burble.dn42/www
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
www/pages/01.home/maintenance-log/default.md
Simon Marsh 9d7093301c
patched recursor to all nodes
2020-03-28 22:04:06 +00:00

23 KiB
Executable File
Raw Blame History

title: 'Maintenance Log' visible: true

A log of changes to the burble.dn42 network.

===

burble.dn42 Maintenance Log

28th March 2020

The patched pdns recursor is now deployed to all core nodes.

Please let me know immediately if you notice odd DNS behaviour.

24th March 2020

fr-sbg1 (which hosts the europe region core DNS service) is currently testing a special pdns recursor build in order to try and fix this issue.

The server is likely to be used for most recursive DNS lookups across Europe that use the new DNS anycast addresses, or my service directly. Please let me know immediately if you notice odd DNS behaviour.

26th January 2019

This weekend has been a huge maintenance weekend for burble.dn42, with the following updates taking place:

  • A number of nodes have been built and swapped in to the network to upgrade and manage renewals
fr-rbx1 replaced by fr-rbx2 fr-rbx2 was a much faster node
ca-bhs2 replaced with a new node the replacement is also much faster
us-dal3 replaced by us-dal1 us-dal3 was a poor performer and has been replaced with a dedicated server
au-syd1 replaced with a new node memory increased from 1G to 2G
sg-sin2 replaced with a new node memory increased from 1G to 2G

Node renewals are now mostly sorted until November, which will be a nice break for my wallet.
  • The build of ca-bhs2 introduced a new disk layout for my core nodes, which is intended to provide more flexibility for new features. uk-lon3, a private storage node, was also rebuilt for the new design.

A bad decision around backups meant that I also had to re-create all the services on fr-rbx2 and us-dal1 as they were swapped in to their new roles. As a result, the services on these boxes were also flattened and rebuilt to the new disk layout.

At some future point, fr-sbg1 will follow and also change to the new layout.

  • The burble.dn42 is organised around a core network of servers in each region, the updates this weekend complete a series of changes to upgrade the core nodes that has been taking place since November 2019. A lot of the recent work has been to update the services so they are on, or point to, the new core nodes.

The core network looked like this prior to November 2019:

|Name|CPU|Memory|Disk|Network|Descr| |---|---| | fr-rbx1 | i5-2400 (4/8 x 3.4Ghz) | 16G | 2TB Consumer HDD | 100mbps un-metered | Kimsufi KS-10 | | ca-bhs2 | i5-3570S (4/8 x 3.8Ghz) | 16G | 2TB Consumer HDD | 100mbps un-metered | Kimsufi KS-10 | | sg-sin2 | virtual (1 x 3.5Ghz) | 1G | 30GB HDD | 1TB @ 1gbit | OVH VPS | | us-dal3 | virtual (2 x 3.4Ghz) | 5G | 120GB HDD | 5TB @ 10gbit | HostDoc VPS |

Following the upgrades, the core now consists of the following servers:

|Name|CPU|Memory|Disk|Network|Descr| |---|---| | fr-sbg1 | E5-1620 (4/8 x 3.7Ghz) | 32G | 3 x 480GB SSD | 500mbps un-metered | OVH SYS | | fr-rbx1 | E3-1245 (4/8 x 3.4Ghz) | 32G | 2 x 480GB SSD | 500mbps un-metered | OVH SYS | | uk-lon3 | virtual (2 x 3Ghz) | 3G | 3TB HDD | 10TB @ 1gbit | HostHatch | | ca-bhs2 | E5-1620 (4/8 x 3.7Ghz) | 32G | 2 x 2TB Ent. HDD | 500mbps un-metered | OVH SYS | | us-dal3 | C2750 (8 x 2.4Ghz) | 8G | 240GB SSD | 100mbps un-metered | drserver | | sg-sin1 | virtual (4 x 2.2Ghz) | 4G | 24GB SSD | 1gbit un-metered | ITLDC VPS |

31st December 2019

The Christmas period has been a really busy period for burble.dn42, with integration and transfer of services over to the new nodes. Primarily, this has meant moving services from fr-rbx1 and sg-sin2 to fr-rbx2, fr-sbg1 and sg-sin1. As part of the rebuilding, I've also taken the opportunity to re-create most of my ansible scripting, with the intent that this will eventually be published.

Most services are now moved, with the main exception of DNS and the GRC, both of which need more significant work. The website also now needs major updates to reflect the changes I've made.

The following new nodes are also open for peering:

  • dn42-fr-rbx2
  • dn42-fr-sbg1
  • dn42-ch-zur1
  • dn42-sg-sin1
  • dn42-hk-hkg1

Happy New Year

24th December 2019

The last month has been spent redesigning my WAN and introducting a latency based metric for connectivity between nodes. This is now mostly complete, but not without its own follow on problems that need to be resolved.

Things still to do include:

  • Fixing the service delivery layer as a software upgrade breaks IPv6 connectivity
  • Adding documentation to the website on the new design
  • Opening new nodes for peering
  • Making the config public

Another new node will also be added, dn42-fr-rbx2 and dn42-fr-rbx1 will be retired.

Merry Christmas DN42

29th November 2019

Black friday is here and new nodes are on the way.

  • dn42-fr-sbg1
  • dn42-ch-zur1
  • dn42-sg-sin1
  • dn42-hk-hkg1

2nd November 2019

Retired dn42-us-lax2, dn42-us-chi2, dn42-ca-bhs1, dn42-tr-ist1 and dn42-no-osl1.
Restructured the internal confederations.

26th October 2019

New experimental node added hosted in the Oracle Cloud environment in Mumbai, India.

Users are welcome to peer and test the node, but should be aware there may be short notice changes or interruptions to service.

19th October 2019

After a few weeks of outage and putting up with influx using up a vast amount of resources, the monitoring service has finally moved to a federated prometheus architecture. Hopefully this will have better performance than the influx architecture used previously. At some point I'll update the monitoring page with details of the new configuration.

12th October 2019

The burble.dn42 wiki service is now part of the global anycast for wiki.dn42.

See the services page for more details.

2nd October 2019

The recursive DNS service now supports clearnet queries

15th September 2019

Stop supporting IPsec tunnels

21st August 2019

Removed sg-sin3 and vn-han1

13th August 2019

Added DN42 wiki service editable via dn42, readonly via clearnet.

Issued new Certificate Authority root certificate with a longer expiry date.

11th August 2019

Added a couple of Python 3 updates for bird-lg that fixes broken BGP map functionality in the looking glass.

Influx ate all the memory (10gb!) on de-fra1, so is currently offline until it can be fixed.

28th July 2019

Add dn42-us-mia2, which will replace dn42-us-mia1

25th July 2019

Add pingable.burble.dn42

21st July 2019

Decommissioning of dn42-ru-mos1 and dn42-us-sea1

17th July 2019

DoH! The DNS Service now support DNS over HTTPS.

22nd June 2019

Tidied up node information.

14th June 2019

A new host IRC web service has been added, based on thelounge.

See the services page for more details.

8th June 2019

The recursive DNS service now uses parallel queries across all five regional master nodes.
This approach takes advantage of the burble.dn42 global scale to reduce latencies, improve resilience and prevent local connectivity problems from impacting the results. See the DNS page for more info.

24th May 2019

Moved and extended the DN42 monitoring so that it is more independent and also clustered.

A writeup of the hosted grafana service and monitoring is available here.

21st May 2019

dn42-uk-lon1 is back again after being out of action for the day.

The host server apparently threw a disk after being updated to cover the MDS vulnerability and the provider has spent the day recovering the node.

20th May 2019

Some nodes may have outages over the next few days as providers deal with the recent MDS vulnerabilities.

Added new peers

15th May 2019

Updated my fork of bird-lg by merging Zhaofeng's Python2 to Python3 bird-lg updates and fixing a few outstanding problems.

The updated code is now live on the burble.dn42 looking glass.

13th May 2019

Moved the looking glass to its own container, in anticipation of future website changes

dn42-us-mia1 is offline again.

10th May 2019

dn42-us-chi2 was suspended by the provider on 8/5 due to 'NTP reflection attacks'.

This is a hazard of running a busy NTP server as part of the NTP Pool; providers can get twitchy when they see a large amount of NTP traffic, due to the well publicised vulnerabilities in stock NTPd.

My network uses chronyd rather than NTPd and it is simply not vulnerable to abuse in the same way as NTPd, I also regularly monitor and check the services. On the other hand, the server does see a large amount of NTP traffic and it can sometimes be difficult demonstrating that I'm specifically providing a service here and not under some kind of attack.

Apologies that the server was offline for a few days, but it should now finally be back again.

For info, here is the bandwidth graph of dn42-us-chi2 as it was suspended:

Bandwidth Graph

It's trivial to see that an amplification attack was not occuring, as the inbound and outbound traffic are both equal. It's a shame some providers don't consider this before suspending services, but, understandable that the economics of providing VPS services can prohibt this.

Added new peers:

5th May 2019

Added git service.
See the services page for more details.`<

1st May 2019

Seems traceroutes and some Europe Region, IPv4 related DNS lookups weren't working.
Both are fixed now.

Added new peers:

30th April 2019

New node added and ready for peering

  • dn42-ca-bhs2 (Beauharnois, Canada)

With the addition of several new nodes, the internal BGP confederations have been re-orginised.
This new organisation should provide better balance and allow for more local services.

  • The North American region has been split in two, becoming Central & West Coast and East Coast.
  • lt-vil1 and at-vie1 have been moved to the East Europe region.

Added new peers:

19th April 2019

New nodes added and ready for peering.

  • dn42-at-vie1 (Vienna, Austria)
  • dn42-us-nyc1 (New York, United States)

18th April 2019

Over the last week, and number of major changes have taken place to the burble.dn42 network.
These include:

  • Configuring Jool to provide IPv4 to IPv6 SIIT for the new 172.20.129.0/27 prefix
    The aim is for all internal services of the burble.dn42 network to be provided by IPv6, with SIIT taking place at the network edge for external IPv4 users.
  • Configuring Jool to provide a NAT64 service
    So that internal, IPv6 only, services can access external IPv4 networks
  • Adding a new VXLAN to the WAN overlay
    The new VXLAN segregates DN42 traffic from the internal traffic and enables a separate DN42 routing domain. As a side effect, this change also fixes the problem where internal IP addresses were being leaked and causing confusing traceroutes for DN42 users.

Over time, internal IPv4 services will be removed

12th April 2019

New prefix 172.20.129.0/27 registered to provide space for more nodes and additional services.

172.20.129.0/27 will be used as anycast addresses for services. 172.20.129.160/27 will be used for burble.dn42 nodes

Added new peers:

7th April 2019

Added an old node in to the DN42 network, dn42-sg-sin2. RPKI and DNS services have been moved to the node from dn42-sg-sin2 which should improve diversification and stability.

3rd April 2019

Added new peers:

31st March 2019

The DNS service has gone global, with every node in the burble.dn42 network now participating in the DNS Anycast service.
More details can be found on the DNS page.

26rd March 2019

Added new peers:

11th March 2019

New node added dn42-de-fra1

9th March 2019

Added new peers:

A new instance of the registry explorer has been created that references the 'object-fix' branch of the DN42 registry. The main purpose of this is to support the new DNS system being developed.

http://grc.burble.dn42:8043/

A couple of the nodes on the network experienced some downtime over the week:

  • dn42-us-mia1 was down to 2 days and had to be rebuilt as my VPS provider's storage array crashed.
  • dn42-us-dal3 was also down for a few hours, the provider accidently suspended the VPS due to a billing error on their side

7th March 2019

Added new peers

26th February 2019

Initialised GRC website

Added new peers

21st February 2019

The Looking Glass has been udpated to use lgregmapper and data from dn42regsrv.

19th February 2019

New peer added:

18th February 2019

The internal and public ROA service has been moved over to using dn42regsrv.
See the services page for more details.

New peer added:

16th February 2019

New peers added:

10th February 2019

Updated the services to include new stuff::

  • DNS
  • Registry REST API and Explorer
  • Global Route Collector

New peers added:

26th January 2019

New service !

A burble.dn42 route collector has been added, together with some interesting stats showing reachability of DN42 from the burble.dn42 network.

A common, global route collector is in progress, see here

21st January 2019

New peer added:

  • AS4242423306 / TIMK at dn42-au-syd1

13th January 2019

bgpmap updated to add MNT and prefix info for ASes.

New peers added:

  • AS4242420415 / TYLER at dn42-us-lax2
  • AS4242423569 / DHE at dn42-us-dal3
  • AS4242423585 / JD52RU at dn42-fr-rbx1 and dn42-uk-lon1

12th January 2019

The Looking Glass now supports bgpmap again.
My bird-lg fixes are available on github.

New peer added:

  • AS4242421501 / ADAMYI at dn42-au-syd1

11th January 2019

Some layout fixes to the Looking Glass, including fixing whois lookups.

3rd January 2019

First new peers of 2019:

  • AS4242420505 / 42ISLIFE at dn42-ca-bhs1
  • AS4242421114 / GRGR at dn42-us-chi2
  • AS4242421050 / NAPSTERBATER at dn42-us-chi2

2nd January 2019

Consolidated number of anycast sessions.

30th December 2018

Migrated US anycast services from dn42-us-dal1 to dn42-us-dal3.

27th December 2018

Added Certificate Authority details.

26th December 2018

Upgraded the looking glass with Zhaofeng bird-lg fixes.
ROA data is available through the burble.dn42 website, see the Services page.
RPKI service is now replicated across regions to provide additional resiliency.
New version of bird2 deployed, including RPKI fixes from JRB0001.

24th December 2018

Added new peers:

  • AS4242422255/LINUXGEMINI at dn42-tr-ist1
  • AS4242421191/YAMAKAJA at dn42-fr-rbx1
  • AS4242423230/RASP at dn42-au-syd1

Updated the Services page to include more implementation details.
Reworked intra-confederation peering to provide more resilience.
Implemented ROA via RPKI updates using roasrv by Yamakaja and gortr

16th December 2018

New node !

dn42-jp-tyo1 has been commissioned and is open for new peers in Tokyo, Japan.

14th December 2018

Updated host information and network map with new nodes.

10th December 2018

New peers added:

  • AS4242423090/HEIAS at dn42-fr-rbx1
  • AS4242421979/MDUCHARME at dn42-us-sea2

dn42-us-sea2 is now operational and available for peering.

2nd December 2018

tinc + babeld is not a winning combination. Since introducing babeld, the burble.dn42 WAN overlay has experienced a number of periods of instability, with nodes dropping on and off the network.

The WAN has been updated to use a Wireguard mesh with OSPF as IGP, and is now significantly more stable again.

1st December 2018

New peers added:

  • AS4242420260/GISH at dn42-au-syd1
  • AS4242421009/KLARA at dn42-no-osl1
  • AS4242420058/ILL at dn42-au-syd1
  • AS4242422547/LANTIAN at dn42-fr-rbx1 / dn42-us-lax2 / dn42-sg-sin3

30th November 2018

Three new nodes will be available for peering soon:

  • dn42-us-chi2 - Chicago, United States
  • dn42-us-sea2 - Seattle, United States
  • dn42-us-dal3 - Dallas, United States

29th November 2018

dn42-us-dal1 locked up, and has been restarted.

28th November 2018

dn42-uk-lon1, dn42-lt-vil1, dn42-sg-sin1 and dn42-us-mia1 all locked up at 03:00 UTC and have now been restarted.

23nd November 2018

Black Friday has delivered four new nodes to the burble.dn42 network:

  • dn42-vn-han1 - Hanoi, Vietnam
  • dn42-no-osl1 - Oslo, Norway
  • dn42-ca-bhs1 - Beauharnois, Canada
  • dn42-us-lax2 - Los Angeles, United States
  • dn42-sg-sin3 - Singapore

All nodes are open to new peers, so just contact dn42@burble.com if you'd like to connect to the network.

22nd November 2018

New peers added:

  • AS4242420165/ZAICA at dn42-fr-rbx1
  • AS42424222673/CORESTORAGE at dn42-uk-lon1

18th November 2018

Updates to reverse DNS.

17th November 2018

Added new peers

  • AS4242423640/HESSENET at dn42-fr-rbx1
  • AS4242420149/NIRF at dn42-lt-vil1

17th November 2018

The internal routing protocol (IGP) for burble.dn42 has moved from OSPF to using babeld.

All nodes on the burble.dn42 network are inter-connected with a tinc mesh. Despite the network physically spanning across contintents, OSPF saw the tinc overlay network as being flat which prevented effective use of technologies such as anycast and forced the use of central resources. The hope is that babel, configured to use an RTT metric, will allow better use of regional services.

Please let me know if you observe any issues due to the new IGP.

16th November 2018

New node in Istanbul, Turkey.

dn42-tr-ist1 has been commissioned and is now open for new peers. See the peering page for more details.