Unbound DNS, girdiğiniz bir web sitesinin ip adresini bulan ve önbelleğe alan kendi yerel DNS sunucunuzdur. Yani başka bir DNS'ye sormaz, bunu kendisi yapar, bu şekilde daha fazla gizlilik sağlar.
FreeBSD de varsayılan olarakta gelir, (paket deposunda unbound diyede paketi var fakat bizim için gerek yok) sadece isteğe bağlı olarak aktif etmek gerekir.
Bu rehberde ekstra olarak local_unbound 'da, reklam engelleme de yapacağız.
Önce unbound'u kontrol edelim, aktif mi?
# service local_unbound statusAktif değilse devam, /etc/rc.conf 'ta eklemek için.
# service local_unbound enable local_unbound enabled in /etc/rc.conf
$ grep "local_unbound" /etc/rc.conf local_unbound_enable="YES"
# service local_unbound start Starting local_unbound.
# service local_unbound status local_unbound is running as pid 1275./etc/resolv.conf böyle görünsün.
nameserver 127.0.0.1 options edns0/var/unbound/unbound.conf 'ta böyle görünsün.
server: username: unbound directory: /var/unbound chroot: /var/unbound pidfile: /var/run/local_unbound.pid auto-trust-anchor-file: /var/unbound/root.key include: /var/unbound/forward.conf include: /var/unbound/lan-zones.conf include: /var/unbound/control.conf include: /var/unbound/conf.d/*.conf # İsterseniz diğerlerinide açabilirsiniz, DNS yi değiştirebilirsiniz... servisi restart etmeyi unutmayın. forward-zone: name: "." forward-addr: 9.9.9.9@53#dns.quad9.net forward-addr: 149.112.112.112@53#dns.quad9.net # forward-addr: 94.140.14.14@53#adguard.dns # forward-addr: 94.140.15.15@53#adguard.dns # forward-addr: 1.0.0.1@53#one.one.one.one # forward-addr: 1.1.1.1@53#one.one.one.one # forward-addr: 8.8.4.4@53#dns.google # forward-addr: 8.8.8.8@53#dns.googleŞimdi servisi restart edelim.
# service local_unbound restart Stopping local_unbound. Waiting for PIDS: 1275. Starting local_unbound. Waiting for nameserver to start... good
# service local_unbound setup Performing initial setup. destination: Extracting forwarders from /etc/resolv.conf. No forwarders found in resolv.conf, using existing forward.conf. /var/unbound/lan-zones.conf not modified /var/unbound/control.conf not modified /var/unbound/unbound.conf not modified /etc/resolvconf.conf not modified /etc/resolv.conf not modified
$ sockstat -4 | grep unbound unbound local-unbo 4668 5 udp4 127.0.0.1:53 *:* unbound local-unbo 4668 6 tcp4 127.0.0.1:53 *:*⌛ÖNBELLEK TESTİ
$ time host ftp.freebsd.org
ftp.freebsd.org is an alias for ftp.geo.freebsd.org.
ftp.geo.freebsd.org has address 147.28.184.42
ftp.geo.freebsd.org has IPv6 address 2604:1380:4091:a001::15:0
ftp.geo.freebsd.org mail is handled by 0 .
real 0m1,329s
user 0m0,010s
sys 0m0,000s
Komutu tekrar ver.
$ time host ftp.freebsd.org
ftp.freebsd.org is an alias for ftp.geo.freebsd.org.
ftp.geo.freebsd.org has address 147.28.184.42
ftp.geo.freebsd.org has IPv6 address 2604:1380:4091:a001::15:0
ftp.geo.freebsd.org mail is handled by 0 .
real 0m0,011s
user 0m0,010s
sys 0m0,001s
Local_Unbound önbelleklemeyi yapıyor... ✔Ayrıca bu komutlarla da test edebilirsiniz.
$ drill -D google.com $ dig @127.0.0.1 freebsd.com $ dig freebsd.com | grep -e Query -e SERVER(dig için bind-tools 'u kurunuz)
💡 REKLAM ENGELLEME - KARA LİSTE
# mkdir /root/bin # fetch -o /root/bin/unbound-blacklist-fetch.sh https://raw.githubusercontent.com/vermaden/scripts/master/unbound-blacklist-fetch.sh # chmod +x /root/bin/unbound-blacklist-fetch.sh # /root/bin/unbound-blacklist-fetch.sh # ls -l /var/unbound/conf.d/blacklist.conf # service local_unbound restartBetiği crontab'a ekleyip, her gün otomatik güncelleyebiliriz.
📌 Komutların tümünü root ile kopyala ve konsola yapıştır ve enter.
🚫 ENGELLENEN ETKİ ALANLARI TESTİ
cat << BSD >> /var/cron/tabs/root # unbound(8) kara listeyi hergün güncelle 0 0 * * * /root/bin/unbound-blacklist-fetch.sh BSDKontrol et.
# crontab -l | tail -4 0 0 * * * /root/bin/unbound-blacklist-fetch.sh
$ tail /var/unbound/conf.d/blacklist.conf
$ wc -l /var/unbound/conf.d/blacklist.conf
222412 /var/unbound/conf.d/blacklist.conf
❗222412 blacklist.conf 'ta ki satır sayısıdır, her satırda bir etki alanına denk gelir, her güncellemede bu sayı büyük olasılıkla değişecektir.$ ping ad.track.us.org ping: cannot resolve ad.track.us.org: Name does not resolve
$ host ad.track.us.org Host ad.track.us.org not found: 3(NXDOMAIN)
CloudFlare Test: | https://1.1.1.1/help/ |
Adguard Test: | https://adguard.com/tr/test.html |
Quad9 Test: | https://on.quad9.net/ |
DNSSEC Test1: | https://wander.science/projects/dns/dnssec-resolver-test/ |
DNSSEC Test2: | http://www.dnssec-or-not.com/ |
DNS Leak Test: | https://browserleaks.com/dns |
Bağlantı Test: | https://internet.nl/connection/ |
Kaynak: | https://vermaden.wordpress.com/2020/11/18/unbound-dns-blacklist |
yorum yok:
Yorum Gönder