Add DNS over HTTPS service

2019-07-17 19:31:24 +01:00 · 2019-07-17 19:31:24 +01:00 · 4f96496854
commit 4f96496854
parent f13523573a
3 changed files with 36 additions and 7 deletions
--- a/pages/01.home/dns/default.md
+++ b/pages/01.home/dns/default.md
@ -113,6 +113,25 @@ nameserver fd42:5d71:219:0:1::43
 nameserver 172.20.20.65
 ```
 #### DNS over HTTPS (DoH)
 * https://dns.burble.dn42/dns-query
 * https://[fd42:4242:2601:ac53::53]/dns-query
 * https://172.20.129.2/dns-query
 The recursive DNS service supports DNS over HTTPS. The HTTPS service is signed by the
 burble.dn42 [Certificate Authority](/home/certificate-authority), and the CA certificate
 will be required by the DoH client in order to use the service. Unfortunately, the
 use of a self-signed CA means that OCSP stapling is not supported. 
 ```
 $ doh burble.dn42 https://[fd42:4242:2601:ac53::53]/dns-query
 burble.dn42 from https://[fd42:4242:2601:ac53::53]/dns-query
 TTL: 3600 seconds
 A: 172.20.129.3
 AAAA: fd42:4242:2601:ac80:0000:0000:0000:0001
 ```
 ## Implementation
 The DNS service is implemented as a tiered, anycast service with each node
@ -122,15 +141,21 @@ in the network providing a local cache in front of five, regional, master nodes.
 The ns1.burble.dn42 authoritative service is provided by [dnsdist](https://dnsdist.org/).
 Queries are forwarded to the nearest regional master node and responses are then cached.
-If the regional master is not available, the next nearest will be queried until a response is found.
+If the regional master is not available, the next nearest will be queried until a response
 is found.
-The dns.burble.dn42 recursive service is provided by [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html)
+The dns.burble.dn42 recursive service is provided by
-configured using the 'all-servers' mode. Queries are forwarded to all 5 regional masters in parallel
+[dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html)
-and the first response received is then returned. This approach ensures users get the lowest latency
+configured using the 'all-servers' mode. Queries are forwarded to all 5 regional masters
-results possible, regardless of location, and that any local connectivity issues do not impact the results.
+in parallel and the first response received is then returned. This approach ensures users
 get the lowest latency results possible, regardless of location, and that any local
 connectivity issues do not impact the results.
 Recursive queries are cached on the edge nodes and master nodes, creating a network wide cache
-of results across all users of the service. 
+of results across all users of the service.
 Each edge node also runs [m13253/dns-over-https](https://github.com/m13253/dns-over-https)
 to provide the DNS over HTTPS service.
 Anycast routes to the DNS servers are advertised to the main Bird2 instance using
 [GoBGP](https://github.com/osrg/gobgp) and a health checking script.
--- a/pages/01.home/maintenance-log/default.md
+++ b/pages/01.home/maintenance-log/default.md
@ -10,6 +10,10 @@ A log of changes to the burble.dn42 network.
 ## burble.dn42 Maintenance Log
 #### 17nd July 2019
 DoH! The [DNS Service](/home/dns) now support DNS over HTTPS.
 #### 22nd June 2019
 Tidied up node information.
--- a/pages/04.about/default.md
+++ b/pages/04.about/default.md
@ -6,7 +6,7 @@ media_order: 'DN42 Map 181224.2.png'
 #burble.dn42
 burble.dn42 is an experimental global network, part of [dn42](https://dn42.us/)  
-By active peer count, burble.dn42 is the 3rd largest IPv4 and 2nd largest IPv6 network in dn42.
+By active peer count, burble.dn42 is currently the largest network in dn42.
 #####Background