burble.dn42/www
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
www/user/pages/01.home/dns/default.md
Simon Marsh 8fee84eb0c
Initial import
2019-05-04 23:59:02 +01:00

144 lines
4.4 KiB
Markdown
Executable File
Raw Blame History

---
title: DNS
published: true
visible: true
---
burble.dn42 DNS services
===
# DNS Services
burble.dn42 DNS services are anycast across every node to provide fast, local responses network wide
## Authoritative DNS Service
|||
|---|---|
| ns1.burble.dn42<br/>b.delegation-servers.dn42| 172.20.129.1<br/>fd42:4242:2601:ac53::1 |
<br/>
ns1.burble.dn42 is slaved to master.delegation-servers.dn42, and provides
DNSSEC signed, authoritative data for DN42 related zones.
The authoritative service may be used as the root for a local DNS resolver, with the assurance
that returned DNS records are traceable via DNSSEC to the DN42 registry. The service
also supports AXFR and may be used as a master to a local, slaved, root zone.
*Note that ns1.burble.dn42 will not forward DNS queries.
Forwarding is provided by the recursive service, dns.burble.dn42.*
*Slaved DN42 zones*
* .dn42
* .recursive-servers.dn42
* .delegation-servers.dn42
* d.f.ip6.arpa.
* 20.172.in-addr.arpa.
* 21.172.in-addr.arpa.
* 22.172.in-addr.arpa.
* 23.172.in-addr.arpa.
* 31.172.in-addr.arpa.
* 10.in-addr.arpa.
*burble.dn42 zones*
* . (local root zone)
* .burble.dn42.
* .collector.dn42.
* 1.0.6.2.2.4.2.4.2.4.d.f.ip6.arpa.
* 0/27.129.20.172.in-addr.arpa.
* 160/27.129.20.172.in-addr.arpa.
The root zone also includes stubs for resolving domains in networks associated to DN42 (e.g. .hack).
## Recursive DNS Service
|||
|---|---|
| dns.burble.dn42<br/>b.recursive-servers.dn42| 172.20.129.2<br/>fd42:4242:2601:ac53::53 |
<br/>
dns.burble.dn42 is a caching, recursive DNS service for DN42 related zones using
the burble.dn42 authoritative service as a local root zone.
The recursor is DNSSEC enabled and validates all queries.
#### Using the recursive DNS service
Users are encouraged to consult recursive-servers.dn42 to obtain a list of
recursive DNS services and configure at least two independent resolvers
to obtain the best resilience.
```
$ host -l recursive-servers.dn42 fd42:4242:2601:ac53::1
Using domain server:
Name: fd42:4242:2601:ac53::1
Address: fd42:4242:2601:ac53::1#53
Aliases:
recursive-servers.dn42 name server a.recursive-servers.dn42.
recursive-servers.dn42 name server b.recursive-servers.dn42.
recursive-servers.dn42 name server j.recursive-servers.dn42.
recursive-servers.dn42 name server y.recursive-servers.dn42.
a.recursive-servers.dn42 has address 172.20.0.53
a.recursive-servers.dn42 has IPv6 address fd42:d42:d42:54::1
b.recursive-servers.dn42 has address 172.20.129.2
b.recursive-servers.dn42 has IPv6 address fd42:4242:2601:ac53::53
j.recursive-servers.dn42 has address 172.20.1.19
j.recursive-servers.dn42 has IPv6 address fd42:5d71:219:0:1::43
y.recursive-servers.dn42 has address 172.20.20.65
y.recursive-servers.dn42 has IPv6 address fd42:c01d:beef::2
```
Example resolv.conf using IPv6 with IPv4 fallback
```
# DN42 resolve.conf
search dn42
# burble.dn42 service
# b.recursive-servers.dn42
nameserver fd42:4242:2601:ac53::53
# j.recursive-servers.dn42
nameserver fd42:5d71:219:0:1::43
# y.recursive-servers.dn42
nameserver 172.20.20.65
```
## Implementation
The DNS service is implemented as a tiered, anycast service with each node
in the network providing a local cache in front of regional, master nodes.
#### Edge Nodes
Each node in the network runs [dnsdist](https://dnsdist.org/), which forwards
queries to regional master nodes and then caches the responses to provide
a fast, local access to DNS data.
Anycast routes to the DNS servers are advertised to the main Bird2 instance using
[GoBGP](https://github.com/osrg/gobgp) and a health checking script.
#### Master Nodes
| Region | Host | Location |
|:--|:--|:--|
| Europe | dns.fr-rbx1.burble.dn42 | OVH, Roubaix, France |
| Eastern Europe | dns.lt-vil1.burble.dn42 | Time4VPS, Vilnius, Lithuania |
| Americas (East) | dns.ca-bhs2.burble.dn42 | OVH, Beauharnois, Canada |
| Americas (Mid & West) | dns.us-dal3.burble.dn42 | HostDoc, Dallas, USA |
| Asia and Oceania | dns.sg-sin2.burble.dn42 | OVH, Singapore |
<br/>
The master nodes are implemented using [PowerDNS](https://www.powerdns.com/).
The Authoritative DNS servers are configured as slaves replicating from the
DN42 master for .dn42 related zones and a hidden master located on the private,
internal network for burble.dn42 zones. The root zone is built automatically
from the registry using [dn42regsrv](https://git.dn42.us/burble/dn42regsrv).
The recursive service is provided by the pdns-recursor configured with DNSSEC
validation and additional caching.
Reference in New Issue View Git Blame Copy Permalink