Step² install DNS Server with Unbound di Ubuntu Server

apt-get install unbound

cd /etc/unbound

wget ftp://FTP.INTERNIC.NET/domain/named.cache

unbound-control-setup

chown unbound:root unbound_*

chmod 440 unbound_*

mv /etc/unbound/unbound.conf /etc/unbound/unbound.conf1

nano /etc/unbound/unbound.conf

server:

verbosity: 1

statistics-interval: 120

statistics-cumulative: yes

extended-statistics: yes

num-threads: 1

interface: 0.0.0.0

outgoing-range: 512

num-queries-per-thread: 1024

msg-cache-size: 16m

rrset-cache-size: 32m

msg-cache-slabs: 4

rrset-cache-slabs: 4

cache-max-ttl: 86400

infra-host-ttl: 60

infra-lame-ttl: 120

infra-cache-numhosts: 10000

infra-cache-lame-size: 10k

do-ip4: yes

do-ip6: no

do-udp: yes

do-tcp: yes

do-daemonize: yes

#access-control: 0.0.0.0/0 allow

access-control: 192.168.0.0/16 allow

access-control: 172.16.0.0/12 allow

access-control: 10.0.0.0/8 allow

access-control: 127.0.0.0/8 allow

access-control: 0.0.0.0/0 refuse

chroot: "/etc/unbound"

username: "unbound"

directory: "/etc/unbound"

#logfile: "/etc/unbound/unbound.log" use-syslog: yes

logfile: ""

use-syslog: no

pidfile: "/etc/unbound/unbound.pid"

root-hints: "/etc/unbound/named.cache"

identity: "DNS"

version: "1.4"

hide-identity: yes

hide-version: yes

harden-glue: yes

do-not-query-address: 127.0.0.1/8

do-not-query-localhost: yes

module-config: "iterator"

#zone localhost

local-zone: "localhost." static

local-data: "localhost. 10800 IN NS localhost."

local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"

local-data: "localhost. 10800 IN A 127.0.0.1"

local-zone: "127.in-addr.arpa." static

local-data: "127.in-addr.arpa. 10800 IN NS localhost."

local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"

local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

#zone cache.dns.nizy.net.id

local-zone: "cache.dns.nizy.net.id." static

local-data: "nizy.net.id. 86400 IN NS cache.dns.nizy.net.id."

local-data: "nizy.net.id. 86400 IN SOA nizy.net.id. proxy.nizy.net.id.  3 3600 1200 604800 86400"

local-data: "nizy.net.id. 86400 IN A 192.168.200.2"

local-data: "www.nizy.net.id. 86400 IN A 192.168.200.2"

local-data: "cache.dns.nizy.net.id. 86400 IN A 192.168.200.2"

local-zone: "200.168.192.in-addr.arpa." static

local-data: "200.168.192.in-addr.arpa. 10800 IN NS nizy.net.id."

local-data: "200.168.192.in-addr.arpa. 10800 IN SOA nizy.net.id. proxy.nizy.net.id. 4 3600 1200 604800 864000"

local-data: "2.200.168.192.in-addr.arpa. 10800 IN PTR nizy.net.id." 

forward-zone:

name: "."

forward-addr: 203.130.193.74

forward-addr: 202.134.1.10

forward-addr: 203.130.196.6

forward-addr: 202.134.0.61

forward-addr: 125.160.2.162

forward-addr: 222.124.204.34

forward-addr: 202.134.0.155

forward-addr: 222.124.204.34

forward-addr: 208.67.222.222

forward-addr: 208.67.220.220

forward-addr: 8.8.8.8

forward-addr: 8.8.4.4

remote-control:

control-enable: yes

control-interface: 127.0.0.1

control-port: 953

server-key-file: "/etc/unbound/unbound_server.key"

server-cert-file: "/etc/unbound/unbound_server.pem"

control-key-file: "/etc/unbound/unbound_control.key"

control-cert-file: "/etc/unbound/unbound_control.pem"

reboot pc !!!
setelah reboot, cek dengan perintah

root@nizy:~# unbound-control stats

thread0.num.queries=619787

thread0.num.cachehits=238858

thread0.num.cachemiss=380929

thread0.num.prefetch=0

thread0.num.recursivereplies=380929

thread0.requestlist.avg=1.19214

thread0.requestlist.max=47

thread0.requestlist.overwritten=0

thread0.requestlist.exceeded=0

thread0.requestlist.current.all=0

thread0.requestlist.current.user=0

thread0.recursion.time.avg=0.000442

thread0.recursion.time.median=0.0510188

total.num.queries=619787

total.num.cachehits=238858

total.num.cachemiss=380929

total.num.prefetch=0

total.num.recursivereplies=380929

lanjut lagi:

nano /etc/network/interfaces

dns-nameservers 192.168.200.1

ganti:

dns-nameservers 127.0.0.1

/etc/init.d/networking restart

nano /etc/resolv.conf

nameserver 192.168.200.1

ganti:

nameserver 127.0.0.1

cek:

unbound-checkconf

nslookup 192.168.200.2

nslookup nizy.net.id

dig google.com

dig -x 127.0.0.1

dig -x 192.168.200.2

lsof -i UDP:53

unbound-control stats

di mikrotik:

/ip dns

set allow-remote-requests=yes cache-max-ttl=1w cache-size=10240KiB max-udp-packet-size=\

    512 servers=192.168.200.2

/ip dns static

add address=192.168.200.2 comment="" disabled=no name=nizy.net.id ttl=5m

/ip firewall nat

add action=dst-nat chain=dstnat comment="Transparan DNS" disabled=no dst-port=53 \

    in-interface=ether3-lan protocol=udp to-addresses=192.168.200.2 to-ports=53

add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 in-interface=\

    ether3-lan protocol=tcp to-addresses=192.168.200.2 to-ports=53

sumber: http://www.forummikrotik.com/guide/14263-share-mari-incip2-dns-unbound-high-performance.html