Differences

This shows you the differences between two versions of the page.

--- doc:dns [2013/04/19 23:27] – Benjamin Collet
+++ doc:dns [2020/01/13 13:32] – [Description of service] Add Knot Resolver configuration Alexandre Girard
@@ Line 1: / Line 1: @@
 ~~NOTOC~~
 ====== Anycast DNS ======
 ===== Description of service =====
-This service provides an efficient and fault tolerant way of resolving ''168.192.in-addr.arpa'', ''0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa'' and ''glanet.org'' zones across GLaNET.
+This service provides an efficient and fault tolerant way of resolving ''168.192.in-addr.arpa'' and ''0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa'' zones across GLaNET.
-Three levels of participation exist:
+  * To use it, simply add forwarding zones, pointing to the following servers:
-  * running a master DNS server: this server will be part of the DNS system ‘core’, thus it must be reachable, have a good connectivity and reliability (within GLaNET);
-  * running a slave DNS server: if you have a large number of hosts in you network, you may want to run a slave DNS server to increase performances;
-  * using your DNS server as a forwarder: this is a simplest way of using the service.
-<note tip>
+<note important>
   * Anycast DNS IPv4: **192.168.248.53**.
-  * Anycast DNS IPv6: **''fd00:6b64:f3b0:53::1''** (advertise ''fd00:6b64:f3b0:53::/64'' over BGP).
+  * Anycast DNS IPv6: **''fd00:6b64:f3b0::53''**.
 </note>
-==== Recursive DNS ====
+<note tip>**BIND9 configuration example (forwarder)**
-We also aim to provide a recursive anycast DNS service within GLaNET. To use it, just configure the following addresses as your resolver:
-<note tip>
-  * Anycast recursive DNS IPv4: **192.168.248.153**.
-  * Anycast recursive DNS IPv6: **''fd00:6b64:f3b0:153::1''** (advertise ''fd00:6b64:f3b0:153::/64'' over BGP).
-</note>
-<note warning>Anycast recursive DNS server **must** resolve GLaNET internal zones (either locally or by forwarding the request to the anycast DNS service).</note>
-If you want to participate and provide an anycast recursive DNS server, don't hesitate to [[doc:mailing-lists|contact us]].
-===== List of anycast DNS servers =====
-^  Host            ^  IPv4              ^  IPv6                      ^  Recursive  ^  ASN               ^
-| ns.fa0.org       | ''94.23.115.220''  | ''2001:470:c8bc:2001::1''  |  Yes        ^ [[as:64542|64542]] |
-| ns.ca.fa0.org    | ''91.121.34.61''   | ''2001:470:1f15:872::1''   |  Yes        ^ [[as:64542|64542]] |
-| ns0.lv0.in       | ''178.33.108.224'' | ''2001:470:c8be::1''       |  No         ^ [[as:64544|64544]] |
-===== Master configuration example =====
-<note warning>
-You **must not** advertise any GLaNET DNS anycast prefixes whilst your DNS server is not operating. It is **your** responsibility to implement any solution deemed necessary to ensure this requirement.
-</note>
-<note important>
-When adding a master server, don't forget that your DNS server must listen on 192.168.248.53 and/or ''fd00:6b64:f3b0:53::1'', that your BGP router must advertise it and your firewall must not bock it.
-</note>
-<note tip>
-Initial checkout:
 <code>
-svn checkout https://svn.oxynux.org/glanet/dns/ /etc/bind/zones-glanet/
-</code>
-</note>
-==== named.conf ====
-<code>
-zone "glanet.org" {
-  type master;
-  allow-transfer { any; };
-  file "/etc/bind/zones-glanet/db.glanet.org";
-};
 zone "168.192.in-addr.arpa" {
-  type master;
+  type forward;
-  allow-transfer { any; };
+  forwarders { 192.168.248.53; fd00:6b64:f3b0::53; };
-  file "/etc/bind/zones-glanet/db.192.168";
 };
 zone "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa" {
-  type master;
+  type forward;
-  allow-transfer { any; };
+  forwarders { 192.168.248.53; fd00:6b64:f3b0::53; };
-  file "/etc/bind/zones-glanet/db.fd00:6b64:f3b0";
 };
-</code>
+</code></note>
-==== crontab ====
+<note tip>**Unbound configuration example (forwarder)**
 <code>
-*/5  *  * * * root  svn up /etc/bind/zones-glanet >> /dev/null && rndc reload >> /dev/null
+server:
-</code>
+(...)
+    local-zone:         "168.192.in-addr.arpa." nodefault
+    local-zone:         "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa." transparent
-===== Slave configuration example =====
+    domain-insecure:    "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa."
+(...)
-==== named.conf ====
+stub-zone:
-<code>
+  name:         168.192.in-addr.arpa.
-zone "glanet.org" {
+  stub-addr:    fd00:6b64:f3b0::53
-  type slave;
+  stub-addr:    192.168.248.53
-  masters { 192.168.248.53; fd00:6b64:f3b0:53::1; };
-  file "/etc/bind/zones/db.glanet.org";
-};
-zone "168.192.in-addr.arpa" {
+stub-zone:
-  type slave;
+  name:         0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa.
-  masters { 192.168.248.53; fd00:6b64:f3b0:53::1; };
+  stub-addr:    fd00:6b64:f3b0::53
-  file "/etc/bind/zones/db.192.168";
+  stub-addr:    192.168.248.53
-};
-zone "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa" {
+</code></note>
-  type slave;
-  masters { 192.168.248.53; fd00:6b64:f3b0:53::1; };
-  file "/etc/bind/zones/db.fd00:6b64:f3b0";
-};
-</code>
-===== Forwarder configuration example =====
+<note tip>**Knot Resolver configuration example (forwarder)**
-==== named.conf ====
 <code>
-zone "glanet.org" {
+(...)
-  type forward;
+-- Forward all requests for 168.192.in-addr.arpa. to fd00:6b64:f3b0::53 and 192.168.248.53
-  forwarders { 192.168.248.53; fd00:6b64:f3b0:53::1; };
+policy.add(policy.suffix(policy.STUB({'fd00:6b64:f3b0::53', '192.168.248.53'}), {todname('168.192.in-addr.arpa')}))
-};
-zone "168.192.in-addr.arpa" {
+-- Forward all requests for 0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa to fd00:6b64:f3b0::53 and 192.168.248.53
-  type forward;
+policy.add(policy.suffix(policy.STUB({'fd00:6b64:f3b0::53', '192.168.248.53'}), {todname('0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa')}))
-  forwarders { 192.168.248.53; fd00:6b64:f3b0:53::1; };
+(...)
-};
+</code></note>
+===== Recursive DNS =====
-zone "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa" {
+We also aim to provide a recursive anycast DNS service within GLaNET. To use it, just configure the following addresses as your resolver:
-  type forward;
-  forwarders { 192.168.248.53; fd00:6b64:f3b0:53::1; };
+<note important>
-};
+  * Anycast recursive DNS IPv4: **192.168.248.153**.
-</code>
+  * Anycast recursive DNS IPv6: **''fd00:6b64:f3b0::153''**.
+</note>