Install unbound di freebsd –
#
#
#
#
named.cache 100% of 3048 B 10 MBps
#
#
#
pkg_add -rv unbound#
cd /usr/local/etc/unbound#
cd /usr/local/etc/unbound#
fetch ftp://FTP.INTERNIC.NET/domain/named.cachenamed.cache 100% of 3048 B 10 MBps
#
rehash#
unbound-control-setup
Hasilnya akan terlihat di consol seperti berikut
setup in directory /usr/local/etc/unbound
generating unbound_server.key
Generating RSA private key, 1536 bit long modulus
............................++++
......++++
e is 65537 (0x10001)
generating unbound_control.key
Generating RSA private key, 1536 bit long modulus
.......++++
..................................................................................................................++++
e is 65537 (0x10001)
create unbound_server.pem (self signed certificate)
create unbound_control.pem (signed client certificate)
Signature ok
subject=/CN=unbound-control
Getting CA Private Key
Setup success. Certificates created. Enable in unbound.conf file to use#
chown unbound:wheel unbound_*#
chmod 440 unbound_*#
mkdir /usr/local/etc/unbound/devtambah unbound_enable="YES"' /etc/rc.conf#
paste unbound.conf
server:
verbosity: 1
statistics-interval: 120
num-threads: 1
interface: 0.0.0.0
outgoing-range: 950 #1900
num-queries-per-thread: 1024 #2048
msg-cache-size: 50m
rrset-cache-size: 100m
msg-cache-slabs: 4
rrset-cache-slabs: 4
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
access-control: 0.0.0.0/0 allow
#access-control: 192.168.0.0/16 allow
#access-control: 172.16.0.0/12 allow
#access-control: 10.0.0.0/8 allow
#access-control: 127.0.0.0/8 allow
#access-control: 0.0.0.0/0 refuse
chroot: "/usr/local/etc/unbound"
username: "unbound"
directory: "/usr/local/etc/unbound"
#logfile: "/usr/local/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
#pidfile: "/usr/local/etc/unbound/unbound.pid"
root-hints: "/usr/local/etc/unbound/named.cache"
identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"
#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
#zone ubn.net
local-zone: "unix.net." static
local-data: "unix.net. 86400 IN NS ns1.unix.net."
local-data: "unix.net. 86400 IN SOA unix.net. hostmaster.unix.net. 3 3600 1200 604800 86400"
local-data: "unix.net. 86400 IN A 192.168.3.2"
local-data: "www.unix.net. 86400 IN A 192.168.3.2"
local-data: "ns1.unix.net. 86400 IN A 192.168.3.2"
#local-data: "mail.unix.net. 86400 IN A 192.168.3.2"
#local-data: "unix.net. 86400 IN MX 10 mail.unix.net."
#local-data: "unix.net. 86400 IN TXT v=spf1 a mx ~all"
local-zone: "192.168.3.in-addr.arpa." static
local-data: "192.168.3.in-addr.arpa. 10800 IN NS unix.net."
local-data: "192.168.3.in-addr.arpa. 10800 IN SOA unix.net. hostmaster.unix.net. 4 3600 1200 604800 864000"
local-data: "2.3.168.192.in-addr.arpa. 10800 IN PTR unix.net."
forward-zone:
name: "."
forward-addr: 202.134.1.10 #surabaya
forward-addr: 202.134.1.5 #surabaya sec
forward-addr: 180.131.144.144 #nawala
forward-addr: 125.160.2.34
forward-addr: 8.8.8.8 #google
# forward-addr: 208.67.222.222 #opendns
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/usr/local/etc/unbound/unbound_server.key"
server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
control-key-file: "/usr/local/etc/unbound/unbound_control.key"
control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"
sumber copas edit
No comments:
Post a Comment