Task #5940
closed
Update ungleich DNS infrastructure v3
Added by Nico Schottelius about 6 years ago.
Updated about 6 years ago.
Description
Current setup:
- Authorative
- 1x server in place4 (bind) (dns5)
- 2x VMs in place5 (nsd) (dns3,dns4)
- 2x router in place5 (bind) (dns1,dns2)
- Caching
- 2x router in place5 (bind)
- 2x router in place6 (bind)
New setup:
- Authorative
- 1x server in place4 (bind) (dns5)
- 1x VM in place5 (bind) (new)
- 1x VM in place6 (bind) (new)
- 1x router in place5 (bind)
- use the VRRP IPv4 and IPv6
- 1x router in place6 (bind)
- use the VRRP IPv4 and IPv6
- Caching
- 2x router in place5 (bind)
- 2x router in place6 (bind)
- Documentation
- As both routers (router1 && router2) will function as the authorative server, both need to be reconfigured every time
- Likely cdist config dns-auth{1..7}.ungleich.ch
- In the nameserver sets it will be only dns{1..5}.ungleich.ch
- Documentation on how to update our DNS servers should be in the wiki
- Description updated (diff)
- Status changed from New to In Progress
- Assignee changed from Jin-Guk Kwon to Nico Schottelius
Taking to me as some servers don't respond correctly && we should update this
- Introducing d1-5.ungleich.ch as internal names to be used
; DNS names internally / for cdist
d1 CNAME router1.place5
d2 CNAME router2.place5
d3 CNAME router1.place6
d4 CNAME router2.place6
d5 CNAME server1.place4
Using cdist:
[17:51] line:~% echo __ungleich_dns_server --server-variant bind9 | cdist config -p5 -bj5 -vvc ~/vcs/ungleich-dot-cdist/ dns{1..5}.ungleich.ch
- Updated glue records for dns{1..3}
- Status changed from In Progress to Closed
Done including documentation.
[19:41] line:~% dig ungleich.ch ns
; <<>> DiG 9.10.3-P4-Debian <<>> ungleich.ch ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48955
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ungleich.ch. IN NS
;; ANSWER SECTION:
ungleich.ch. 60 IN NS dns3.ungleich.ch.
ungleich.ch. 60 IN NS dns2.ungleich.ch.
ungleich.ch. 60 IN NS dns1.ungleich.ch.
;; ADDITIONAL SECTION:
dns1.ungleich.ch. 60 IN A 176.9.50.202
dns1.ungleich.ch. 60 IN AAAA 2a01:4f8:150:7092::2
dns2.ungleich.ch. 60 IN A 185.203.112.1
dns2.ungleich.ch. 60 IN AAAA 2a0a:e5c0::1
dns3.ungleich.ch. 60 IN A 185.203.114.1
dns3.ungleich.ch. 60 IN AAAA 2a0a:e5c0:2:1::7
;; Query time: 0 msec
;; SERVER: 10.3.8.5#53(10.3.8.5)
;; WHEN: Tue Nov 06 19:41:30 CET 2018
;; MSG SIZE rcvd: 229
[19:41] line:~% dig ungleich.ch ns @8.8.8.8
; <<>> DiG 9.10.3-P4-Debian <<>> ungleich.ch ns @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43630
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ungleich.ch. IN NS
;; ANSWER SECTION:
ungleich.ch. 59 IN NS dns2.ungleich.ch.
ungleich.ch. 59 IN NS dns1.ungleich.ch.
ungleich.ch. 59 IN NS dns3.ungleich.ch.
;; Query time: 45 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Nov 06 19:41:33 CET 2018
;; MSG SIZE rcvd: 97
[19:41] line:~%
Also available in: Atom
PDF