Kamis, 05 Juni 2014

Tutorial Install DNS Filter di Centos

Well bertemu lagi dengan saya Een Pahlefi, Kali ini saya jalan - jalan ke group Mikrotik Squid Indonesia menemukan sebuah tutorial yang ditulis oleh rekan sesama teman di facebook yaitu Fahmy tentang membuat filter DNS di OS Centos.

fresh install os centos,  disable selinux dan services iptables, reboot
login kembali sebagai root, install paket yg di perlukan




tambahkan repo epel :
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
instal paket yang di butuhkan :
yum -y install php php-mcrypt php-pdo php-mysql unbound pdns pdns-backend-mysql mysql-server httpd wget unzip

edit config mysql pada /etc/my.cnf
tambahkan ini di section [mysqld]  :

bind-address       = 127.0.0.1
innodb-file-per-table          = 1
innodb-flush-method            = O_DIRECT
connect-timeout                = 1000
innodb                         = FORCE
innodb-file-format             = barracuda
innodb-buffer-pool-size        = 256M
skip-name-resolve


seting config  unbound
#/etc/unbound/unbound.conf
#
#################START CONFIG################
server:
         verbosity: 1
         statistics-interval: 120
         num-threads: 2
         interface: 127.0.0.1
         port: 5300
         outgoing-range: 512
         num-queries-per-thread: 1024

         msg-cache-size: 128m
         rrset-cache-size: 256m
         so-rcvbuf: 8m

         msg-cache-slabs: 8
         rrset-cache-slabs: 8

         cache-min-ttl: 600
         cache-max-ttl: 86400
         infra-host-ttl: 60
         infra-lame-ttl: 120

         infra-cache-numhosts: 10000
         infra-cache-lame-size: 10k

         do-ip4: yes
         do-ip6: no
         do-udp: yes
         do-tcp: yes
         do-daemonize: yes

         #access-control: 0.0.0.0/0 allow
         access-control: 192.168.0.0/16 allow
         access-control: 172.16.0.0/12 allow
         access-control: 10.0.0.0/8 allow
         access-control: 127.0.0.0/8 allow
         access-control: 0.0.0.0/0 refuse

         chroot: "/etc/unbound"
         username: "unbound"
         directory: "/etc/unbound"
         #logfile: "/etc/unbound/unbound.log"
         #use-syslog: yes
         logfile: ""
         pidfile: "/var/run/unbound/unbound.pid"
         root-hints: "/etc/unbound/named.cache"

        identity: "DNS"
        version: "1.4"
        hide-identity: yes
        hide-version: yes
        harden-glue: yes
        do-not-query-address: 127.0.0.1/8
        do-not-query-localhost: yes
        module-config: "iterator"

        #zone localhost
        local-zone: "localhost." static
        local-data: "localhost. 10800 IN NS localhost."
        local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
        local-data: "localhost. 10800 IN A 127.0.0.1"

        local-zone: "127.in-addr.arpa." static
        local-data: "127.in-addr.arpa. 10800 IN NS localhost."
        local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
        local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."


forward-zone:
        name: "."
        forward-addr: 8.8.8.8
        forward-addr: 8.8.4.4

remote-control:
        control-enable: yes
       # control-interface: 127.0.0.1
       # control-port: 953
        server-key-file: "/etc/unbound/unbound_server.key"
        server-cert-file: "/etc/unbound/unbound_server.pem"
        control-key-file: "/etc/unbound/unbound_control.key"
        control-cert-file: "/etc/unbound/unbound_control.pem"

##################END CONFIG################
#
#/etc/pdns/pdns.conf
#sesuaikan addres pada interfacesnya misal 192.168.100.2
###############start config#############
setgid=pdns
setuid=pdns
launch=gmysql
gmysql-host=127.0.0.1
gmysql-user=root
gmysql-password=passwordmu
gmysql-dbname=pdns
allow-recursion=127.0.0.1,172.16.0.0/12,192.168.0.0/16,10.0.0.0/8
config-dir=/etc/pdns
daemon=yes
disable-axfr=yes
distributor-threads=4
guardian=yes
gmysql-socket=/var/lib/mysql/mysql.sock
#lazy-recursion=yes
local-address=192.168.100.2
local-port=53
master=yes
module-dir=/usr/lib64/pdns
recursor=127.0.0.1:5300
socket-dir=/var/run
webserver=yes
webserver-address=192.168.100.2
webserver-port=8081
wildcard-url=on
version-string=powerdns
###############end config#############


mysqladmin -ppasswordmu create pdns
wget http://powerdnssec.org/downloads/pdns-3.3-rc2.tar.gz
tar xvf pdns-3.3-rc2.tar.gz -C /tmp/
mysql -u root -prahasiamu < /tmp/pdns-3.3-rc2/pdns/no-dnssec.schema.mysql.sql

wget "http://urlblacklist.com/cgi-bin/commercialdownload.pl?type=download&file=bigblacklist" -O /tmp/bigblacklist.tar.bz2
tar xvf bigblacklist.tar.bz2 -C /tmp/
cd /tmp
cp blacklists/porn/domains /tmp/domains.txt
awk '{print "NULL" "\t" $1 "\t" NULL "\t" "NULL" "\t" "NATIVE" "\t" "NULL" "\t" "NULL" }' domains.txt > blackdomains
mv blackdomains /var/lib/mysql/pdns/
mysql -uroot -ppasswordmu -Dpdns -e "LOAD DATA INFILE 'blackdomains' INTO TABLE domains"
mysql -uroot -ppasswordmu -Dpdns -e "select id,name from domains" > forrecord
awk '{print "NULL" "\t" $1 "\t" $2 "\t" "A" "\t" "118.98.97.100" "\t" "86400" "\t" "0" "\t" "1406888925" }' forrecord > sqlrecords
awk '{print "NULL" "\t" $1 "\t" "*."$2 "\t" "A" "\t" "118.98.97.100" "\t" "86400" "\t" "0" "\t" "1406888925" }' forrecord > wildcard
awk '{print "NULL" "\t" $1 "\t" $2 "\t" "SOA" "\t" "dns admin.hikmah-teknologi.com 1" "\t" "86400" "\t" "1406888925" "\t" "NULL" }' forrecord > soarecords
cp soarecords  /var/lib/mysql/pdns
cp wildcard /var/lib/mysql/pdns
cp sqlrecords  /var/lib/mysql/pdns
mysql -uroot -ppasswordmu -Dpdns -e "LOAD DATA INFILE 'sqlrecords' INTO TABLE records"
mysql -uroot -ppasswordmu -Dpdns -e "LOAD DATA INFILE 'wildcard' INTO TABLE records"
mysql -uroot -ppasswordmu -Dpdns -e "LOAD DATA INFILE 'soarecords' INTO TABLE records"

/etc/init.d/unbound start
/etc/init.d/pdns start
chkconfif unbound on
chkconfif pdns on
chkconfif mysql on
chkconfif httpd on

install web interfaces

wget https://codeload.github.com/poweradmin/poweradmin/zip/master -O poweradmin-2.1.7.zip
unzip poweradmin-2.1.7.zip
rm -rf /var/www/html
mv poweradmin-master /var/www/html

buka di broser http://ipserverdns/install
isikan sesuai datanya, user db,pass db, pdns db dll.

sampai langkah terkahir, copikan config yang diawali karakter <?php
buat sebuah files, paste dari hasil copian tadi,
/var/www/html/inc/config.inc.php

sesuaikan isinya :

$db_host                = '127.0.0.1';
$db_user                = 'root';
$db_pass                = 'passwordmu';
$db_name                = 'pdns';
$db_type                = 'mysql';
$db_layer               = 'PDO';


delete directory install
rm -rf /var/www/html/install

done, buka di broser http://ipserverdns/
login sesuai user/pass yang di isi sewaktu install

Penulis : Een Pahlefi
Sumber Penelitian : Fahmy

0 comments:

Posting Komentar

Bank Saya

Pembayaran melalui Bank berikut :

Norek : 013 1 001384 5
An. Een Pahlefi

Norek BRI Rencana : 0623 01 000074-55-6
An. Een Pahlefi

Norek : 0623 01 015938 50 9
An. Een Pahlefi

Norek : 0623 01 015938 50 9
An. Een Pahlefi

Norek : 0623 01 015938 50 9
An. Een Pahlefi

Norek : 0623 01 015938 50 9
An. Een Pahlefi

Monitoring

Status Panel Admin
Jam Sekarang
Tanggal
Salam Sapa :
Status Admin :
User : User Online

Popular Posts