{"id":131,"date":"2016-04-26T01:45:51","date_gmt":"2016-04-26T01:45:51","guid":{"rendered":"http:\/\/kloxo.web.id\/?p=131"},"modified":"2016-04-26T01:45:51","modified_gmt":"2016-04-26T01:45:51","slug":"server-dns-resolvercacheproxy-menggunakan-dnscrypt-dan-unbound","status":"publish","type":"post","link":"https:\/\/kloxo.web.id\/?p=131","title":{"rendered":"Server DNS (Resolver\/Cache\/Proxy) Menggunakan DNSCrypt dan Unbound"},"content":{"rendered":"<p>Sejak diberlakukan larangan menggunakan dns luar oleh pihak kominfo, tidak banyak pilihan server public dns yang cukup kencang dan memiliki filtering (porno, judi dsb) yang mumpuni. Tuts kali ini adalah catatan membuat resolver\/caching\/proxy dns menggunakan dnscrypt dan unbound untuk mengarahkan dns agar menggunakan public dns dari pihak OpenDNS.<\/p>\n<p>OS yang digunakan adalah Ubuntu 14.10 64-bit (sesuaikan command-nya bila anda menggunakan distro debian\/centos), let&#8217;s start :<\/p>\n<p>A. Instalasi DNSCrypt :<\/p>\n<p>1. apt-get update<br \/>\n2. apt-get install build-essential<br \/>\n3. cd \/usr\/local\/src<br \/>\n4. wget http:\/\/download.libsodium.org\/libsodium\/releases\/LATEST.tar.gz -O &#8211; | tar -xz<br \/>\n5. cd libsodium-1.0.10\/ #versi saat catatan ini dibuat<br \/>\n6. .\/configure<br \/>\n7. make<br \/>\n8. make install<br \/>\n9. cd ..<br \/>\n10. rm -rf libsodium-1.0.10<br \/>\n11. wget http:\/\/download.dnscrypt.org\/dnscrypt-proxy\/dnscrypt-proxy-1.6.1.tar.gz -O &#8211; | tar -xz<br \/>\n12. cd dnscrypt-proxy-1.6.1\/ #versi saat catatan ini dibuat<br \/>\n13. .\/configure<br \/>\n14. make<br \/>\n15. make install<br \/>\n16. cd ..<br \/>\n17. rm -rf dnscrypt-proxy-1.6.1*<br \/>\n18. nano \/etc\/rc.local<br \/>\n    \/usr\/local\/sbin\/dnscrypt-proxy -R cisco -a 127.0.0.1:5353 &#8211;daemonize<br \/>\n    exit 0<br \/>\n    ctrl+x (keluar dan simpan)<\/p>\n<p>Sampai langkah ini instalasi DNSCrypt selesai, lanjutkan ke instalasi Unbound.<\/p>\n<p>B. Instalasi Unbound DNS Resolver :<\/p>\n<p>1. apt-get install unbound<br \/>\n2. mv \/etc\/unbound\/unbound.conf \/etc\/unbound\/unbound.conf.default<br \/>\n3. nano \/etc\/unbound\/unbound.conf<\/p>\n<p>server:<br \/>\n    auto-trust-anchor-file: &#8220;\/var\/lib\/unbound\/root.key&#8221;<br \/>\n    logfile: &#8220;\/var\/log\/unbound.log&#8221;<br \/>\n    log-time-ascii: yes<br \/>\n    module-config: &#8220;iterator&#8221;<br \/>\n    do-not-query-localhost: no<br \/>\n#ip server-dns ini<br \/>\n    interface: 127.0.0.1<br \/>\n    interface: 192.168.100.250<br \/>\n#network yang diijinkan menggunakan dns ini<br \/>\n    access-control: 127.0.0.1 allow<br \/>\n    access-control: 192.168.0.0\/16 allow<br \/>\n    access-control: 10.0.0.0\/24 allow<br \/>\n#lpse diarahkan ke ip local spse<br \/>\nlocal-data: &#8220;lpse.baritoselatankab.go.id. 10800 IN A 192.168.100.194&#8221;<br \/>\nforward-zone:<br \/>\n   name: &#8220;.&#8221;<br \/>\n   forward-addr: 127.0.0.1@5353<br \/>\n   forward-first: no<br \/>\nremote-control:<br \/>\n       control-enable: no<\/p>\n<p>4. nano \/etc\/resolv.conf<br \/>\n   nameserver 127.0.0.1<br \/>\n5. reboot<\/p>\n<p>Setelah reboot, lakukan pemeriksaan ulang terhadap konfigurasi sebagai berikut :<br \/>\n1. netstat -tulpn | grep 53<br \/>\n&#8211;apakah ada port 53 (unbound) dan 5353 (dnscrypt)?<br \/>\n2. ping google.com<br \/>\n&#8211;apakah reply?<br \/>\nbila kedua langkah diatas sukses, ujicoba dari client dengan mengarahkan dns nya ke ip server-dns ini.<\/p>\n<p>Selamat Mencoba! DWYOR&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sejak diberlakukan larangan menggunakan dns luar oleh pihak kominfo, tidak banyak pilihan server public dns yang cukup kencang dan memiliki filtering (porno, judi dsb) yang mumpuni. Tuts kali ini adalah catatan membuat resolver\/caching\/proxy dns menggunakan dnscrypt dan unbound untuk mengarahkan dns agar menggunakan public dns dari pihak OpenDNS. OS yang digunakan adalah Ubuntu 14.10 64-bit [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-131","post","type-post","status-publish","format-standard","hentry","category-linux-server"],"_links":{"self":[{"href":"https:\/\/kloxo.web.id\/index.php?rest_route=\/wp\/v2\/posts\/131","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kloxo.web.id\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kloxo.web.id\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kloxo.web.id\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kloxo.web.id\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=131"}],"version-history":[{"count":1,"href":"https:\/\/kloxo.web.id\/index.php?rest_route=\/wp\/v2\/posts\/131\/revisions"}],"predecessor-version":[{"id":132,"href":"https:\/\/kloxo.web.id\/index.php?rest_route=\/wp\/v2\/posts\/131\/revisions\/132"}],"wp:attachment":[{"href":"https:\/\/kloxo.web.id\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=131"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kloxo.web.id\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=131"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kloxo.web.id\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=131"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}