This is an old revision of the document!

Anycast DNS

Deprecated, a new documentation is pending writing. — Benjamin Collet 2013/04/22 23:43

Description of service

This service provides an efficient and fault tolerant way of resolving 168.192.in-addr.arpa, 0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa and glanet.org zones across GLaNET.

Three levels of participation exist:

  • running a master DNS server: this server will be part of the DNS system ‘core’, thus it must be reachable, have a good connectivity and reliability (within GLaNET);
  • running a slave DNS server: if you have a large number of hosts in you network, you may want to run a slave DNS server to increase performances;
  • using your DNS server as a forwarder: this is a simplest way of using the service.
  • Anycast DNS IPv4: 192.168.248.53.
  • Anycast DNS IPv6: fd00:6b64:f3b0:53::1 (advertise fd00:6b64:f3b0:53::/64 over BGP).

Recursive DNS

We also aim to provide a recursive anycast DNS service within GLaNET. To use it, just configure the following addresses as your resolver:

  • Anycast recursive DNS IPv4: 192.168.248.153.
  • Anycast recursive DNS IPv6: fd00:6b64:f3b0:153::1 (advertise fd00:6b64:f3b0:153::/64 over BGP).
Anycast recursive DNS server must resolve GLaNET internal zones (either locally or by forwarding the request to the anycast DNS service).

If you want to participate and provide an anycast recursive DNS server, don't hesitate to contact us.

List of anycast DNS servers

Host IPv4 IPv6 Recursive ASN
ns.fa0.org 94.23.115.220 2001:470:c8bc:2001::1 Yes 64542
ns2.fa0.org 91.121.34.61 2001:470:1f15:872::1 Yes 64542
ns0.lv0.in 178.33.108.224 2001:470:c8be::1 No 64544

Master configuration example

You must not advertise any GLaNET DNS anycast prefixes whilst your DNS server is not operating. It is your responsibility to implement any solution deemed necessary to ensure this requirement.
When adding a master server, don't forget that your DNS server must listen on 192.168.248.53 and/or fd00:6b64:f3b0:53::1, that your BGP router must advertise it and your firewall must not bock it.
Initial checkout: 
svn checkout https://svn.oxynux.org/glanet/dns/ /etc/bind/zones-glanet/

named.conf

zone "glanet.org" {
  type master;
  allow-transfer { any; };
  file "/etc/bind/zones-glanet/db.glanet.org";
};

zone "168.192.in-addr.arpa" {
  type master;
  allow-transfer { any; };
  file "/etc/bind/zones-glanet/db.192.168";
};

zone "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa" {
  type master;
  allow-transfer { any; };
  file "/etc/bind/zones-glanet/db.fd00:6b64:f3b0";
};

crontab

*/5  *  * * * root  svn up /etc/bind/zones-glanet >> /dev/null && rndc reload >> /dev/null

Slave configuration example

named.conf

zone "glanet.org" {
  type slave;
  masters { 192.168.248.53; fd00:6b64:f3b0:53::1; };
  file "/etc/bind/zones/db.glanet.org";
};

zone "168.192.in-addr.arpa" {
  type slave;
  masters { 192.168.248.53; fd00:6b64:f3b0:53::1; };
  file "/etc/bind/zones/db.192.168";
};

zone "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa" {
  type slave;
  masters { 192.168.248.53; fd00:6b64:f3b0:53::1; };
  file "/etc/bind/zones/db.fd00:6b64:f3b0";
};

Forwarder configuration example

named.conf

zone "glanet.org" {
  type forward;
  forwarders { 192.168.248.53; fd00:6b64:f3b0:53::1; };
};

zone "168.192.in-addr.arpa" {
  type forward;
  forwarders { 192.168.248.53; fd00:6b64:f3b0:53::1; };
};

zone "0.b.3.f.4.6.b.6.0.0.d.f.ip6.arpa" {
  type forward;
  forwarders { 192.168.248.53; fd00:6b64:f3b0:53::1; };
};