Langsung tanpa basa-basi :
#whereis unbound
unbound : /usr/ports/dns/unbound
# cd /usr/ports/dns/unbound
# make install clean
jika muncul opsi-opsi klik ok saja alias ambil defaultnya aja sudah cukup
#rehash
#cd /usr/local/etc/unbound
#fetch ftp://FTP.INTERNIC.NET/domain/named.cache
#rehash
#unbound-control-setup
#chown unbound:wheel unbound_*
#chmod 440 unbound_*
#mkdir /usr/local/etc/unbound/dev
#echo "devfs /usr/local/etc/unbound/dev devfs rw 0 0" >> /etc/fstab
#echo 'unbound_enable="YES"' >> /etc/rc.conf
#echo 'devfs_set_rulesets="/usr/local/etc/unbound/dev=unbound_ruleset"' >> /etc/rc.conf
edit /usr/local/etc/unbound/unbound.conf
seperti ini
server:
verbosity: 1
statistics-interval: 120
extended-statistics: yes
statistics-cumulative: yes
num-threads: 1
interface: 0.0.0.0
outgoing-range: 512
num-queries-per-thread: 1024
msg-cache-size: 16m
rrset-cache-size: 32m
msg-cache-slabs: 4
rrset-cache-slabs: 4
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
#ip yang boleh mengakses unbound
access-control: 0.0.0.0/0 refuse
access-control: 192.168.10.0/24 allow
access-control: 192.168.20.0/24 allow
access-control: 192.168.40.0/24 allow
access-control: 192.168.50.0/24 allow
chroot: "/usr/local/etc/unbound"
username: "unbound"
directory: "/usr/local/etc/unbound"
logfile: ""
use-syslog: no
root-hints: "/usr/local/etc/unbound/named.cache"
identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"
#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
#zone jakkom.proxy.net (edit bagian ini sesuai ip proxy dan hostname
local-zone: "jakkom.proxy.net." static
local-data: "jakkom.proxy.net. 86400 IN NS ns1.jakkom.proxy.net."
local-data: "jakkom.proxy.net. 86400 IN SOA jakkom.proxy.net. hostmaster.jakkom.proxy.net. 3 3600 1200 604800 86400"
local-data: "jakkom.proxy.net. 86400 IN A 192.168.40.250"
local-data: "www.jakkom.proxy.net. 86400 IN A 192.168.40.250"
local-data: "ns1.jakkom.proxy.net. 86400 IN A 192.168.40.250"
#pada bagian ini ip proxy di tulis dengan urutan terbalik, perhatikan dengan teliti penulisannya
local-zone: "40.168.192.in-addr.arpa." static
local-data: "40.168.192.in-addr.arpa. 10800 IN NS jakkom.proxy.net."
local-data: "40.168.192.in-addr.arpa. 10800 IN SOA jakkom.proxy.net. hostmaster.jakkom.proxy.net. 4 3600 1200 604800 864000"
local-data: "250.40.168.192.in-addr.arpa. 10800 IN PTR jakkom.proxy.net."
#seting untuk DNS Forward
forward-zone:
name: "."
forward-addr: 202.134.1.10
forward-addr: 202.134.0.155
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
forward-addr: 208.67.222.222
forward-addr: 208.67.220.220
forward-addr: 180.131.144.144
forward-addr: 180.131.145.145
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/usr/local/etc/unbound/unbound_server.key"
server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
control-key-file: "/usr/local/etc/unbound/unbound_control.key"
control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"
edit di /usr/local/etc/squid/squid.conf bagian name server ganti dengan:
nameserver 127.0.0.1
edit di /etc/resolv.conf ganti dengan:
nameserver 127.0.0.1
bikin file dengan nama devfs.rules di /etc
#ee /etc/devfs.rules
####isinya seperti dibawah ini####
[unbound_ruleset=20]
add hide
add path null unhide
add path zero unhide
add path crypto unhide
add path random unhide
add path urandom unhide
simpan dan instalasi unbound selesai :)
#reboot
untuk di mikrotik silahkan bikin NAT untuk direct ke unbound nya..persis dengan direct proxy namun dengan protocol UDP port 53.
cek unbound :
#unbound-control stats
Tidak ada komentar:
Posting Komentar