Instalasi seperti pada MfsBSD. Setelah itu dilanjutkan dengan perintah berikut :
# pkg search bind
bind-tools-9.10.0P2_3
bind910-9.10.0P2_3
bind98-9.8.7P1_2
bind99-9.9.5P1_3
bindgraph-0.2_5
# pkg install bind910-9.10.0P2_3
Setelah sukses terinstalasi, langsung dah dilanjut dengan mengedit opsi dari si Bind itu sendiri. Yaitu dengan perintah sebagai berikut :
# ee /usr/local/etc/namedb/named.conf
Berikut adalah contoh dari isi file yang named.conf
// CACHING NAME SERVER for EXAMPLE, INC.
// maintained by: me myself alone
// CHANGELOG:
// 1. 9 july 2003 - did something
// 2. 16 july 2003 - did something else
// 3. 23 july 2003 - did something more
//
options {
directory "/var/named";
// version statement - inhibited for security
// (avoids hacking any known weaknesses)
version "not currently available";
// disables all zone transfer requests
allow-transfer{"none";};
// Closed DNS - permits only local IPs to issue queries
// remove if an Open DNS required to support all users
// or add additional IP ranges
// in this case either allow-query or allow-recursion can be used
allow-query {192.168.3.0/24;};
};
//
// log to /var/log/example.log all events
// from info UP in severity (no debug)
// defaults to use 3 files in rotation
// BIND 8.x logging MUST COME FIRST in this file
// BIND 9.x parses the whole file before using the log
// failure messages up to this point are in (syslog)
// typically /var/log/messages
//
logging{
channel example_log{
file "/var/log/named/example.log" versions 3 size 2m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category default{
example_log;
};
};
// required zone for recursive queries
zone "." {
type hint;
file "root.servers";
};
// required local host domain
zone "localhost" in{
type master;
file "master.localhost";
allow-update{none;};
};
// localhost reverse map
zone "0.0.127.in-addr.arpa" in{
type master;
file "localhost.rev";
allow-update{none;};
};[/spoiler]
Diganti isinya dengan ini
acl "test" { xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx;
};
options {
directory "/usr/local/etc/namedb/working";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
allow-recursion { test; };
allow-query-cache { test; };
allow-query { any; };
// managed-keys-directory "/usr/local/etc/namedb/working";
// bindkeys-file "/usr/local/etc/namedb/dlv.isc.org.key";
notify yes;
recursion yes;
tcp-clients 1000;
auth-nxdomain no;
version "Tuned by Dionipe";
hostname "dionipe@icloud.com";
prefetch 0;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
// files unlimited;
// max-cache-size 6144M;
rate-limit {
slip 2;
window 15;
responses-per-second 25;
referrals-per-second 25;
nodata-per-second 25;
nxdomains-per-second 25;
errors-per-second 25;
all-per-second 25;
log-only no;
qps-scale 250;
exempt-clients { test; };
max-table-size 20000;
min-table-size 500;
ipv4-prefix-length 32;
};
};
Setelah semua dikonfigurasi dengan opsi-opsi diatas, tinggal cek bener apa ga semua konfigurasinya. neh perintahnya :
# named-checkconf
Kalo yakin dah bener, baru dah kita jalanin dengan perintah ini :
# echo 'named_enable=YES' >> /etc/rc.conf
# service named start
Nah sekarang dah selesai deh. Semua instalasinya... Be happy :D
Referensi :
https://conference.apnic.net/data/37/apricot-2014-rrl_1393309768.pdf
https://kb.isc.org/article/AA-01000/0/A-Quick-Introduction-to-Response-Rate-Limiting.html