---
title: DNS
published: true
visible: true
---

burble.dn42 DNS services

===

# DNS Services

burble.dn42 DNS services are anycast across every node to provide fast, local responses network wide

## Authoritative DNS Service

|||
|---|---|
| ns1.burble.dn42<br/>b.delegation-servers.dn42| 172.20.129.1<br/>fd42:4242:2601:ac53::1 |
<br/>
ns1.burble.dn42 is slaved to master.delegation-servers.dn42, and provides
DNSSEC signed, authoritative data for DN42 related zones.

The authoritative service may be used as the root for a local DNS resolver, with the assurance
that returned DNS records are traceable via DNSSEC to the DN42 registry. The service
also supports AXFR and may be used as a master to a local, slaved, root zone.

*Note that ns1.burble.dn42 will not forward DNS queries.  
Forwarding is provided by the recursive service, dns.burble.dn42.*


*Slaved DN42 zones*

* .dn42
* .recursive-servers.dn42
* .delegation-servers.dn42
* d.f.ip6.arpa.
* 20.172.in-addr.arpa.
* 21.172.in-addr.arpa.
* 22.172.in-addr.arpa.
* 23.172.in-addr.arpa.
* 31.172.in-addr.arpa.
* 10.in-addr.arpa.

*burble.dn42 zones*

* . (local root zone)
* .burble.dn42.
* .collector.dn42.
* 1.0.6.2.2.4.2.4.2.4.d.f.ip6.arpa.
* 0/27.129.20.172.in-addr.arpa.
* 160/27.129.20.172.in-addr.arpa.

The root zone also includes stubs for resolving domains in networks associated to DN42 (e.g. .hack).


## Recursive DNS Service

|||
|---|---|
| dns.burble.dn42<br/>b.recursive-servers.dn42| 172.20.129.2<br/>fd42:4242:2601:ac53::53 |
<br/>
dns.burble.dn42 is a caching, recursive DNS service for DN42 related zones using
the burble.dn42 authoritative service as a local root zone.  
The recursor is DNSSEC enabled and validates all queries.

#### Using the recursive DNS service

Users are encouraged to consult recursive-servers.dn42 to obtain a list of
recursive DNS services and configure at least two independent resolvers
to obtain the best resilience.

```
$ host -l recursive-servers.dn42 fd42:4242:2601:ac53::1
Using domain server:
Name: fd42:4242:2601:ac53::1
Address: fd42:4242:2601:ac53::1#53
Aliases: 

recursive-servers.dn42 name server a.recursive-servers.dn42.
recursive-servers.dn42 name server b.recursive-servers.dn42.
recursive-servers.dn42 name server j.recursive-servers.dn42.
recursive-servers.dn42 name server y.recursive-servers.dn42.
a.recursive-servers.dn42 has address 172.20.0.53
a.recursive-servers.dn42 has IPv6 address fd42:d42:d42:54::1
b.recursive-servers.dn42 has address 172.20.129.2
b.recursive-servers.dn42 has IPv6 address fd42:4242:2601:ac53::53
j.recursive-servers.dn42 has address 172.20.1.19
j.recursive-servers.dn42 has IPv6 address fd42:5d71:219:0:1::43
y.recursive-servers.dn42 has address 172.20.20.65
y.recursive-servers.dn42 has IPv6 address fd42:c01d:beef::2
```

Example resolv.conf using IPv6 with IPv4 fallback
```
# DN42 resolve.conf

search dn42

# burble.dn42 service
# b.recursive-servers.dn42 
nameserver fd42:4242:2601:ac53::53

# j.recursive-servers.dn42
nameserver fd42:5d71:219:0:1::43

# y.recursive-servers.dn42
nameserver 172.20.20.65
```

## Implementation

The DNS service is implemented as a tiered, anycast service with each node
in the network providing a local cache in front of regional, master nodes.

#### Edge Nodes

Each node in the network runs [dnsdist](https://dnsdist.org/), which forwards
queries to regional master nodes and then caches the responses to provide
a fast, local access to DNS data.

Anycast routes to the DNS servers are advertised to the main Bird2 instance using
[GoBGP](https://github.com/osrg/gobgp) and a health checking script.

#### Master Nodes

| Region | Host | Location |
|:--|:--|:--|
| Europe           | dns.fr-rbx1.burble.dn42 | OVH, Roubaix, France |
| Eastern Europe   | dns.lt-vil1.burble.dn42 | Time4VPS, Vilnius, Lithuania |
| Americas (East) | dns.ca-bhs2.burble.dn42 | OVH, Beauharnois, Canada |
| Americas (Mid & West) | dns.us-dal3.burble.dn42 | HostDoc, Dallas, USA |
| Asia and Oceania | dns.sg-sin2.burble.dn42 | OVH, Singapore |
<br/>
The master nodes are implemented using [PowerDNS](https://www.powerdns.com/).

The Authoritative DNS servers are configured as slaves replicating from the
DN42 master for .dn42 related zones and a hidden master located on the private,
internal network for burble.dn42 zones. The root zone is built automatically
from the registry using [dn42regsrv](https://git.dn42.us/burble/dn42regsrv).

The recursive service is provided by the pdns-recursor configured with DNSSEC
validation and additional caching.