namanya DNS resolver. Tanya mbah google aja ya tentang apa itu DNS resolver?
:D
Bagi saya yang telah terbiasa dengan DNS resolver bawaan mikrotik (dulu
pakenya karena segi kepraktisan saja, tidak ada yang lain :D ), sejalan
dengan bertambahnya cpu untuk kepentingan pengaturan internet kantor (tambah
satu buat Proxy, saya pake OS FreeBSD yang didalamnya ditanam Lusca HEAD
cache) ditambah racun dari
forum mikrotik indonesia maka diputuskan untuk mencobanya. Untuk caranya
(dalam hal ini di FreeBSD) bisa merujuk ke link tadi atau bisa dilihat di
hasil copas ini (credit to bro siber @ forummikrotik[dot]com) :
cara install ::D
Bagi saya yang telah terbiasa dengan DNS resolver bawaan mikrotik (dulu
pakenya karena segi kepraktisan saja, tidak ada yang lain :D ), sejalan
dengan bertambahnya cpu untuk kepentingan pengaturan internet kantor (tambah
satu buat Proxy, saya pake OS FreeBSD yang didalamnya ditanam Lusca HEAD
cache) ditambah racun dari
forum mikrotik indonesia maka diputuskan untuk mencobanya. Untuk caranya
(dalam hal ini di FreeBSD) bisa merujuk ke link tadi atau bisa dilihat di
hasil copas ini (credit to bro siber @ forummikrotik[dot]com) :
cd /usr/ports/dns/unbound make config (centang Libevent & Thread) make install clean cd /usr/local/etc/unbound fetch ftp://FTP.INTERNIC.NET/domain/named.cache unbound-control-setup chown unbound:wheel unbound_* chmod 440 unbound_* mkdir /usr/local/etc/unbound/dev echo "devfs /usr/local/etc/unbound/dev devfs rw \ 0 0" >> /etc/fstab echo 'unbound_enable="YES"' >> /etc/rc.conf echo 'devfs_set_rulesets="/usr/local/etc/unbound/dev=unbound_ruleset"' \ >> /etc/rc.conf
cara config:
verbosity: 5 statistics-interval: 120 num-threads: 2 interface: 0.0.0.0 outgoing-range: 512 num-queries-per-thread: 1024 msg-cache-size: 16m rrset-cache-size: 32m msg-cache-slabs: 4 rrset-cache-slabs: 4 cache-max-ttl: 86400 infra-host-ttl: 60 infra-lame-ttl: 120 infra-cache-numhosts: 10000 infra-cache-lame-size: 10k do-ip4: yes do-ip6: no do-udp: yes do-tcp: yes do-daemonize: yes access-control: 0.0.0.0/0 allow access-control: 127.0.0.0/8 allow chroot: "/usr/local/etc/unbound" username: "unbound" directory: "/usr/local/etc/unbound" #logfile: "/usr/local/etc/unbound/unbound.log" #use-syslog: yes logfile: "" use-syslog: no pidfile: "/usr/local/etc/unbound/unbound.pid" root-hints: "/usr/local/etc/unbound/named.cache" identity: "DNS" version: "1.0" hide-identity: yes hide-version: yes harden-glue: yes do-not-query-address: 127.0.0.1/8 do-not-query-localhost: yes module-config: "iterator" local-zone: "localhost." static local-data: "localhost. 10800 IN NS localhost." local-data: "localhost. 10800 IN SOA localhost. \ nobody.invalid. 1 3600 1200 604800 10800" local-data: "localhost. 10800 IN A 127.0.0.1" local-zone: "127.in-addr.arpa." static local-data: "127.in-addr.arpa. 10800 IN NS localhost." local-data: "127.in-addr.arpa. 10800 IN SOA localhost. \ nobody.invalid. 2 3600 1200 604800 10800" local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost." local-zone: "xxxxx.net." static local-data: "xxxxx.net. 86400 IN NS ns1.xxxxx.net." local-data: "xxxxx.net. 86400 IN NS ns2.xxxxx.net." local-data: "xxxxx.net. 86400 IN SOA xxxxx.net. \ hostmaster.xxxxx.net.net. 3 3600 1200 604800 86400" local-data: "xxxxx.net. 86400 IN A 172.16.17.2" local-data: "www.xxxxx.net. 86400 IN A 172.16.17.2" local-data: "ns1.xxxxx.net. 86400 IN A 172.16.17.2" local-data: "ns1.xxxxx.net. 86400 IN A 172.16.17.20" local-data: "mail.x.x.x.net. 86400 IN A 192.168.70.1" local-data: "xxxxx.net. 86400 IN MX 10 mail.xxxxx.net." local-data: "xxxxx.net. 86400 IN TXT v=spf1 a mx ~all" local-zone: "17.16.172.in-addr.arpa." static local-data: "17.16.172.in-addr.arpa. 10800 IN NS xxxxx.net." local-data: "17.16.172.in-addr.arpa. 10800 IN SOA xxxxx.net. \ hostmaster.xxxxx.net. 4 3600 1200 604800 864000" local-data: "2.17.16.172.in-addr.arpa. 10800 IN PTR xxxxx.net." local-data: "3.17.16.172.in-addr.arpa. 10800 IN PTR nms.xxxxx.net." local-data: "4.17.16.172.in-addr.arpa. 10800 IN PTR sadewa.xxxxx.net." forward-zone: name: "." forward-addr: 202.155.x.x forward-addr: 202.155.x.x remote-control: control-enable: yes control-interface: 127.0.0.1 control-port: 953 server-key-file: "/usr/local/etc/unbound/unbound_server.key" server-cert-file: "/usr/local/etc/unbound/unbound_server.pem" control-key-file: "/usr/local/etc/unbound/unbound_control.key" control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"Cara Pakainya :
arahkan semua client untuk menggunakan DNS server dengan IP dimana unbound diinstall, semisal unbound diinstall di komputer dengan IP 192.168.0.200, maka DNS komputer client di isi dengan ip 192.168.0.200
0 comments:
Posting Komentar