This is an old revision of the document!
Anycast DNS Architecture
The anycast DNS architecture is composed of a main master server serving GLaNET DNS zones to slave servers (designated as ‘core servers’). End-users connect to the closest of theses core servers to access the service.
The communication channel between the main master and the core servers uses the servers' real IP addresses.
A core server advertises one or several of the following prefixes over BGP:
| Usage | Prefix |
|---|---|
| Anycast DNS IPv4 | 192.168.248.53/32 |
| Anycast DNS IPv6 | fd00:6b64:f3b0:53::/64 |
| Anycast recursive DNS IPv4 | 192.168.248.153/32 |
| Anycast recursive DNS IPv6 | fd00:6b64:f3b0:153::/64 |
You must not advertise any GLaNET DNS anycast prefixes whilst your DNS server is not operating properly. It is your responsibility to implement any solution deemed necessary to ensure this requirement.
- Core recursive servers MUST allow recursion to any host querying the anycast recursive DNS address.
- Core recursive servers MUST allow recursion to supervision hosts querying the host's unicast address for supervision.
- Core recursive servers MAY allow recursion to any other explicitly white listed host or network, at the administrator's discretion.
- Core recursive servers MUST deny recursion to any other host.
- If you want to participate and provide a core DNS server, please contact us.
List of anycast DNS servers
| Host | IPv4 | IPv6 | Authoritative | Recursive | ASN |
|---|---|---|---|---|---|
| ns1.alt.tf | 212.83.149.187 | 2001:bc8:3283:2000::15 | Yes | No | 64542 |
| vss-rdns.alt.tf | 192.168.42.10 | 2001:bc8:3283:2000::10 | No | Yes | |
| sbg-services.alt.tf | 192.168.40.196 | 2001:bc8:3283:e003::196 | No | Yes | |
| lv0-anycast.lv0.in | 192.168.144.245 | 2001:470:c8be:1f::f | No | Yes | 64544 |
| lv0-glanet-anycast.lv0.in | 192.168.144.246 | 2001:470:c8be:1f::6 | Yes | No | |
| vss-anycast.lv0.in | 192.168.144.34 | 2001:470:c8be:e::2 | No | Yes | |
| vss-glanet-anycast.lv0.in | 192.168.144.38 | 2001:470:c8be:e::6 | Yes | No |
Obsolete section!
BIND9 configuration examples
Common options
- named.options
masters "glanet" { 212.83.149.187; 2001:bc8:3283:2000::15; }; options { directory "/var/cache/bind"; auth-nxdomain no; # conform to RFC1035 listen-on { 127.0.0.1; <SERVER REAL IP>; 192.168.248.53; 192.168.248.153; }; listen-on-v6 { any; }; notify-source <SERVER REAL IP>; transfer-source <SERVER REAL IP>; notify-source-v6 <SERVER REAL IPv6>; transfer-source-v6 <SERVER REAL IPv6>; version "0"; notify yes; recursion no; allow-query-cache { any; }; allow-transfer { none; }; };
Core GLaNET domain name-server (without recursion)
When adding a master server, don't forget that your DNS server must listen on 192.168.248.53 and/or
fd00:6b64:f3b0:53::1, that your BGP router must advertise it and your firewall must not bock it.
- named.conf
include named.options; view "glanet" { match-destinations { 192.168.248.53; fd00:6b64:f3b0:53::1; }; allow-transfer { any; }; # GLaNET address space PTR zone "168.192.in-addr.arpa" { type slave; masters { glanet; }; file "/etc/bind/zones-slave/db.192.168"; }; # GLaNET IPv6 services address space PTR zone "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa" { type slave; masters { glanet; }; file "/etc/bind/zones-slave/db.fd00:6b64:f3b0"; }; }; view "default" { # GLaNET address space PTR zone "168.192.in-addr.arpa" { type slave; masters { glanet; }; file "/etc/bind/zones-slave/db.192.168"; }; # GLaNET IPv6 services address space PTR zone "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa" { type slave; masters { glanet; }; file "/etc/bind/slave/db.fd00:6b64:f3b0"; }; # Your own zones follow # ... };
Core GLaNET domain name-server (with recursion)
Anycast recursive DNS server must resolve GLaNET internal zones (either locally or by forwarding the request to the anycast DNS service).
- named.conf
include named.options; view "glanet_recursor" { match-destinations { 192.168.248.153; fd00:6b64:f3b0:153::1; }; match-recursive-only yes; recursion yes; include "/etc/bind/named.dummy"; zone "168.192.in-addr.arpa" { type slave; masters { glanet; }; file "/etc/bind/zones-slave/db.192.168"; }; zone "d.f.ip6.arpa" { type master; file "/etc/bind/zones-dummy/db.fd"; }; }; view "glanet_recursor_sup" { match-clients { 192.168.42.5/32; 2001:bc8:3283:2000::5/128; }; match-recursive-only yes; recursion yes; include "/etc/bind/named.dummy"; zone "168.192.in-addr.arpa" { type slave; masters { glanet; }; file "/etc/bind/zones-slave/db.192.168"; }; zone "d.f.ip6.arpa" { type master; file "/etc/bind/zones-dummy/db.fd"; }; }; view "glanet" { match-destinations { 192.168.248.53; fd00:6b64:f3b0:53::1; }; allow-transfer { any; }; # GLaNET address space PTR zone "168.192.in-addr.arpa" { type slave; masters { glanet; }; file "/etc/bind/zones-slave/db.192.168"; }; # GLaNET IPv6 services address space PTR zone "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa" { type slave; masters { glanet; }; file "/etc/bind/zones-slave/db.fd00:6b64:f3b0"; }; }; view "default" { # GLaNET address space PTR zone "168.192.in-addr.arpa" { type slave; masters { glanet; }; file "/etc/bind/zones-slave/db.192.168"; }; # GLaNET IPv6 services address space PTR zone "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa" { type slave; masters { glanet; }; file "/etc/bind/slave/db.fd00:6b64:f3b0"; }; # Your own zones follow # ... };
- db.fd
$TTL 604800 @ IN SOA localhost. root.localhost. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. 0.b.3.f.4.6.b.6.0.0 IN NS anycast-dns.glanet.org.