Tutorial Install DNS Filter di Centos
Well bertemu lagi dengan saya Een Pahlefi, Kali ini saya jalan - jalan ke group Mikrotik Squid Indonesia menemukan sebuah tutorial yang ditulis oleh rekan sesama teman di facebook yaitu Fahmy tentang membuat filter DNS di OS Centos.
fresh install os centos, disable selinux dan services iptables, reboot
login kembali sebagai root, install paket yg di perlukan
tambahkan repo epel :
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
instal paket yang di butuhkan :
yum -y install php php-mcrypt php-pdo php-mysql unbound pdns pdns-backend-mysql mysql-server httpd wget unzip
edit config mysql pada /etc/my.cnf
tambahkan ini di section [mysqld] :
bind-address = 127.0.0.1
innodb-file-per-table = 1
innodb-flush-method = O_DIRECT
connect-timeout = 1000
innodb = FORCE
innodb-file-format = barracuda
innodb-buffer-pool-size = 256M
skip-name-resolve
seting config unbound
#/etc/unbound/unbound.conf
#
#################START CONFIG################
server:
verbosity: 1
statistics-interval: 120
num-threads: 2
interface: 127.0.0.1
port: 5300
outgoing-range: 512
num-queries-per-thread: 1024
msg-cache-size: 128m
rrset-cache-size: 256m
so-rcvbuf: 8m
msg-cache-slabs: 8
rrset-cache-slabs: 8
cache-min-ttl: 600
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
#access-control: 0.0.0.0/0 allow
access-control: 192.168.0.0/16 allow
access-control: 172.16.0.0/12 allow
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 0.0.0.0/0 refuse
chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
#logfile: "/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
pidfile: "/var/run/unbound/unbound.pid"
root-hints: "/etc/unbound/named.cache"
identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"
#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
forward-zone:
name: "."
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
remote-control:
control-enable: yes
# control-interface: 127.0.0.1
# control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
##################END CONFIG################
#
#/etc/pdns/pdns.conf
#sesuaikan addres pada interfacesnya misal 192.168.100.2
###############start config#############
setgid=pdns
setuid=pdns
launch=gmysql
gmysql-host=127.0.0.1
gmysql-user=root
gmysql-password=passwordmu
gmysql-dbname=pdns
allow-recursion=127.0.0.1,172.16.0.0/12,192.168.0.0/16,10.0.0.0/8
config-dir=/etc/pdns
daemon=yes
disable-axfr=yes
distributor-threads=4
guardian=yes
gmysql-socket=/var/lib/mysql/mysql.sock
#lazy-recursion=yes
local-address=192.168.100.2
local-port=53
master=yes
module-dir=/usr/lib64/pdns
recursor=127.0.0.1:5300
socket-dir=/var/run
webserver=yes
webserver-address=192.168.100.2
webserver-port=8081
wildcard-url=on
version-string=powerdns
###############end config#############
mysqladmin -ppasswordmu create pdns
wget http://powerdnssec.org/downloads/pdns-3.3-rc2.tar.gz
tar xvf pdns-3.3-rc2.tar.gz -C /tmp/
mysql -u root -prahasiamu < /tmp/pdns-3.3-rc2/pdns/no-dnssec.schema.mysql.sql
wget "http://urlblacklist.com/cgi-bin/commercialdownload.pl?type=download&file=bigblacklist" -O /tmp/bigblacklist.tar.bz2
tar xvf bigblacklist.tar.bz2 -C /tmp/
cd /tmp
cp blacklists/porn/domains /tmp/domains.txt
awk '{print "NULL" "\t" $1 "\t" NULL "\t" "NULL" "\t" "NATIVE" "\t" "NULL" "\t" "NULL" }' domains.txt > blackdomains
mv blackdomains /var/lib/mysql/pdns/
mysql -uroot -ppasswordmu -Dpdns -e "LOAD DATA INFILE 'blackdomains' INTO TABLE domains"
mysql -uroot -ppasswordmu -Dpdns -e "select id,name from domains" > forrecord
awk '{print "NULL" "\t" $1 "\t" $2 "\t" "A" "\t" "118.98.97.100" "\t" "86400" "\t" "0" "\t" "1406888925" }' forrecord > sqlrecords
awk '{print "NULL" "\t" $1 "\t" "*."$2 "\t" "A" "\t" "118.98.97.100" "\t" "86400" "\t" "0" "\t" "1406888925" }' forrecord > wildcard
awk '{print "NULL" "\t" $1 "\t" $2 "\t" "SOA" "\t" "dns admin.hikmah-teknologi.com 1" "\t" "86400" "\t" "1406888925" "\t" "NULL" }' forrecord > soarecords
cp soarecords /var/lib/mysql/pdns
cp wildcard /var/lib/mysql/pdns
cp sqlrecords /var/lib/mysql/pdns
mysql -uroot -ppasswordmu -Dpdns -e "LOAD DATA INFILE 'sqlrecords' INTO TABLE records"
mysql -uroot -ppasswordmu -Dpdns -e "LOAD DATA INFILE 'wildcard' INTO TABLE records"
mysql -uroot -ppasswordmu -Dpdns -e "LOAD DATA INFILE 'soarecords' INTO TABLE records"
/etc/init.d/unbound start
/etc/init.d/pdns start
chkconfif unbound on
chkconfif pdns on
chkconfif mysql on
chkconfif httpd on
install web interfaces
wget https://codeload.github.com/poweradmin/poweradmin/zip/master -O poweradmin-2.1.7.zip
unzip poweradmin-2.1.7.zip
rm -rf /var/www/html
mv poweradmin-master /var/www/html
buka di broser http://ipserverdns/install
isikan sesuai datanya, user db,pass db, pdns db dll.
sampai langkah terkahir, copikan config yang diawali karakter <?php
buat sebuah files, paste dari hasil copian tadi,
/var/www/html/inc/config.inc.php
sesuaikan isinya :
$db_host = '127.0.0.1';
$db_user = 'root';
$db_pass = 'passwordmu';
$db_name = 'pdns';
$db_type = 'mysql';
$db_layer = 'PDO';
delete directory install
rm -rf /var/www/html/install
done, buka di broser http://ipserverdns/
login sesuai user/pass yang di isi sewaktu install
Penulis : Een Pahlefi
Sumber Penelitian : Fahmy
fresh install os centos, disable selinux dan services iptables, reboot
login kembali sebagai root, install paket yg di perlukan
tambahkan repo epel :
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
instal paket yang di butuhkan :
yum -y install php php-mcrypt php-pdo php-mysql unbound pdns pdns-backend-mysql mysql-server httpd wget unzip
edit config mysql pada /etc/my.cnf
tambahkan ini di section [mysqld] :
bind-address = 127.0.0.1
innodb-file-per-table = 1
innodb-flush-method = O_DIRECT
connect-timeout = 1000
innodb = FORCE
innodb-file-format = barracuda
innodb-buffer-pool-size = 256M
skip-name-resolve
seting config unbound
#/etc/unbound/unbound.conf
#
#################START CONFIG################
server:
verbosity: 1
statistics-interval: 120
num-threads: 2
interface: 127.0.0.1
port: 5300
outgoing-range: 512
num-queries-per-thread: 1024
msg-cache-size: 128m
rrset-cache-size: 256m
so-rcvbuf: 8m
msg-cache-slabs: 8
rrset-cache-slabs: 8
cache-min-ttl: 600
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
#access-control: 0.0.0.0/0 allow
access-control: 192.168.0.0/16 allow
access-control: 172.16.0.0/12 allow
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 0.0.0.0/0 refuse
chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
#logfile: "/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
pidfile: "/var/run/unbound/unbound.pid"
root-hints: "/etc/unbound/named.cache"
identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"
#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
forward-zone:
name: "."
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
remote-control:
control-enable: yes
# control-interface: 127.0.0.1
# control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
##################END CONFIG################
#
#/etc/pdns/pdns.conf
#sesuaikan addres pada interfacesnya misal 192.168.100.2
###############start config#############
setgid=pdns
setuid=pdns
launch=gmysql
gmysql-host=127.0.0.1
gmysql-user=root
gmysql-password=passwordmu
gmysql-dbname=pdns
allow-recursion=127.0.0.1,172.16.0.0/12,192.168.0.0/16,10.0.0.0/8
config-dir=/etc/pdns
daemon=yes
disable-axfr=yes
distributor-threads=4
guardian=yes
gmysql-socket=/var/lib/mysql/mysql.sock
#lazy-recursion=yes
local-address=192.168.100.2
local-port=53
master=yes
module-dir=/usr/lib64/pdns
recursor=127.0.0.1:5300
socket-dir=/var/run
webserver=yes
webserver-address=192.168.100.2
webserver-port=8081
wildcard-url=on
version-string=powerdns
###############end config#############
mysqladmin -ppasswordmu create pdns
wget http://powerdnssec.org/downloads/pdns-3.3-rc2.tar.gz
tar xvf pdns-3.3-rc2.tar.gz -C /tmp/
mysql -u root -prahasiamu < /tmp/pdns-3.3-rc2/pdns/no-dnssec.schema.mysql.sql
wget "http://urlblacklist.com/cgi-bin/commercialdownload.pl?type=download&file=bigblacklist" -O /tmp/bigblacklist.tar.bz2
tar xvf bigblacklist.tar.bz2 -C /tmp/
cd /tmp
cp blacklists/porn/domains /tmp/domains.txt
awk '{print "NULL" "\t" $1 "\t" NULL "\t" "NULL" "\t" "NATIVE" "\t" "NULL" "\t" "NULL" }' domains.txt > blackdomains
mv blackdomains /var/lib/mysql/pdns/
mysql -uroot -ppasswordmu -Dpdns -e "LOAD DATA INFILE 'blackdomains' INTO TABLE domains"
mysql -uroot -ppasswordmu -Dpdns -e "select id,name from domains" > forrecord
awk '{print "NULL" "\t" $1 "\t" $2 "\t" "A" "\t" "118.98.97.100" "\t" "86400" "\t" "0" "\t" "1406888925" }' forrecord > sqlrecords
awk '{print "NULL" "\t" $1 "\t" "*."$2 "\t" "A" "\t" "118.98.97.100" "\t" "86400" "\t" "0" "\t" "1406888925" }' forrecord > wildcard
awk '{print "NULL" "\t" $1 "\t" $2 "\t" "SOA" "\t" "dns admin.hikmah-teknologi.com 1" "\t" "86400" "\t" "1406888925" "\t" "NULL" }' forrecord > soarecords
cp soarecords /var/lib/mysql/pdns
cp wildcard /var/lib/mysql/pdns
cp sqlrecords /var/lib/mysql/pdns
mysql -uroot -ppasswordmu -Dpdns -e "LOAD DATA INFILE 'sqlrecords' INTO TABLE records"
mysql -uroot -ppasswordmu -Dpdns -e "LOAD DATA INFILE 'wildcard' INTO TABLE records"
mysql -uroot -ppasswordmu -Dpdns -e "LOAD DATA INFILE 'soarecords' INTO TABLE records"
/etc/init.d/unbound start
/etc/init.d/pdns start
chkconfif unbound on
chkconfif pdns on
chkconfif mysql on
chkconfif httpd on
install web interfaces
wget https://codeload.github.com/poweradmin/poweradmin/zip/master -O poweradmin-2.1.7.zip
unzip poweradmin-2.1.7.zip
rm -rf /var/www/html
mv poweradmin-master /var/www/html
buka di broser http://ipserverdns/install
isikan sesuai datanya, user db,pass db, pdns db dll.
sampai langkah terkahir, copikan config yang diawali karakter <?php
buat sebuah files, paste dari hasil copian tadi,
/var/www/html/inc/config.inc.php
sesuaikan isinya :
$db_host = '127.0.0.1';
$db_user = 'root';
$db_pass = 'passwordmu';
$db_name = 'pdns';
$db_type = 'mysql';
$db_layer = 'PDO';
delete directory install
rm -rf /var/www/html/install
done, buka di broser http://ipserverdns/
login sesuai user/pass yang di isi sewaktu install
Penulis : Een Pahlefi
Sumber Penelitian : Fahmy
0 comments:
Posting Komentar