Install Unbound Di Ubuntu

Bagi kalangan para squider mungkin dah ga’ asing lagi dengan nama PDNSD, BIND, DNSMASQ dll yang gunanya sebagai dns resolver. Kali ini gw akan mencoba menggunakan unbound sebagai pengganti DNS resolver diatas

sebelum melangkah lebih jauh silahkan ditengok graphic dibawah ini Unbound

okey langsung saja dimulai tahap instalasinya di ubuntu.cukup simpel koq

$ sudo apt-get install unbound

klo udah silahkan lakukan konfigurasi file dibawah ini :

$ cd /etc/unbound

$ sudo wget  ftp://FTP.INTERNIC.NET/domain/named.cache

$ sudo unbound-control-setup
$ sudo chown unbound:root unbound_*
$ sudo chmod 440 unbound_*

sesuaikan config **/etc/unbound/unbound.conf**, dan servis dns lainnya **(bind/dnsmasq dll)** harus di **stop** agar tidak bentrok) sekarang kita konfigurasi isi unboundnya. silahkan disesuaikan bagi yang mencobanya

$ sudo vi /etc/unbound/unbound.conf

	server:
	verbosity: 1
	statistics-interval: 120
	num-threads: 1
	interface: 0.0.0.0

	outgoing-range: 512
	num-queries-per-thread: 1024

	msg-cache-size: 16m
	rrset-cache-size: 32m

	msg-cache-slabs: 4
	rrset-cache-slabs: 4

	cache-max-ttl: 86400
	infra-host-ttl: 60
	infra-lame-ttl: 120

	infra-cache-numhosts: 10000
	infra-cache-lame-size: 10k

	do-ip4: yes
	do-ip6: no
	do-udp: yes
	do-tcp: yes
	do-daemonize: yes

	#access-control: 0.0.0.0/0 allow
	access-control: 192.168.100.0/27 allow
	#access-control: 172.16.0.0/12 allow
	#access-control: 10.0.0.0/8 allow
	access-control: 127.0.0.0/8 allow
	access-control: 0.0.0.0/0 refuse

	chroot: "/usr/local/etc/unbound"
	username: "unbound"
	directory: "/usr/local/etc/unbound"
	#logfile: "/usr/local/etc/unbound/unbound.log"
	#use-syslog: yes
	logfile: ""
	use-syslog: no
	pidfile: "/usr/local/etc/unbound/unbound.pid"
	root-hints: "/usr/local/etc/unbound/named.cache"

	identity: "DNS"
	version: "1.4"
	hide-identity: yes
	hide-version: yes
	harden-glue: yes
	do-not-query-address: 127.0.0.1/8
	do-not-query-localhost: yes
	module-config: "iterator"

	#zone localhost
	local-zone: "localhost." static
	local-data: "localhost. 10800 IN NS localhost."
	local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
	local-data: "localhost. 10800 IN A 127.0.0.1"

	local-zone: "127.in-addr.arpa." static
	local-data: "127.in-addr.arpa. 10800 IN NS localhost."
	local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
	local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

	#zone dns.indolini.org
	#local-zone: "dns.indolini.org." static
	#local-data: "dns.indolini.org. 86400 IN NS ns1.dns.indolini.org."
	#local-data: "dns.indolini.org. 86400 IN SOA dns.indolini.org. hostmaster.dns.indolini.org. 3 3600 1200 604800 86400"
	#local-data: "dns.indolini.org. 86400 IN A 192.168.xx.xx"
	#local-data: "www.dns.indolini.org. 86400 IN A 192.168.xx.xx"
	#local-data: "ns1.dns.indolini.org. 86400 IN A 192.168.xx.xx"

	#local-data: "mail.dns.indolini.org. 86400 IN A 192.168.100.5"
	#local-data: "dns.indolini.org. 86400 IN MX 10 mail.dns.indolini.org."
	#local-data: "dns.indolini.org. 86400 IN TXT v=spf1 a mx ~all"

	#local-zone: "xx.168.192.in-addr.arpa." static
	#local-data: "xx.168.192.in-addr.arpa. 10800 IN NS dns.indolini.org."
	#local-data: "xx.168.192.in-addr.arpa. 10800 IN SOA dns.indolini.org. hostmaster.dns.indolini.org. 4 3600 1200 604800 864000"
	#local-data: "xx.xx.168.192.in-addr.arpa. 10800 IN PTR dns.indolini.org."

	forward-zone:
	name: "."
	forward-addr: 8.8.8.8
	forward-addr: 8.8.4.4

	remote-control:
	control-enable: yes
	control-interface: 127.0.0.1
	control-port: 953
	server-key-file: "/usr/local/etc/unbound/unbound_server.key"
	server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
	control-key-file: "/usr/local/etc/unbound/unbound_control.key"
	control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"

view raw unbound.conf hosted with ❤ by GitHub

klo udah silahkan cek filenya dl siapa tau ada yang error dengan perintah

$ sudo unbound-checkconf /etc/unbound/unbound.conf

yang gw kasih tanda pagar silahkan sesuaikan dengan ip(yg ada **xx**nya) dan zonenya masing2. untuk modem ato yang pake dhcp silahkan dipagar aja di depan masing2 kalimat yang gw bold diatas klo udah silahkan restart unboundnya

$ sudo /etc/init.d/unbound restart

sekarang tes (asumsi dah jalan)

root@indolini:~$ nslookup 192.168.xx.xx
Server: 127.0.0.1
Address: 127.0.0.1#53

x.xx.168.192.in-addr.arpa name = dns.indolini.org.

root@indolini:~$ nslookup dns.indolini.org
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: dns.indolini.org
Address: 192.168.xx.xx

klo udah silahkan tambahkan dns localhost di squid.conf nya

dns_nameservers 127.0.0.1

lalu rekonfigurasi ulang squidnya (dah tau jg khan perintahnya ) untuk melihat performanya silahkan di cek dengan perintah ini

$ sudo unbound-control stats

klo ada kesalahan mohon maaf yah soalnya nubi baru mempelajari unbound selama 1 hari itupun dengan modal nekat trial dan error untuk slackware bisa di link [berikut](/blog/tutorial/compile-unbound-di-slackware)