Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
doc:dns [2012/03/08 23:52] – [List of anycast DNS servers] Benjamin Colletdoc:dns [2020/01/13 13:32] – [Description of service] Add Knot Resolver configuration Alexandre Girard
Line 4: Line 4:
 ===== Description of service ===== ===== Description of service =====
  
-This service provides an efficient and fault tolerant way of resolving ''168.192.in-addr.arpa''''0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa'' and ''glanet.org'' zones across GLaNET.+This service provides an efficient and fault tolerant way of resolving ''168.192.in-addr.arpa'' and ''0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa'' zones across GLaNET.
  
-Three levels of participation exist: +  To use it, simply add forwarding zonespointing to the following servers:
-  running a master DNS server: this server will be part of the DNS system ‘core’, thus it must be reachablehave a good connectivity and reliability (within GLaNET); +
-  * running a slave DNS server: if you have a large number of hosts in you networkyou may want to run a slave DNS server to increase performances; +
-  * using your DNS server as a forwarderthis is a simplest way of using the service.+
  
-<note tip>+<note important>
   * Anycast DNS IPv4: **192.168.248.53**.   * Anycast DNS IPv4: **192.168.248.53**.
-  * Anycast DNS IPv6: **''fd00:6b64:f3b0:53::1''** (advertise ''fd00:6b64:f3b0:53::/64'' over BGP).+  * Anycast DNS IPv6: **''fd00:6b64:f3b0::53''**.
 </note> </note>
  
-===== Adding your NS records =====+<note tip>**BIND9 configuration example (forwarder)** 
 +<code> 
 +zone "168.192.in-addr.arpa"
 +  type forward; 
 +  forwarders { 192.168.248.53; fd00:6b64:f3b0::53; }; 
 +};
  
-Send an email to [[dnsmaster@glanet.org]] with your IP subnet and the name servers authoritative for it.+zone "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa"
 +  type forward; 
 +  forwarders { 192.168.248.53; fd00:6b64:f3b0::53; }; 
 +}; 
 +</code></note>
  
-===== List of anycast DNS servers =====+<note tip>**Unbound configuration example (forwarder)** 
 +<code> 
 +server: 
 +(...) 
 +    local-zone:         "168.192.in-addr.arpa." nodefault 
 +    local-zone:         "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa." transparent
  
-^  Host  ^  IPv4  ^  IPv6  ^  ASN  ^ +    domain-insecure:    "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa." 
-| ns.fa0.org  | ''87.98.182.144'' | ''2001:470:c8bc:2000::100'' | [[as:64542|64542]] | +(...)
-| ns0.lv0.in  | ''91.121.93.194'' | ''2001:470:c8be::1''        | [[as:64544|64544]] |+
  
-If you want to run a master anycast DNS server, please contact us at [[dnsmaster@glanet.org]].+stub-zone: 
 +  name:         168.192.in-addr.arpa. 
 +  stub-addr:    fd00:6b64:f3b0::53 
 +  stub-addr:    192.168.248.53
  
-===== Files ===== +stub-zone: 
-FIXME +  name        0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa. 
-  * [[https://svn.oxynux.org/wsvn/glanet/dns/db.192.168|Zone file for 168.192.in-addr.arpa]]+  stub-addr:    fd00:6b64:f3b0::53 
 +  stub-addr:    192.168.248.53
  
-===== Master configuration example ===== +</code></note>
-<note important> +
-When adding a master server, don't forget that your DNS server must listen on 192.168.248.53, that your BGP router must advertise it and your firewall must not bock it. +
-</note> +
-<note tip> +
-Initial checkout: +
-<code> +
-svn checkout https://svn.oxynux.org/glanet/dns/ /etc/bind/zones-glanet/ +
-</code> +
-</note>+
  
-==== named.conf ====+<note tip>**Knot Resolver configuration example (forwarder)**
 <code> <code>
-zone "glanet.org" { +(...) 
-  type master; +-- Forward all requests for 168.192.in-addr.arpa. to fd00:6b64:f3b0::53 and 192.168.248.53 
-  allow-transfer { any; }; +policy.add(policy.suffix(policy.STUB({'fd00:6b64:f3b0::53', '192.168.248.53'}), {todname('168.192.in-addr.arpa')}))
-  file "/etc/bind/zones-glanet/db.glanet.org"; +
-};+
  
-zone "168.192.in-addr.arpa" { +-- Forward all requests for 0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa to fd00:6b64:f3b0::53 and 192.168.248.53 
-  type master; +policy.add(policy.suffix(policy.STUB({'fd00:6b64:f3b0::53', '192.168.248.53'}), {todname('0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa')})) 
-  allow-transfer any; }; +(...) 
-  file "/etc/bind/zones-glanet/db.192.168"; +</code></note> 
-};+===== Recursive DNS =====
  
-zone "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa"+We also aim to provide a recursive anycast DNS service within GLaNETTo use it, just configure the following addresses as your resolver:
-  type master; +
-  allow-transfer { any; }; +
-  file "/etc/bind/zones-glanet/db.fd00:6b64:f3b0"; +
-}; +
-</code>+
  
-==== crontab ==== +<note important
-<code+  * Anycast recursive DNS IPv4: **192.168.248.153**
-*/5   * * * root  svn up /etc/bind/zones-glanet >> /dev/null && rndc reload >> /dev/null +  * Anycast recursive DNS IPv6: **''fd00:6b64:f3b0::153''**
-</code> +</note>
-FIXME Some zone checking should be done. +
- +
-===== Slave configuration example ===== +
-FIXME +
-==== named.conf ==== +
-<code> +
-zone "168.192.in-addr.arpa"+
-  type slave; +
-  masters { 192.168.248.53; };                                                       +
-  file "/etc/bind/zones/db.192.168"; +
-}; +
-</code> +
- +
-===== Forwarder configuration example ===== +
-FIXME +
-==== named.conf ==== +
-<code> +
-zone "168.192.in-addr.arpa" { +
-  type forward; +
-  forwarders { 192.168.248.53; }; +
-}; +
-</code>+