burble.dn42/www
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
www/user/pages/01.home/dns/default.md
Simon Marsh 8fee84eb0c
Initial import
2019-05-04 23:59:02 +01:00

4.4 KiB
Executable File
Raw Blame History

title published visible
DNS true true

burble.dn42 DNS services

===

DNS Services

burble.dn42 DNS services are anycast across every node to provide fast, local responses network wide

Authoritative DNS Service
ns1.burble.dn42
b.delegation-servers.dn42		 172.20.129.1
fd42:4242:2601:ac53::1

ns1.burble.dn42 is slaved to master.delegation-servers.dn42, and provides
DNSSEC signed, authoritative data for DN42 related zones.

The authoritative service may be used as the root for a local DNS resolver, with the assurance that returned DNS records are traceable via DNSSEC to the DN42 registry. The service also supports AXFR and may be used as a master to a local, slaved, root zone.

Note that ns1.burble.dn42 will not forward DNS queries.
Forwarding is provided by the recursive service, dns.burble.dn42.

Slaved DN42 zones

  • .dn42
  • .recursive-servers.dn42
  • .delegation-servers.dn42
  • d.f.ip6.arpa.
  • 20.172.in-addr.arpa.
  • 21.172.in-addr.arpa.
  • 22.172.in-addr.arpa.
  • 23.172.in-addr.arpa.
  • 31.172.in-addr.arpa.
  • 10.in-addr.arpa.

burble.dn42 zones

  • . (local root zone)
  • .burble.dn42.
  • .collector.dn42.
  • 1.0.6.2.2.4.2.4.2.4.d.f.ip6.arpa.
  • 0/27.129.20.172.in-addr.arpa.
  • 160/27.129.20.172.in-addr.arpa.

The root zone also includes stubs for resolving domains in networks associated to DN42 (e.g. .hack).

Recursive DNS Service
dns.burble.dn42
b.recursive-servers.dn42		 172.20.129.2
fd42:4242:2601:ac53::53

dns.burble.dn42 is a caching, recursive DNS service for DN42 related zones using
the burble.dn42 authoritative service as a local root zone.
The recursor is DNSSEC enabled and validates all queries.

Using the recursive DNS service

Users are encouraged to consult recursive-servers.dn42 to obtain a list of recursive DNS services and configure at least two independent resolvers to obtain the best resilience.

$ host -l recursive-servers.dn42 fd42:4242:2601:ac53::1
Using domain server:
Name: fd42:4242:2601:ac53::1
Address: fd42:4242:2601:ac53::1#53
Aliases: 

recursive-servers.dn42 name server a.recursive-servers.dn42.
recursive-servers.dn42 name server b.recursive-servers.dn42.
recursive-servers.dn42 name server j.recursive-servers.dn42.
recursive-servers.dn42 name server y.recursive-servers.dn42.
a.recursive-servers.dn42 has address 172.20.0.53
a.recursive-servers.dn42 has IPv6 address fd42:d42:d42:54::1
b.recursive-servers.dn42 has address 172.20.129.2
b.recursive-servers.dn42 has IPv6 address fd42:4242:2601:ac53::53
j.recursive-servers.dn42 has address 172.20.1.19
j.recursive-servers.dn42 has IPv6 address fd42:5d71:219:0:1::43
y.recursive-servers.dn42 has address 172.20.20.65
y.recursive-servers.dn42 has IPv6 address fd42:c01d:beef::2

Example resolv.conf using IPv6 with IPv4 fallback

# DN42 resolve.conf

search dn42

# burble.dn42 service
# b.recursive-servers.dn42 
nameserver fd42:4242:2601:ac53::53

# j.recursive-servers.dn42
nameserver fd42:5d71:219:0:1::43

# y.recursive-servers.dn42
nameserver 172.20.20.65

Implementation

The DNS service is implemented as a tiered, anycast service with each node in the network providing a local cache in front of regional, master nodes.

Edge Nodes

Each node in the network runs dnsdist, which forwards queries to regional master nodes and then caches the responses to provide a fast, local access to DNS data.

Anycast routes to the DNS servers are advertised to the main Bird2 instance using GoBGP and a health checking script.

Master Nodes

Region Host Location
Europe dns.fr-rbx1.burble.dn42 OVH, Roubaix, France
Eastern Europe dns.lt-vil1.burble.dn42 Time4VPS, Vilnius, Lithuania
Americas (East) dns.ca-bhs2.burble.dn42 OVH, Beauharnois, Canada
Americas (Mid & West) dns.us-dal3.burble.dn42 HostDoc, Dallas, USA
Asia and Oceania dns.sg-sin2.burble.dn42 OVH, Singapore

The master nodes are implemented using PowerDNS.

The Authoritative DNS servers are configured as slaves replicating from the DN42 master for .dn42 related zones and a hidden master located on the private, internal network for burble.dn42 zones. The root zone is built automatically from the registry using dn42regsrv.

The recursive service is provided by the pdns-recursor configured with DNSSEC validation and additional caching.