burble.dn42/www
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
www/user/pages/01.home/dns/default.md

157 lines
5.3 KiB
Markdown
Executable File
Raw Blame History

---
title: DNS
published: true
visible: true
---
burble.dn42 DNS services
===
# DNS Services
burble.dn42 DNS services are anycast across every node to provide fast, local responses network wide.
## Authoritative DNS Service
|||
|---|---|
| ns1.burble.dn42<br/>b.delegation-servers.dn42| 172.20.129.1<br/>fd42:4242:2601:ac53::1 |
<br/>
ns1.burble.dn42 is slaved to master.delegation-servers.dn42, and provides
DNSSEC signed, authoritative data for DN42 related zones.
The authoritative service may be used as the root for a local DNS resolver, with the assurance
that returned DNS records are traceable via DNSSEC to the DN42 registry. The service
also supports AXFR and may be used as a master to a local, slaved, root zone.
*Note that ns1.burble.dn42 will not forward DNS queries.
Forwarding is provided by the recursive service, dns.burble.dn42.*
*Slaved DN42 zones*
* .dn42
* .recursive-servers.dn42
* .delegation-servers.dn42
* .registry-sync.dn42
* d.f.ip6.arpa.
* 20.172.in-addr.arpa.
* 21.172.in-addr.arpa.
* 22.172.in-addr.arpa.
* 23.172.in-addr.arpa.
* 31.172.in-addr.arpa.
* 10.in-addr.arpa.
*burble.dn42 zones*
* . (local root zone)
* .burble.dn42.
* .collector.dn42.
* 1.0.6.2.2.4.2.4.2.4.d.f.ip6.arpa.
* 0/27.129.20.172.in-addr.arpa.
* 160/27.129.20.172.in-addr.arpa.
The root zone also includes stubs for resolving domains in networks associated to DN42 (e.g. .hack).
## Recursive DNS Service
|||
|---|---|
| dns.burble.dn42<br/>b.recursive-servers.dn42| 172.20.129.2<br/>fd42:4242:2601:ac53::53 |
<br/>
dns.burble.dn42 is a caching, recursive DNS service for DN42 related zones using
the burble.dn42 authoritative service as a local root zone. By issuing parallel queries
across five regional masters, the recursive service takes advantage of the burble.dn42 global
scale to reduce latency and avoid local connectivity problems.
The recursor is DNSSEC enabled and validates all queries.
#### Using the recursive DNS service
Users are encouraged to consult recursive-servers.dn42 to obtain a list of
recursive DNS services and configure at least two independent resolvers
to obtain the best resilience.
```
$ host -l recursive-servers.dn42 fd42:4242:2601:ac53::1
Using domain server:
Name: fd42:4242:2601:ac53::1
Address: fd42:4242:2601:ac53::1#53
Aliases:
recursive-servers.dn42 name server a.recursive-servers.dn42.
recursive-servers.dn42 name server b.recursive-servers.dn42.
recursive-servers.dn42 name server j.recursive-servers.dn42.
recursive-servers.dn42 name server y.recursive-servers.dn42.
a.recursive-servers.dn42 has address 172.20.0.53
a.recursive-servers.dn42 has IPv6 address fd42:d42:d42:54::1
b.recursive-servers.dn42 has address 172.20.129.2
b.recursive-servers.dn42 has IPv6 address fd42:4242:2601:ac53::53
j.recursive-servers.dn42 has address 172.20.1.19
j.recursive-servers.dn42 has IPv6 address fd42:5d71:219:0:1::43
y.recursive-servers.dn42 has address 172.20.20.65
y.recursive-servers.dn42 has IPv6 address fd42:c01d:beef::2
```
Example resolv.conf using IPv6 with IPv4 fallback
```
# DN42 resolve.conf
search dn42
# burble.dn42 service
# b.recursive-servers.dn42
nameserver fd42:4242:2601:ac53::53
# j.recursive-servers.dn42
nameserver fd42:5d71:219:0:1::43
# y.recursive-servers.dn42
nameserver 172.20.20.65
```
## Implementation
The DNS service is implemented as a tiered, anycast service with each node
in the network providing a local cache in front of five, regional, master nodes.
#### Edge Nodes
The ns1.burble.dn42 authoritative service is provided by [dnsdist](https://dnsdist.org/).
Queries are forwarded to the nearest regional master node and responses are then cached.
If the regional master is not available, the next nearest will be queried until a response is found.
The dns.burble.dn42 recursive service is provided by [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html)
configured using the 'all-servers' mode. Queries are forwarded to all 5 regional masters in parallel
and the first response received is then returned. This approach ensures users get the lowest latency
results possible, regardless of location, and that any local connectivity issues do not impact the results.
Recursive queries are cached on the edge nodes and master nodes, creating a network wide cache
of results across all users of the service.
Anycast routes to the DNS servers are advertised to the main Bird2 instance using
[GoBGP](https://github.com/osrg/gobgp) and a health checking script.
#### Master Nodes
| Region | Host | Location |
|:--|:--|:--|
| Europe | dns.fr-rbx1.burble.dn42 | OVH, Roubaix, France |
| Eastern Europe | dns.lt-vil1.burble.dn42 | Time4VPS, Vilnius, Lithuania |
| Americas (East) | dns.ca-bhs2.burble.dn42 | OVH, Beauharnois, Canada |
| Americas (Mid & West) | dns.us-dal3.burble.dn42 | HostDoc, Dallas, USA |
| Asia and Oceania | dns.sg-sin2.burble.dn42 | OVH, Singapore |
<br/>
The master nodes are implemented using [PowerDNS](https://www.powerdns.com/).
The Authoritative DNS servers are configured as slaves replicating from the
DN42 master for .dn42 related zones and a hidden master located on the private,
internal network for burble.dn42 zones. The root zone is built automatically
from the registry using [dn42regsrv](https://git.dn42.us/burble/dn42regsrv).
The recursive service is provided by the pdns-recursor configured with DNSSEC
validation and additional caching.
Reference in New Issue View Git Blame Copy Permalink