DNS Unbound High Performance

Tested on OS ubuntu ram 1Gb, (include servis squid, apache2, & mrtg squid)
Install Paket Yang dibutuhkan

apt-get install build-essential libssl-dev

Setelah selesai install paket selanjutnya

apt-get install unbound

cd /etc/unbound

wget  ftp://FTP.INTERNIC.NET/domain/named.cache

unbound-control-setup

Selanjutnya buat user dan grup untuk Unbound

groupadd unbound
useradd -d /var/unbound -m -g unbound -s /bin/false unbound

dan sesuaikan config /etc/unbound/unbound.conf, dan servis dns lainnya (bind/dnsmasq dll) harus di stop agar tidak bentrok)

vi /etc/init.d/unbound

server:

 verbosity: 1

 statistics-interval: 120

 num-threads: 1

 interface: 0.0.0.0

outgoing-range: 512

 num-queries-per-thread: 1024

msg-cache-size: 16m

 rrset-cache-size: 32m

msg-cache-slabs: 4

 rrset-cache-slabs: 4

cache-max-ttl: 86400

 infra-host-ttl: 60

 infra-lame-ttl: 120

infra-cache-numhosts: 10000

 infra-cache-lame-size: 10k

do-ip4: yes

 do-ip6: no

 do-udp: yes

 do-tcp: yes

 do-daemonize: yes

#access-control: 0.0.0.0/0 allow

 access-control: 192.168.0.0/16 allow

 access-control: 172.16.0.0/12 allow

 access-control: 10.0.0.0/8 allow

 access-control: 127.0.0.0/8 allow

 access-control: 0.0.0.0/0 refuse

chroot: “/etc/unbound”

 username: “unbound”

 directory: “/etc/unbound”

 #logfile: “/etc/unbound/unbound.log”

 #use-syslog: yes

 logfile: “”

 use-syslog: no

 pidfile: “/etc/unbound/unbound.pid”

 root-hints: “/etc/unbound/named.cache”

identity: “DNS”

 version: “1.4″

 hide-identity: yes

 hide-version: yes

 harden-glue: yes

 do-not-query-address: 127.0.0.1/8

 do-not-query-localhost: yes

 module-config: “iterator”

#zone localhost

 local-zone: “localhost.” static

 local-data: “localhost. 10800 IN NS localhost.”

 local-data: “localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800″

 local-data: “localhost. 10800 IN A 127.0.0.1″

local-zone: “127.in-addr.arpa.” static

 local-data: “127.in-addr.arpa. 10800 IN NS localhost.”

 local-data: “127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800″

 local-data: “1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.”

#zone warnet-sudiro.net

 local-zone: “warnet-sudiro.net.” static

 local-data: “warnet-sudiro.net. 86400 IN NS ns1.warnet-sudiro.net.”

 local-data: “warnet-sudiro.net. 86400 IN SOA warnet-sudiro.net. hostmaster.warnet-sudiro.net.  3 3600 1200 604800 86400″

 local-data: “warnet-sudiro.net. 86400 IN A 192.168.100.2″

 local-data: “www.warnet-sudiro.net. 86400 IN A 192.168.100.2″

 local-data: “ns1.warnet-sudiro.net. 86400 IN A 192.168.100.2″

local-data: “mail.warnet-sudiro.net. 86400 IN A 192.168.100.5″

 local-data: “warnet-sudiro.net. 86400 IN MX 10 mail.warnet-sudiro.net.”

 local-data: “warnet-sudiro.net. 86400 IN TXT v=spf1 a mx ~all”

local-zone: “100.168.192.in-addr.arpa.” static

 local-data: “100.168.192.in-addr.arpa. 10800 IN NS warnet-sudiro.net.”

 local-data: “100.168.192.in-addr.arpa. 10800 IN SOA warnet-sudiro.net. hostmaster.warnet-sudiro.net. 4 3600 1200 604800 864000″

 local-data: “2.100.168.192.in-addr.arpa. 10800 IN PTR warnet-sudiro.net.”

forward-zone:

 name: “.”

 forward-addr: 202.134.1.10

 forward-addr: 222.124.204.34

 forward-addr: 202.134.0.155

remote-control:

 control-enable: yes

 control-interface: 127.0.0.1

 control-port: 953

 server-key-file: “/etc/unbound/unbound_server.key”

 server-cert-file: “/etc/unbound/unbound_server.pem”

 control-key-file: “/etc/unbound/unbound_control.key”

 control-cert-file: “/etc/unbound/unbound_control.pem”

 root@ubuntu:~# /etc/init.d/unbound restart
root@ubuntu:~# nslookup 192.168.100.2

Server: 127.0.0.1

 Address: 127.0.0.1#53

2.00.168.192.in-addr.arpa name = warnet-sudiro.net.

root@ubuntu:~# nslookup warnet-sudiro.net

Server: 127.0.0.1

 Address: 127.0.0.1#53

Name: warnet-sudiro.net

 Address: 192.168.100.2

root@ubuntu:~#unbound-control stats

thread0.num.queries=38

thread0.num.cachehits=7

thread0.num.cachemiss=31

thread0.num.recursivereplies=31

thread0.requestlist.avg=0.129032

thread0.requestlist.max=1

thread0.requestlist.overwritten=0

thread0.requestlist.exceeded=0

thread0.requestlist.current.all=0

thread0.requestlist.current.user=0

thread0.recursion.time.avg=0.088811

thread0.recursion.time.median=0.0185685

thread1.num.queries=10

thread1.num.cachehits=1

thread1.num.cachemiss=9

thread1.num.recursivereplies=9

thread1.requestlist.avg=0

thread1.requestlist.max=0

thread1.requestlist.overwritten=0

thread1.requestlist.exceeded=0

thread1.requestlist.current.all=0

thread1.requestlist.current.user=0

thread1.recursion.time.avg=0.049576

thread1.recursion.time.median=0.016384

total.num.queries=48

total.num.cachehits=8

total.num.cachemiss=40

total.num.recursivereplies=40

total.requestlist.avg=0.1

total.requestlist.max=1

total.requestlist.overwritten=0

total.requestlist.exceeded=0

total.requestlist.current.all=0

total.requestlist.current.user=0

total.recursion.time.avg=0.079984

total.recursion.time.median=0.0174763

time.now=1281681396.583885

time.up=7299.491047

time.elapsed=4177.655650

 Source : ForumMikrotik.Com