [3171]
root@pi:/etc/unbound#
- ubah permission unbound
root@pi:/etc/unbound# unbound-control-setup
setup in directory /etc/unbound
unbound_server.key exists
unbound_control.key exists
create unbound_server.pem (self signed certificate)
create unbound_control.pem (signed client certificate)
Signature ok
subject=/CN=unbound-control
Getting CA Private Key
Setup success. Certificates created.
root@pi:/etc/unbound# chown unbound:root unbound_*
root@pi:/etc/unbound# chmod 440 unbound_*
root@pi:/etc/unbound#
- edit file /etc/unbound/unbound.conf
server:
verbosity: 1
# statistics-interval: 120 = default
statistics-interval: 0
# statistics-cumulative: yes = default
statistics-cumulative: yes
# num-threads: = sesuaikan dengan core prosesor
num-threads: 2
interface: 0.0.0.0
# outgoing-range: 512 = default
outgoing-range: 4096
# num-queries-per-thread: 1024 = default
num-queries-per-thread: 4096
# msg-cache-size: 16m = default
msg-cache-size: 128m
# rrset-cache-size: 32m = default
rrset-cache-size: 128m
# msg-cache-slabs: 4 = default
msg-cache-slabs: 1
# rrset-cache-slabs: 4 = default
rrset-cache-slabs: 1
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
# REFUSE ALL
access-control: 0.0.0.0/0 refuse
# TELKOM
# access-control: 36.64.0.0/12 allow
# access-control: 36.80.0.0/13 allow
# access-control: 36.88.0.0/16 allow
# access-control: 61.94.0.0/16 allow
# access-control: 110.136.0.0/14 allow
# access-control: 118.96.0.0/15 allow
# access-control: 118.98.0.0/17 allow
# access-control: 125.160.0.0/13 allow
# access-control: 180.241.0.0/12 allow
# access-control: 202.134.0.0/21 allow
# access-control: 222.124.0.0/16 allow
# access-control: 203.130.192.0/18 allow
# My Subnet
access-control: xx.xxx.2.0/24 allow
# localhost
access-control: 127.0.0.0/8 allow
# rfc1918
access-control: 192.168.0.0/16 allow
access-control: 172.16.0.0/12 allow
access-control: 10.0.0.0/8 allow
chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
logfile: "/etc/unbound/unbound.log"
use-syslog: no
pidfile: "/var/run/unbound.pid"
root-hints: "/etc/unbound/named.cache"
identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"
#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
#zone rahox.net.id
local-zone: "rahox.net.id." static
local-data: "rahox.net.id. 86400 IN NS ns1.rahox.net.id."
local-data: "rahox.net.id. 86400 IN SOA rahox.net.id. hostmaster.rahox.net.id. 3 3600 1200 604800 86400"
local-data: "rahox.net.id. 86400 IN A 49.128.181.202"
local-data: "www.rahox.net.id. 86400 IN A 49.128.181.202"
local-data: "koe-asu.com. 86400 IN A 172.16.16.2"
local-data: "koe-asu.com. 86400 IN A 172.16.16.2"
local-data: "cache.google.com. 86400 IN A 118.98.111.1"
local-data: "ns1.rahox.net.id. 86400 IN A 49.128.181.202"
local-data: "mail.rahox.net.id. 86400 IN A 49.128.181.202"
local-data: "rahox.net.id. 86400 IN MX 10 mail.rahox.net.id."
local-data: "rahox.net.id. 86400 IN TXT v=spf1 a mx ~all"
# PTR RECORD
local-zone: "181.128.49.in-addr.arpa." static
local-data: "181.128.49.in-addr.arpa. 10800 IN NS rahox.net.id."
local-data: "181.128.49.in-addr.arpa. 10800 IN SOA rahox.net.id. hostmaster.rahox.net.id. 4 3600 1200 604800 864000"
local-data: "202.181.128.49.in-addr.arpa. 10800 IN PTR rahox.net.id."
# STATIC RESOLVER
# START HERE
local-data: "images.via.com. 86400 IN A 23.200.179.234"
local-data: "cfs.u-ad.info. 86400 IN A 127.0.0.1"
local-data: "www.hao123.com. 86400 IN A 74.125.68.100"
# fbstatic-a.akamaihd.net
# local-data: "fbstatic-a.akamaihd.net. 86400 IN A 114.4.39.203"
# local-data: "fbstatic-a.akamaihd.net. 86400 IN A 114.4.39.224"
# local-data: "fbstatic-a.akamaihd.net. 86400 IN A 114.4.39.210"
# download.microsoft.com
local-data: "download.microsoft.com. 86400 IN A 184.29.95.47"
local-data: "download.microsoft.com. 86400 IN A 118.98.42.121"
# www2.ati.com
local-data: "www2.ati.com. 86400 IN A 23.51.11.227"
# akamai vimeo
# local-data: "skyfiregcs-a.akamaihd.net. 86400 IN A 118.98.95.82"
# local-data: "skyfiregcs-a.akamaihd.net. 86400 IN A 118.98.95.75"
# local-data: "pdlvimeocdn-a.akamaihd.net. 86400 IN A 118.98.93.48"
# local-data: "pdlvimeocdn-a.akamaihd.net. 86400 IN A 118.98.93.50"
# fbcdn-video - ip 88,97,121,136,146
local-data: "fbcdn-video-a-a.akamaihd.net. 86400 IN A 118.98.42.88"
local-data: "fbcdn-video-b-a.akamaihd.net. 86400 IN A 118.98.42.88"
local-data: "fbcdn-video-c-a.akamaihd.net. 86400 IN A 118.98.42.88"
local-data: "fbcdn-video-d-a.akamaihd.net. 86400 IN A 118.98.42.88"
local-data: "fbcdn-video-e-a.akamaihd.net. 86400 IN A 118.98.42.88"
local-data: "fbcdn-video-f-a.akamaihd.net. 86400 IN A 118.98.42.88"
local-data: "fbcdn-video-g-a.akamaihd.net. 86400 IN A 118.98.42.88"
local-data: "fbcdn-video-h-a.akamaihd.net. 86400 IN A 118.98.42.88"
local-data: "fbcdn-video-i-a.akamaihd.net. 86400 IN A 118.98.42.88"
local-data: "fbcdn-video-j-a.akamaihd.net. 86400 IN A 118.98.42.88"
local-data: "fbcdn-video-k-a.akamaihd.net. 86400 IN A 118.98.42.88"
local-data: "fbcdn-video-l-a.akamaihd.net. 86400 IN A 118.98.42.88"
local-data: "fbcdn-video-m-a.akamaihd.net. 86400 IN A 118.98.42.88"
local-data: "fbcdn-video-n-a.akamaihd.net. 86400 IN A 118.98.42.88"
local-data: "fbcdn-video-o-a.akamaihd.net. 86400 IN A 118.98.42.88"
local-data: "fbcdn-video-p-a.akamaihd.net. 86400 IN A 118.98.42.88"
local-data: "fbcdn-video-a-a.akamaihd.net. 86400 IN A 118.98.42.97"
local-data: "fbcdn-video-b-a.akamaihd.net. 86400 IN A 118.98.42.97"
local-data: "fbcdn-video-c-a.akamaihd.net. 86400 IN A 118.98.42.97"
local-data: "fbcdn-video-d-a.akamaihd.net. 86400 IN A 118.98.42.97"
local-data: "fbcdn-video-e-a.akamaihd.net. 86400 IN A 118.98.42.97"
local-data: "fbcdn-video-f-a.akamaihd.net. 86400 IN A 118.98.42.97"
local-data: "fbcdn-video-g-a.akamaihd.net. 86400 IN A 118.98.42.97"
local-data: "fbcdn-video-h-a.akamaihd.net. 86400 IN A 118.98.42.97"
local-data: "fbcdn-video-i-a.akamaihd.net. 86400 IN A 118.98.42.97"
local-data: "fbcdn-video-j-a.akamaihd.net. 86400 IN A 118.98.42.97"
local-data: "fbcdn-video-k-a.akamaihd.net. 86400 IN A 118.98.42.97"
local-data: "fbcdn-video-l-a.akamaihd.net. 86400 IN A 118.98.42.97"
local-data: "fbcdn-video-m-a.akamaihd.net. 86400 IN A 118.98.42.97"
local-data: "fbcdn-video-n-a.akamaihd.net. 86400 IN A 118.98.42.97"
local-data: "fbcdn-video-o-a.akamaihd.net. 86400 IN A 118.98.42.97"
local-data: "fbcdn-video-p-a.akamaihd.net. 86400 IN A 118.98.42.97"
local-data: "fbcdn-video-a-a.akamaihd.net. 86400 IN A 118.98.42.121"
local-data: "fbcdn-video-b-a.akamaihd.net. 86400 IN A 118.98.42.121"
local-data: "fbcdn-video-c-a.akamaihd.net. 86400 IN A 118.98.42.121"
local-data: "fbcdn-video-d-a.akamaihd.net. 86400 IN A 118.98.42.121"
local-data: "fbcdn-video-e-a.akamaihd.net. 86400 IN A 118.98.42.121"
local-data: "fbcdn-video-f-a.akamaihd.net. 86400 IN A 118.98.42.121"
local-data: "fbcdn-video-g-a.akamaihd.net. 86400 IN A 118.98.42.121"
local-data: "fbcdn-video-h-a.akamaihd.net. 86400 IN A 118.98.42.121"
local-data: "fbcdn-video-i-a.akamaihd.net. 86400 IN A 118.98.42.121"
local-data: "fbcdn-video-j-a.akamaihd.net. 86400 IN A 118.98.42.121"
local-data: "fbcdn-video-k-a.akamaihd.net. 86400 IN A 118.98.42.121"
local-data: "fbcdn-video-l-a.akamaihd.net. 86400 IN A 118.98.42.121"
local-data: "fbcdn-video-m-a.akamaihd.net. 86400 IN A 118.98.42.121"
local-data: "fbcdn-video-n-a.akamaihd.net. 86400 IN A 118.98.42.121"
local-data: "fbcdn-video-o-a.akamaihd.net. 86400 IN A 118.98.42.121"
local-data: "fbcdn-video-p-a.akamaihd.net. 86400 IN A 118.98.42.121"
# login garenaplus messenger
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.172.49"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.207"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.177"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.144"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.174"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.141"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.204"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.173"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.200"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.146"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.172"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.178"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.150"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.188"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.176"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.190"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.148"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.201"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.171"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.175"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.142"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.206"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.186"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.187"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.170"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.143"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.149"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.147"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.189"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.202"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.203"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.145"
local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.205"
# acer
local-data: "global-download.acer.com. 86400 IN A 118.98.37.40"
local-data: "global-download.acer.com. 86400 IN A 118.98.37.50"
# asus
local-data: "dlcdnet.asus.com. 86400 IN A 125.160.18.32"
local-data: "dlcdnet.asus.com. 86400 IN A 125.160.18.35"
local-data: "dlcdnet.asus.com.edgesuite.net. 86400 IN A 125.160.18.32"
local-data: "dlcdnet.asus.com.edgesuite.net. 86400 IN A 125.160.18.35"
# samsung
local-data: "downloadcenter.samsung.com. 86400 IN A 125.160.18.48"
local-data: "downloadcenter.samsung.com. 86400 IN A 125.160.18.33"
# nvidia
local-data: "us.download.nvidia.com. 86400 IN A 125.160.18.48"
local-data: "us.download.nvidia.com. 86400 IN A 125.160.18.33"
# wdc
local-data: "download.wdc.com. 86400 IN A 125.160.18.48"
local-data: "download.wdc.com. 86400 IN A 125.160.18.33"
local-data: "download.wdc.com. 86400 IN A 118.98.93.48"
local-data: "download.wdc.com. 86400 IN A 118.98.93.19"
# adobe
local-data: "get3.adobe.com. 86400 IN A 23.192.114.114"
# oracle
local-data: "download.oracle.com. 86400 IN A 125.160.18.24"
local-data: "download.oracle.com. 86400 IN A 125.160.18.43"
# intel
local-data: "ark.intel.com. 86400 IN A 125.160.18.27"
local-data: "ark.intel.com. 86400 IN A 125.160.18.58"
forward-zone:
name: "dl.garenanow.com"
forward-addr:118.98.44.166
forward-addr:118.98.44.100
forward-zone:
name: "cdn.garenanow.com"
forward-addr:118.98.44.166
forward-addr:118.98.44.100
forward-zone:
name: "akamai.net"
forward-addr:118.98.44.166
forward-addr:114.5.5.77
forward-zone:
name: "google.com"
forward-addr:118.98.44.166
forward-addr:114.5.5.77
forward-zone:
name: "google.co.id"
forward-addr:118.98.44.166
forward-addr:114.5.5.77
forward-zone:
name: "."
forward-addr: 8.8.8.8
forward-addr: 208.67.222.222
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
Sampai di sini sudah selesai, jangan lupa restart service unbound
root@pi:/etc/unbound# /etc/init.d/unbound restart
[ ok ] Restarting unbound (via systemctl): unbound.service.
Jangan lupa seting resolv.conf seperti berikut ini
root@pi:/etc/unbound# cat /etc/resolv.conf
# Generated by resolvconf
nameserver 127.0.0.1
Dan pada network interfaces konfigurasinya ganti seperti berikut
# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
auto lo
iface lo inet loopback
auto eth0
allow-hotplug eth0
iface eth0 inet static
address 172.16.17.18
netmask 255.255.255.252
gateway 172.16.17.17
dns-nameservers 127.0.0.1
Restart interfaces
root@pi:/etc/unbound# /etc/init.d/networking restart
[ok] Restarting networking (via systemctl): networking.service
Sekarang tahap uji coba apakah Unbound telah berjalan sebagaimana mestinya
root@pi:/etc/unbound# nslookup detik.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: detik.com
Address: 203.190.242.69
Name: detik.com
Address: 203.190.241.43
No comments:
Post a Comment