UNBOUND DNS SERVER

1. Installasi DNS UNBOUND
2. OS : Debian Squeeze 6
3. domain : hade.war.net
4. ip 192.168.1.150
5.  
6.  
7. echo deb http://kambing.ui.ac.id/debian/ squeeze main non-free contrib | tee -a /etc/apt/sources.list
8. echo deb-src http://kambing.ui.ac.id/debian/ squeeze main non-free contrib | tee -a /etc/apt/sources.list
9. echo deb http://repo.ajenti.org/debian main main | tee -a /etc/apt/sources.list
10. wget http://repo.ajenti.org/debian/key -O- | apt-key add -
11. apt-get -y update && apt-get -y install unbound ajenti
12. wget -O /etc/unbound/named.cache ftp://FTP.INTERNIC.NET/domain/named.cache
13. unbound-control-setup
14. chown unbound:root /etc/unbound/unbound_*
15. chmod 440 /etc/unbound/unbound_*
16.  
17. mv /etc/unbound/unbound.conf /etc/unbound/unbound.conf.old
18. touch /etc/unbound/unbound.conf
19.  
20. echo "server:
21.         verbosity: 1
22.         statistics-interval: 120
23.         num-threads: 1
24.         interface: 0.0.0.0
25.  
26.         outgoing-range: 512
27.         num-queries-per-thread: 1024
28.  
29.         msg-cache-size: 16m
30.         rrset-cache-size: 32m
31.  
32.         msg-cache-slabs: 4
33.         rrset-cache-slabs: 4
34.  
35.         cache-max-ttl: 86400
36.         infra-host-ttl: 60
37.         infra-lame-ttl: 120
38.        
39.         infra-cache-numhosts: 10000
40.         infra-cache-lame-size: 10k
41.  
42.         do-ip4: yes
43.         do-ip6: no
44.         do-udp: yes
45.         do-tcp: yes
46.         do-daemonize: yes
47.  
48.         # access-control: 0.0.0.0/0 allow
49.         access-control: 192.168.0.0/16 allow
50.         # access-control: 172.16.0.0/12 allow
51.         # access-control: 10.0.0.0/8 allow
52.         access-control: 127.0.0.0/8 allow
53.         access-control: 0.0.0.0/0 refuse
54.      
55.         chroot: \"/etc/unbound\"
56.         username: \"unbound\"
57.         directory: \"/etc/unbound\"
58.         #logfile: \"/etc/unbound/unbound.log\"
59.         #use-syslog: yes
60.         logfile: \"\"
61.         use-syslog: no
62.         pidfile: \"/etc/unbound/unbound.pid\"
63.         root-hints: \"/etc/unbound/named.cache\"
64.      
65.        identity: \"www.hade.war.net\"
66.        version: \"1.4\"
67.        hide-identity: yes
68.        hide-version: yes
69.        harden-glue: yes
70.        do-not-query-address: 127.0.0.1/8
71.        do-not-query-localhost: yes
72.        module-config: \"iterator\"
73.  
74.        #zone localhost
75.        local-zone: \"localhost.\" static
76.        local-data: \"localhost. 10800 IN NS localhost.\"
77.        local-data: \"localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\"
78.        local-data: \"localhost. 10800 IN A 127.0.0.1\"
79.  
80.        local-zone: \"127.in-addr.arpa.\" static
81.        local-data: \"127.in-addr.arpa. 10800 IN NS localhost.\"
82.        local-data: \"127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800\"
83.        local-data: \"1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.\"
84.      
85.        #zone hade.war.net
86.        local-zone: \"hade.war.net.\" static
87.        local-data: \"hade.war.net. 86400 IN NS ns.hade.war.net.\"
88.        local-data: \"hade.war.net. 86400 IN SOA hade.war.net. hostmaster.hade.war.net.  3 3600 1200 604800 86400\"
89.        local-data: \"hade.war.net. 86400 IN A 192.168.1.150\"
90.        local-data: \"www.hade.war.net. 86400 IN A 192.168.1.150\"
91.        local-data: \"ns.hade.war.net. 86400 IN A 192.168.1.150\"
92.      
93.        local-data: \"mail.hade.war.net. 86400 IN A 192.168.1.150\"
94.        local-data: \"hade.war.net. 86400 IN MX 10 mail.hade.war.net.\"
95.        local-data: \"hade.war.net. 86400 IN TXT v=spf1 a mx ~all\"
96.  
97.        local-zone: \"1.168.192.in-addr.arpa.\" static
98.        local-data: \"1.168.192.in-addr.arpa. 10800 IN NS hade.war.net.\"
99.        local-data: \"1.168.192.in-addr.arpa. 10800 IN SOA hade.war.net. hostmaster.hade.war.net. 4 3600 1200 604800 864000\"
100.        local-data: \"150.1.168.192.in-addr.arpa. 10800 IN PTR hade.war.net.\"
101.  
102. forward-zone:
103.        name: \".\"
104.        forward-addr: 8.8.8.8
105.        forward-addr: 8.8.4.4
106.  
107. remote-control:
108.        control-enable: yes
109.        control-interface: 127.0.0.1
110.        control-port: 953
111.        server-key-file: \"/etc/unbound/unbound_server.key\"
112.        server-cert-file: \"/etc/unbound/unbound_server.pem\"
113.        control-key-file: \"/etc/unbound/unbound_control.key\"
114.        control-cert-file: \"/etc/unbound/unbound_control.pem\"" >> /etc/unbound/unbound.conf
115.  
116. unbound-checkconf /etc/unbound/unbound.conf untuk cek error Konfigurasi
117.  
118. IPSERV=$(ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')      
119. HOST_NAME=$(hostname -a)
120. DOMAIN_NAME=$(hostname -d)                 
121.  
122. sleep 1
123.  
124. mv /etc/hosts /etc/hosts_
125. touch /etc/hosts
126.  
127. echo "127.0.0.1     localhost.localdomain     localhost
128. $IPSERV    $HOST_NAME.$DOMAIN_NAME    $HOST_NAME
129. #
130. ::1 localhost   ip6-localhost   ip6-loopback
131. fe00::0 ip6-localnet
132. fe00::0 ip6-mcastprefix
133. ff02:1 ip6-allnodes
134. ff02::2 ip6-allrouters
135. ff02::3 ip6-allhosts" >> /etc/hosts
136. sleep 2
137.  
138. mv /etc/network/interfaces /etc/network/interfaces_
139. sed '1,30{/dns-/d}' /etc/network/interfaces_ >> /etc/network/interfaces
140.  
141. echo "       dns-search hade.war.net
142.       dns-nameservers 127.0.0.1 192.168.1.150 8.8.8.8 8.8.4.4" >> /etc/network/interfaces
143.  
144. sleep 2
145.  
146. reboot