Instalasi seperti pada MfsBSD. Setelah itu dilanjutkan dengan perintah berikut :

# pkg search bind
bind-tools-9.10.0P2_3
bind910-9.10.0P2_3
bind98-9.8.7P1_2
bind99-9.9.5P1_3
bindgraph-0.2_5
# pkg install bind910-9.10.0P2_3

Setelah sukses terinstalasi, langsung dah dilanjut dengan mengedit opsi dari si Bind itu sendiri. Yaitu dengan perintah sebagai berikut :

# ee /usr/local/etc/namedb/named.conf

Berikut adalah contoh dari isi file yang named.conf
// CACHING NAME SERVER for EXAMPLE, INC.
// maintained by: me myself alone
// CHANGELOG:
// 1. 9 july 2003 - did something
// 2. 16 july 2003 - did something else
// 3. 23 july 2003 - did something more
//
options {
  directory "/var/named";
  // version statement - inhibited for security
  // (avoids hacking any known weaknesses)
  version "not currently available";
  // disables all zone transfer requests
  allow-transfer{"none";};
  // Closed DNS - permits only local IPs to issue queries
  // remove if an Open DNS required to support all users
  // or add additional IP ranges
  // in this case either allow-query or allow-recursion can be used
  allow-query {192.168.3.0/24;};
};
//
// log to /var/log/example.log all events
// from info UP in severity (no debug)
// defaults to use 3 files in rotation
// BIND 8.x logging MUST COME FIRST in this file
// BIND 9.x parses the whole file before using the log
// failure messages up to this point are in (syslog)
// typically /var/log/messages
//
  logging{
  channel example_log{
   file "/var/log/named/example.log" versions 3 size 2m;
   severity info;
   print-severity yes;
   print-time yes;
   print-category yes;
};
category default{
  example_log;
};
};
// required zone for recursive queries
zone "." {
  type hint;
  file "root.servers";
};
// required local host domain
zone "localhost" in{
  type master;
  file "master.localhost";
  allow-update{none;};
};
// localhost reverse map
zone "0.0.127.in-addr.arpa" in{
  type master;
  file "localhost.rev";
  allow-update{none;};
};[/spoiler]

Diganti isinya dengan ini

acl "test" { xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx;
};
options {
        directory       "/usr/local/etc/namedb/working";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";
        disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
        disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
        disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
        allow-recursion         { test; };
        allow-query-cache       { test; };
        allow-query             { any; };
//      managed-keys-directory "/usr/local/etc/namedb/working";
//      bindkeys-file "/usr/local/etc/namedb/dlv.isc.org.key";
        notify yes;
        recursion yes;
        tcp-clients 1000;
        auth-nxdomain no;
        version "Tuned by Dionipe";
        hostname "dionipe@icloud.com";
        prefetch 0;
        dnssec-enable no;
        dnssec-validation no;
        dnssec-lookaside auto;

//      files unlimited;
//      max-cache-size 6144M;

        rate-limit {
        slip 2;
        window 15;
        responses-per-second 25;
        referrals-per-second 25;
        nodata-per-second 25;
        nxdomains-per-second 25;
        errors-per-second 25;
        all-per-second 25;
        log-only no;
        qps-scale 250;
        exempt-clients { test; };
        max-table-size 20000;
        min-table-size 500;
        ipv4-prefix-length 32;
        };
};

Setelah semua dikonfigurasi dengan opsi-opsi diatas, tinggal cek bener apa ga semua konfigurasinya. neh perintahnya :

# named-checkconf

Kalo yakin dah bener, baru dah kita jalanin dengan perintah ini :

# echo 'named_enable=YES' >> /etc/rc.conf
# service named start

Nah sekarang dah selesai deh. Semua instalasinya... Be happy :D

Referensi :

https://conference.apnic.net/data/37/apricot-2014-rrl_1393309768.pdf

https://kb.isc.org/article/AA-01000/0/A-Quick-Introduction-to-Response-Rate-Limiting.html

Next Post Previous Post