DNS Cache server

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
santenkelapa
Posts: 182
Joined: 29 Jan 2012, 03:47
Location: pondok labu
Contact:

DNS Cache server

Postby santenkelapa » 22 Mar 2012, 14:20

teman2 sekalian,

Mau tanya ada yang pernah setting DNS cache server tak ..?
kalau ada tolong posting donk sekaligus pengertiannya soalnya saya agak ragu permahamannya ..
mohon bantuannya
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: DNS Cache server

Postby sipelaut » 22 Mar 2012, 15:14

bind9 kah ??
atau unbound kah....??
klo iya !!!
hee....
ane juga lagi mo bikin.. tapi kok gak bisa2 yaa...???
User avatar
santenkelapa
Posts: 182
Joined: 29 Jan 2012, 03:47
Location: pondok labu
Contact:

Re: DNS Cache server

Postby santenkelapa » 03 Apr 2012, 10:37

alhamdulillah, solusinya udah ketemu pake pdnsd
:)

ini untuk jaringan lokal aja sih
User avatar
yonyonas
Posts: 18
Joined: 13 May 2012, 15:52
Contact:

Re: DNS Cache server

Postby yonyonas » 02 Jun 2012, 06:04

pakai unbound aja gan lebih mudah dan lebih simple
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: DNS Cache server

Postby sipelaut » 02 Jun 2012, 20:46

hmm...
bisa disharing disini masbro konfigurasinya ?? dari A - Z heeee...
soalnya ane baca beberapa tutor ada yang ngaktifin shorewall segala nichh. takutnya bentrok dengan setingan iptables yang udah ada ???
User avatar
yonyonas
Posts: 18
Joined: 13 May 2012, 15:52
Contact:

Re: DNS Cache server

Postby yonyonas » 03 Jun 2012, 08:56

maksudnya cara install dns unbound gan
User avatar
yonyonas
Posts: 18
Joined: 13 May 2012, 15:52
Contact:

Re: DNS Cache server

Postby yonyonas » 03 Jun 2012, 09:24

ini langkahnya gan :

apt-get install unbound
cd /etc/unbound
wget ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:root unbound_*
chmod 440 unbound_*

Terus edit Config Unbondnya di :

/etc/unbound/unbound.conf

Dan saya menggunakan ini :

server:
verbosity: 1
statistics-interval: 120
num-threads: 1

interface: 0.0.0.0
outgoing-range: 512
num-queries-per-thread: 1024
msg-cache-size: 32m
rrset-cache-size: 64m
msg-cache-slabs: 4
rrset-cache-slabs: 4
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 20k

do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes

#access-control: 0.0.0.0/0 allow
access-control: 192.168.0.0/16 allow
access-control: 172.16.0.0/12 allow
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 0.0.0.0/0 refuse

chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
#logfile: "/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
#pidfile: "/etc/unbound/unbound.pid"
root-hints: "/etc/unbound/named.cache"

identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"

#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"

local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

#zone lpcnet
local-zone: "lpc.net." static
local-data: "lpc.net. 86400 IN NS ns1.lpc.net."
local-data: "lpc.net. 86400 IN SOA lpc.net. hostmaster.lpc.net. 3 3600 1200 604800 86400"
local-data: "lpc.net. 86400 IN A 192.168.3.2"
local-data: "www.lpc.net. 86400 IN A 192.168.3.2"
local-data: "ns1.lpc.net. 86400 IN A 192.168.3.2"

#local-data: "mail.lpc.net. 86400 IN A 192.168.3.2"
#local-data: "lpc.net. 86400 IN MX 10 mail.lpc.net."
#local-data: "lpc.net. 86400 IN TXT v=spf1 a mx ~all"

local-zone: "3.168.192.in-addr.arpa." static
local-data: "3.168.192.in-addr.arpa. 10800 IN NS lpc.net."
local-data: "3.168.192.in-addr.arpa. 10800 IN SOA lpc.net. hostmaster.lpc.net. 4 3600 1200 604800 864000"
local-data: "2.3.168.192.in-addr.arpa. 10800 IN PTR lpc.net."

forward-zone:
name: "."
forward-addr: 203.130.196.5
forward-addr: 203.130.193.74
forward-addr: 222.124.204.34
forward-addr: 203.130.196.6
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
forward-addr: 202.134.0.155
forward-addr: 203.130.196.155
forward-addr: 202.134.0.61
forward-addr: 125.160.2.226
forward-addr: 202.134.1.10
forward-addr: 125.160.4.82
forward-addr: 61.94.192.12
forward-addr: 125.160.2.162
forward-addr: 203.130.206.250
forward-addr: 203.130.208.18
forward-addr: 203.130.209.242
forward-addr: 202.134.0.62
forward-addr: 222.124.18.62
forward-addr: 203.130.193.75
forward-addr: 202.134.1.5
forward-addr: 202.134.1.7
forward-addr: 125.160.14.189

remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"

Untuk local data sesuaikan dengan IP yang anda install Unbond terus silahkan cek filenya dl siapa tau ada yang error dengan perintah:

unbound-checkconf /etc/unbound/unbound.conf

Dan anda rubah setting nameserver di pc yang anda install unbound (ubuntu server anda)

/etc/resolv.conf
anda ganti dengan ini : nameserver 127.0.0.1

Terus restart unbond:

/etc/init.d/unbound restart

sekarang tes via terminal (consul di ubuntu)

root@lpcnet :~# nslookup 192.168.3.2 (sesuaikan dengan ip anda)

maka hasilnya akan seperti ini :

root@lpcnet :~# nslookup 192.168.3.2
Server: 127.0.0.1
Address: 127.0.0.1#53

2.3.168.192.in-addr.arpa name = lpc.net.

kalau hasil dah seperti itu berarti unbond dah jalan terus anda restart unbond

/etc/init.d/unbound restart

jika tulisan sudah [OK] berarti sobat berhasil menngInstall DNS Unbound
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: DNS Cache server

Postby sipelaut » 04 Jun 2012, 09:43

bukan masbrooo
maksud saya installasi pdnsd
soalnya saya liat tutornya ada yang ngidupin shorewall segala
apa gak bentork tuchh ama iptables
atau memang gak harus ngidupin shorewall.. ???
User avatar
yonyonas
Posts: 18
Joined: 13 May 2012, 15:52
Contact:

Re: DNS Cache server

Postby yonyonas » 06 Jun 2012, 13:09

wah maaf kalau pdnsd saya blm pernah coba
User avatar
yonyonas
Posts: 18
Joined: 13 May 2012, 15:52
Contact:

Re: DNS Cache server

Postby yonyonas » 06 Jun 2012, 13:11

Dan saya pribadi lebih condong ke dns unbond soalnya sebab selama ini belum pernah ada kendala dan belum coba yang anda sebut itu
User avatar
n4z4r
Posts: 14
Joined: 29 Feb 2012, 22:47

Re: DNS Cache server

Postby n4z4r » 09 Jun 2012, 20:02

Tampilkan
yonyonas wrote:ini langkahnya gan :

apt-get install unbound
cd /etc/unbound
wget ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:root unbound_*
chmod 440 unbound_*

Terus edit Config Unbondnya di :

/etc/unbound/unbound.conf

Dan saya menggunakan ini :

server:
verbosity: 1
statistics-interval: 120
num-threads: 1

interface: 0.0.0.0
outgoing-range: 512
num-queries-per-thread: 1024
msg-cache-size: 32m
rrset-cache-size: 64m
msg-cache-slabs: 4
rrset-cache-slabs: 4
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 20k

do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes

#access-control: 0.0.0.0/0 allow
access-control: 192.168.0.0/16 allow
access-control: 172.16.0.0/12 allow
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 0.0.0.0/0 refuse

chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
#logfile: "/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
#pidfile: "/etc/unbound/unbound.pid"
root-hints: "/etc/unbound/named.cache"

identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"

#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"

local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

#zone lpcnet
local-zone: "lpc.net." static
local-data: "lpc.net. 86400 IN NS ns1.lpc.net."
local-data: "lpc.net. 86400 IN SOA lpc.net. hostmaster.lpc.net. 3 3600 1200 604800 86400"
local-data: "lpc.net. 86400 IN A 192.168.3.2"
local-data: "www.lpc.net. 86400 IN A 192.168.3.2"
local-data: "ns1.lpc.net. 86400 IN A 192.168.3.2"

#local-data: "mail.lpc.net. 86400 IN A 192.168.3.2"
#local-data: "lpc.net. 86400 IN MX 10 mail.lpc.net."
#local-data: "lpc.net. 86400 IN TXT v=spf1 a mx ~all"

local-zone: "3.168.192.in-addr.arpa." static
local-data: "3.168.192.in-addr.arpa. 10800 IN NS lpc.net."
local-data: "3.168.192.in-addr.arpa. 10800 IN SOA lpc.net. hostmaster.lpc.net. 4 3600 1200 604800 864000"
local-data: "2.3.168.192.in-addr.arpa. 10800 IN PTR lpc.net."

forward-zone:
name: "."
forward-addr: 203.130.196.5
forward-addr: 203.130.193.74
forward-addr: 222.124.204.34
forward-addr: 203.130.196.6
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
forward-addr: 202.134.0.155
forward-addr: 203.130.196.155
forward-addr: 202.134.0.61
forward-addr: 125.160.2.226
forward-addr: 202.134.1.10
forward-addr: 125.160.4.82
forward-addr: 61.94.192.12
forward-addr: 125.160.2.162
forward-addr: 203.130.206.250
forward-addr: 203.130.208.18
forward-addr: 203.130.209.242
forward-addr: 202.134.0.62
forward-addr: 222.124.18.62
forward-addr: 203.130.193.75
forward-addr: 202.134.1.5
forward-addr: 202.134.1.7
forward-addr: 125.160.14.189

remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"

Untuk local data sesuaikan dengan IP yang anda install Unbond terus silahkan cek filenya dl siapa tau ada yang error dengan perintah:

unbound-checkconf /etc/unbound/unbound.conf

Dan anda rubah setting nameserver di pc yang anda install unbound (ubuntu server anda)

/etc/resolv.conf
anda ganti dengan ini : nameserver 127.0.0.1

Terus restart unbond:

/etc/init.d/unbound restart

sekarang tes via terminal (consul di ubuntu)

root@lpcnet :~# nslookup 192.168.3.2 (sesuaikan dengan ip anda)

maka hasilnya akan seperti ini :

root@lpcnet :~# nslookup 192.168.3.2
Server: 127.0.0.1
Address: 127.0.0.1#53

2.3.168.192.in-addr.arpa name = lpc.net.

kalau hasil dah seperti itu berarti unbond dah jalan terus anda restart unbond

/etc/init.d/unbound restart

jika tulisan sudah [OK] berarti sobat berhasil menngInstall DNS Unbound



192.168.3.2 itu IP Ubuntu Bapak ya?
kalau iya, apa yg berbau 192.168.3.2 itu harus di ganti. misalnya 2.3.168.192 itu?
User avatar
yonyonas
Posts: 18
Joined: 13 May 2012, 15:52
Contact:

Re: DNS Cache server

Postby yonyonas » 10 Jun 2012, 06:36

Ya (192.168.3.2)=merupakan IP tempat kita install DNS unbound
User avatar
duddy
Posts: 12
Joined: 29 Jun 2012, 02:26
Location: jakarta

Re: DNS Cache server

Postby duddy » 03 Oct 2012, 02:58

lagi nyimak gan ....
User avatar
blackshirt
Posts: 2336
Joined: 02 Jan 2010, 17:00
Location: Solo dan Kebumen
Contact:

Re: DNS Cache server

Postby blackshirt » 03 Oct 2012, 09:05

dnsmasq dah default :D
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: DNS Cache server

Postby q_p » 14 Oct 2012, 17:06

@yonyonas =

Code: Select all

/etc/init.d/unbound restart
atau
service unbound restart

muncul =

Code: Select all

/etc/init.d/unbound restart
* Restarting recursive DNS server unbound
unbound[1109:0] warning: did not exit gracefully last time (892)      [ OK ]

Saya lebih prefer menggunakan =

Code: Select all

unbound-control stop
dan
unbound-control start

Silahkan dicoba.....
User avatar
jail
Posts: 162
Joined: 19 May 2010, 10:14
Location: jakarta

Re: DNS Cache server

Postby jail » 20 Oct 2012, 17:31

ternyata lbh ribet ya.. drp config Bind9 :(
apa karena gw yg kurang familiar ama unbound :D

thanks atas sharing nya..
User avatar
kernelpanic
Posts: 15
Joined: 18 Sep 2011, 21:14
Location: behind the shell

Re: DNS Cache server

Postby kernelpanic » 20 Oct 2012, 21:24

dari sisi resource memori dns server mana ya yang lebih ringan ?
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: DNS Cache server

Postby q_p » 20 Oct 2012, 22:47

@ Mas Jail dan KernelPanic
Barangkali tertarik, monggo ke sini dan sini.
User avatar
jail
Posts: 162
Joined: 19 May 2010, 10:14
Location: jakarta

Re: DNS Cache server

Postby jail » 21 Oct 2012, 13:52

pragola_pati wrote:@ Mas Jail dan KernelPanic
Barangkali tertarik, monggo ke sini dan sini.


sepertinya mas pagoda ini mastah dalam bidang server GNU/Linux
semoga berkenan meracuni semua pengguna di sini, dengan ilmunya

alangkah baik nya kita nbahas semuanya di sini saja, agar bisa kita jadikan semacam catetan atau dokumentasi :D

bagaimana kalau kita bahsa unbound di sini saja??
============================================================

sudikah mas pagda sharing tentang unbound di sini?
kalau bisa sih berkas configurasinya, sedikit di share dimarih, agar kita bisa membahas nya pelan2 :D

dari link yg mas kasih, saya tertarik dengan kalimat ini;
"Unbound DNS cluster with BIND or NSD master server"

sorry "im bad english :("

kira2 selain menawarkan kecepatan, apa lagi yg dapat di tawarkan oleh unbound.

pada ubound, apakah mengenal istilah primary dal slave DNS ?
dapatkan unbound melayani request DNS sendiri (berdiri sendiri), tanpa perlu mengajukan request ke "root DNS"? (dalam kasus ini, unbound hanya melayani permintaan DNS local"

mohon petunjuk dan arahan nya

salam,
jail
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: DNS Cache server

Postby q_p » 22 Oct 2012, 13:09

@jail.
sepertinya mas pagoda ini mastah dalam bidang server GNU/Linux
Wah, masih jauh mas. Saya juga bisa-nya dari forum ini kok.

kira2 selain menawarkan kecepatan, apa lagi yg dapat di tawarkan oleh unbound.
Dari yang yang baca2, Unbound itu ="cepat, handal, stabil dan sangat aman". Dan yang saya catat/sukai, Unbound mendukung multi-thread. Berikut contoh statistik yang saya ambil pada saat 3 user/client yang aktif =

Code: Select all

root@warnetersa:~# unbound-control stats
thread0.num.queries=8
thread0.num.cachehits=7
thread0.num.cachemiss=1
thread0.num.recursivereplies=1
thread0.requestlist.avg=0
thread0.requestlist.max=0
thread0.requestlist.overwritten=0
thread0.requestlist.exceeded=0
thread0.requestlist.current.all=0
thread0.requestlist.current.user=0
thread0.recursion.time.avg=0.126261
thread0.recursion.time.median=0
thread1.num.queries=8
thread1.num.cachehits=6
thread1.num.cachemiss=2
thread1.num.recursivereplies=2
thread1.requestlist.avg=0
thread1.requestlist.max=0
thread1.requestlist.overwritten=0
thread1.requestlist.exceeded=0
thread1.requestlist.current.all=0
thread1.requestlist.current.user=0
thread1.recursion.time.avg=0.174564
thread1.recursion.time.median=0
thread2.num.queries=27
thread2.num.cachehits=27
thread2.num.cachemiss=0
thread2.num.recursivereplies=0
thread2.requestlist.avg=0
thread2.requestlist.max=0
thread2.requestlist.overwritten=0
thread2.requestlist.exceeded=0
thread2.requestlist.current.all=0
thread2.requestlist.current.user=0
thread2.recursion.time.avg=0.000000
thread2.recursion.time.median=0
thread3.num.queries=9
thread3.num.cachehits=9
thread3.num.cachemiss=0
thread3.num.recursivereplies=0
thread3.requestlist.avg=0
thread3.requestlist.max=0
thread3.requestlist.overwritten=0
thread3.requestlist.exceeded=0
thread3.requestlist.current.all=0
thread3.requestlist.current.user=0
thread3.recursion.time.avg=0.000000
thread3.recursion.time.median=0
total.num.queries=52
total.num.cachehits=49
total.num.cachemiss=3
total.num.recursivereplies=3
total.requestlist.avg=0
total.requestlist.max=0
total.requestlist.overwritten=0
total.requestlist.exceeded=0
total.requestlist.current.all=0
total.requestlist.current.user=0
total.recursion.time.avg=0.158463
total.recursion.time.median=0
time.now=1350885111.726615
time.up=301502.743911
time.elapsed=1430.360619


pada ubound, apakah mengenal istilah primary dal slave DNS ?
Tidak seperti Bind, setahu saya Unbound tidak ada fitur Primary-Slave. Tetapi bisa memanfaatkan BIND (named) atau NSD (Name Server Daemon) sebagai authoritative DNS. Yang terakhir ini, saya tidak pernah coba.

dapatkan unbound melayani request DNS sendiri (berdiri sendiri), tanpa perlu mengajukan request ke "root DNS"? (dalam kasus ini, unbound hanya melayani permintaan DNS local"
Kalau yang dimaksud adalah root.hints di Unbound atau db.root di Bind, kayaknya kok gak bisa ya.
CMIIW dan smoga membantu.

Return to “Ubuntu Server”

Who is online

Users browsing this forum: veryvan and 14 guests