Differences

This shows you the differences between two versions of the page.

--- doc:dns:core [2015/09/13 13:10] – [List of anycast DNS servers] Romain Boissat
+++ doc:dns:core [2018/05/27 22:52] – [List of anycast DNS servers] Romain Boissat
@@ Line 9: / Line 9: @@
 ^  Usage                     ^  Prefix                     ^
 | Anycast DNS IPv4           | 192.168.248.53/32           |
-| Anycast DNS IPv6           | ''fd00:6b64:f3b0:53::/64''  |
+| Anycast DNS IPv6           | ''fd00:6b64:f3b0::53/128''  |
 | Anycast recursive DNS IPv4 | 192.168.248.153/32          |
-| Anycast recursive DNS IPv6 | ''fd00:6b64:f3b0:153::/64'' |
+| Anycast recursive DNS IPv6 | ''fd00:6b64:f3b0::153/128'' |
 <note warning>
@@ Line 17: / Line 17: @@
 </note>
-  * Core servers **MUST** be declared in //[[https://git.oxynux.org/glanet/dns/blob/master/acl.glanet_anycast_core|acl "glanet_anycast_core"]]//.
-  * Core servers **MUST** allow zone transfer to any host querying the anycast DNS address.
-  * Core servers **MUST NOT** allow zone transfer to an host querying the server's real IP address.
   * Core recursive servers **MUST** allow recursion to any host querying the anycast recursive DNS address.
-  * Core recursive servers **MUST** allow recursion to any host defined in //[[https://git.oxynux.org/glanet/dns/blob/master/acl.glanet_mon|acl "glanet_mon"]]//.
+  * Core recursive servers **MUST** allow recursion to supervision hosts querying the host's unicast address for supervision.
   * Core recursive servers **MAY** allow recursion to any other explicitly white listed host or network, at the administrator's discretion.
   * Core recursive servers **MUST** deny recursion to any other host.
@@ Line 28: / Line 25: @@
 ===== List of anycast DNS servers =====
-^  Host               ^  IPv4               ^  IPv6                         ^  Authoritative  ^  Recursive  ^  ASN               ^
+^  Host                     ^  IPv4               ^  IPv6         ^  Function((Authoritative/Recursive/Both))  ^  ASN   ^
-| ns1.ois.tf          | ''212.83.149.187''  | ''2001:bc8:3283:2000::15''    |  Yes            |  Yes        ^ [[as:64542|64542]] |
+| ns1.alt.tf                | ''212.83.149.187''  | ''2a06:e881:1101:2000::15''  |  Authoritative  ^ [[as:202945|202945]] |
-| sbg-services.ois.tf | ''192.168.40.196''  | ''2001:bc8:3283:e003::196''   |  No             |  Yes        ^ [[as:64542|64542]] |
+| ams-rdns.alt.tf           | ''192.168.42.10''   | ''2a06:e881:1101:2000::10''  |  Recursive      ^ :::                 |
-| lv0-anycast.lv0.in  | ''192.168.144.245'' | ''2001:470:c8be:1f::f''       |  No             |  Yes        ^ [[as:64544|64544]] |
+| tvl-services.alt.tf       | ''192.168.40.196''  | ''2a06:e881:1102:2000::196'' |  Recursive      ^ :::                 |
-| lv0-glanet-anycast.lv0.in  | ''192.168.144.246'' | ''2001:470:c8be:1f::6''|  Yes            |  No         ^ [[as:64544|64544]] |
+| anycast.lv0.in            | ''192.168.144.34''  | ''2001:bc8:3ec5:2::2''       |  Recursive      ^ [[as:64544|64544]]  |
-| vss-anycast.lv0.in  | ''192.168.144.34''  | ''2001:470:c8be:e::2''        |  No             |  Yes        ^ [[as:64544|64544]] |
-| vss-glanet-anycast.lv0.in  | ''192.168.144.38''  | ''2001:470:c8be:e::6'' |  Yes            |  No         ^ [[as:64544|64544]] |
-===== BIND9 configuration examples =====
-==== Common options ====
-<file text named.options>
-masters "glanet" {
-.83.149.187;
-:bc8:3283:2000::15;
-};
-options {
-  directory "/var/cache/bind";
-  auth-nxdomain no;    # conform to RFC1035
-  listen-on {
-.0.0.1;
-    <SERVER REAL IP>;
-.168.248.53;
-.168.248.153;
-  };
-  listen-on-v6 { any; };
-  notify-source <SERVER REAL IP>;
-  transfer-source <SERVER REAL IP>;
-  notify-source-v6 <SERVER REAL IPv6>;
-  transfer-source-v6 <SERVER REAL IPv6>;
-  version "0";
-  notify yes;
-  recursion no;
-  allow-query-cache { any; };
-  allow-transfer { none; };
-};
-</file>
-==== Core GLaNET domain name-server (without recursion) ====
-<note important>
-When adding a master server, don't forget that your DNS server must listen on 192.168.248.53 and/or ''fd00:6b64:f3b0:53::1'', that your BGP router must advertise it and your firewall must not bock it.
-</note>
-<file text named.conf>
-include named.options;
-view "glanet" {
-  match-destinations { 192.168.248.53; fd00:6b64:f3b0:53::1; };
-  allow-transfer { any; };
-  # GLaNET address space PTR
-  zone "168.192.in-addr.arpa" {
-    type slave;
-    masters { glanet; };
-    file "/etc/bind/zones-slave/db.192.168";
-  };
-  # GLaNET IPv6 services address space PTR
-  zone "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa" {
-    type slave;
-    masters { glanet; };
-    file "/etc/bind/zones-slave/db.fd00:6b64:f3b0";
-  };
-};
-view "default" {
-  # GLaNET address space PTR
-  zone "168.192.in-addr.arpa" {
-    type slave;
-    masters { glanet; };
-    file "/etc/bind/zones-slave/db.192.168";
-  };
-  # GLaNET IPv6 services address space PTR
-  zone "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa" {
-    type slave;
-    masters { glanet; };
-    file "/etc/bind/slave/db.fd00:6b64:f3b0";
-  };
-  # Your own zones follow
-  # ...
-};
-</file>
-==== Core GLaNET domain name-server (with recursion) ====
-<note warning>Anycast recursive DNS server **must** resolve GLaNET internal zones (either locally or by forwarding the request to the anycast DNS service).</note>
-<file text named.conf>
-include named.options;
-view "glanet_recursor" {
-  match-destinations { 192.168.248.153; fd00:6b64:f3b0:153::1; };
-  match-recursive-only yes;
-  recursion yes;
-  include "/etc/bind/named.dummy";
-  zone "168.192.in-addr.arpa" { type slave; masters { glanet; }; file "/etc/bind/zones-slave/db.192.168"; };
-  zone "d.f.ip6.arpa"         { type master; file "/etc/bind/zones-dummy/db.fd"; };
-};
-view "glanet_recursor_sup" {
-  match-clients { 192.168.42.5/32; 2001:bc8:3283:2000::5/128; };
-  match-recursive-only yes;
-  recursion yes;
-  include "/etc/bind/named.dummy";
-  zone "168.192.in-addr.arpa" { type slave; masters { glanet; }; file "/etc/bind/zones-slave/db.192.168"; };
-  zone "d.f.ip6.arpa"         { type master; file "/etc/bind/zones-dummy/db.fd"; };
-};
-view "glanet" {
-  match-destinations { 192.168.248.53; fd00:6b64:f3b0:53::1; };
-  allow-transfer { any; };
-  # GLaNET address space PTR
-  zone "168.192.in-addr.arpa" {
-    type slave;
-    masters { glanet; };
-    file "/etc/bind/zones-slave/db.192.168";
-  };
-  # GLaNET IPv6 services address space PTR
-  zone "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa" {
-    type slave;
-    masters { glanet; };
-    file "/etc/bind/zones-slave/db.fd00:6b64:f3b0";
-  };
-};
-view "default" {
-  # GLaNET address space PTR
-  zone "168.192.in-addr.arpa" {
-    type slave;
-    masters { glanet; };
-    file "/etc/bind/zones-slave/db.192.168";
-  };
-  # GLaNET IPv6 services address space PTR
-  zone "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa" {
-    type slave;
-    masters { glanet; };
-    file "/etc/bind/slave/db.fd00:6b64:f3b0";
-  };
-  # Your own zones follow
-  # ...
-};
-</file>
-<file text db.fd>
-$TTL	604800
-@	IN	SOA	localhost. root.localhost. (
-		; Serial
-		; Refresh
-		; Retry
-			2419200		; Expire
-)	; Negative Cache TTL
-;
-@	IN	NS	localhost.
-.b.3.f.4.6.b.6.0.0 IN NS anycast-dns.glanet.org.
-</file>