Friday, December 24, 2010

unbound





form ucok + rh354

masuk root
apt-get install unbound
cd /etc/unbound
wget ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:root unbound_*
chmod 440 unbound_*


paste unbound.conf

nano /etc/unbound/unbound.conf

server:
         verbosity: 1
         statistics-interval: 120
         num-threads: 1
      statistics-cumulative: yes
         interface: 0.0.0.0

         outgoing-range: 512
         num-queries-per-thread: 1024

         msg-cache-size: 16m
         rrset-cache-size: 32m

         msg-cache-slabs: 4
         rrset-cache-slabs: 4

         cache-max-ttl: 86400
         infra-host-ttl: 60
         infra-lame-ttl: 120
      
         infra-cache-numhosts: 10000
         infra-cache-lame-size: 10k

         do-ip4: yes
         do-ip6: no
         do-udp: yes
         do-tcp: yes
         do-daemonize: yes

         #access-control: 0.0.0.0/0 allow
         access-control: 192.168.0.0/16 allow
         access-control: 172.16.0.0/12 allow
         access-control: 10.0.0.0/8 allow
         access-control: 127.0.0.0/8 allow
         access-control: 0.0.0.0/0 refuse
    
         chroot: "/etc/unbound"
         username: "unbound"
         directory: "/etc/unbound"
         #logfile: "/etc/unbound/unbound.log"
         #use-syslog: yes
         logfile: ""
         use-syslog: no
         pidfile: "/etc/unbound/unbound.pid"
         root-hints: "/etc/unbound/named.cache"
    
        identity: "DNS"
        version: "1.4"
        hide-identity: yes
        hide-version: yes
        harden-glue: yes
        do-not-query-address: 127.0.0.1/8
        do-not-query-localhost: yes
        module-config: "iterator"

        local-zone: "localhost." static
        local-data: "localhost. 10800 IN NS localhost."
        local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
        local-data: "localhost. 10800 IN A 127.0.0.1"

        local-zone: "127.in-addr.arpa." static
        local-data: "127.in-addr.arpa. 10800 IN NS localhost."
        local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
        local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
    
        local-zone: "zitux.org." static
        local-data: "zitux.org. 86400 IN NS ns1.zitux.org."
        local-data: "zitux.org. 86400 IN SOA zitux.org. proxy.zitux.org.  3 3600 1200 604800 86400"
        local-data: "zitux.org. 86400 IN A 192.168.2.2"
        local-data: "www.zitux.org. 86400 IN A 192.168.2.2"
        local-data: "ns1.zitux.org. 86400 IN A 192.168.2.2"
    
        local-data: "mail.zitux.org. 86400 IN A 192.168.2.2"
        local-data: "zitux.org. 86400 IN MX 10 mail.zitux.org."
        local-data: "zitux.org. 86400 IN TXT v=spf1 a mx ~all"

       local-zone: "2.168.192.in-addr.arpa." static
       local-data: "2.168.192.in-addr.arpa. 10800 IN NS zitux.org."
       local-data: "2.168.192.in-addr.arpa. 10800 IN SOA zitux.org. proxy.zitux.org. 4 3600 1200 604800 864000"
       local-data: "2.2.168.192.in-addr.arpa. 10800 IN PTR zitux.org."

forward-zone:
        name: "."
        forward-addr: 180.131.144.144
        forward-addr: 180.131.145.145
        forward-addr: 203.130.208.18
        forward-addr: 202.12.1.10
        forward-addr: 8.8.8.8
        forward-addr: 8.8.4.4

remote-control:
        control-enable: yes
        control-interface: 192.168.2.2
        control-port: 953
        server-key-file: "/etc/unbound/unbound_server.key"
        server-cert-file: "/etc/unbound/unbound_server.pem"
        control-key-file: "/etc/unbound/unbound_control.key"
        control-cert-file: "/etc/unbound/unbound_control.pem"


cek error
unbound-checkconf /etc/unbound/unbound.conf

jalankan
service unbound restart
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)