Tulisan sebelumnya cara install unbound 1.4.21 dengan cara menginstall unbound dari source, kali ini kita akan menginstall langsung dari .deb jadi tidak perlu menginstall dependency yang lumayan banyak.

.deb yang akan kita install diambil dari wheezy-backport, untuk menggunakannnya jalankan perintah dibawah ini

 echo 'deb http://http.debian.net/debian wheezy-backports main' >> /etc/apt/sources.list

tanda > ada dua (>>).
Bila anda pernah menginstall Unbound versi sebelumnya uninstall dengan cara

apt-get purge unbound -y

Install unbound 1.4.22 dengan cara

apt-get update
apt-get -t wheezy-backports install "unbound"

Download root.server

wget http://www.internic.net/domain/named.root -O /etc/unbound/root.server

File konfigurasi Unbound berada di /etc/unbound/. Hapus file /etc/unbound/unbound.conf ganti dengan

server:
directory: "/etc/unbound"
root-hints: "/etc/unbound/root.server"
interface: 0.0.0.0
access-control: 0.0.0.0/0 allow
verbosity: 3
hide-identity: yes
hide-version: yes
prefetch: yes
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
num-threads: 1
outgoing-range: 400
so-rcvbuf: 10m
so-sndbuf: 10m
cache-min-ttl: 3600
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: 127.0.0.1/8
# menonaktifkan DNSSEC
module-config: "iterator"
val-permissive-mode: yes
forward-zone:
      name: "."
      forward-addr: 8.8.8.8           # Google Public DNS
      forward-addr: 208.67.222.222    # OpenDNS

simpan, lalu restart unbound

service unbound restart

Troubleshooting
Cek log unbound di /var/log/syslog

tail -f /var/log/syslog

bila muncul error

Nov 17 09:52:14 server unbound-anchor: 139722217105064:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:342:Verify error:certificate has expired
Nov 17 09:52:14 server unbound-anchor: the PKCS7 signature failed
Nov 17 09:52:22 server unbound: [3441:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Nov 17 09:52:22 server unbound: [3441:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Nov 17 09:52:22 server unbound: [3441:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Nov 17 09:52:22 server unbound: [3441:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Nov 17 09:52:22 server unbound: [3441:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Nov 17 09:52:22 server unbound: [3441:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN

ganti file unbound.conf menjadi

server:
directory: "/etc/unbound"
root-hints: "/etc/unbound/root.server"
interface: 0.0.0.0
access-control: 0.0.0.0/0 allow
verbosity: 3
hide-identity: yes
hide-version: yes
prefetch: yes
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
num-threads: 1
outgoing-range: 400
so-rcvbuf: 10m
so-sndbuf: 10m
cache-min-ttl: 3600
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: 127.0.0.1/8

Tulisan menarik lainnya

Leave a comment

Your email address will not be published. Required fields are marked *