Actions
Task #7496
closedCreate 2 new IPv6 only unbound based resolving DNS servers providing DNS64
Start date:
12/17/2019
Due date:
% Done:
0%
Estimated time:
PM Check date:
Description
Background¶
We want VPN users or anyone to be able to select if they get NAT64 or not. Currently our bind decides based on the query source IP, whether to provide NAT64 or not and which prefix to use.
We want to have an alternative to that: DNS servers that always respond with NAT64 replies. So users can decide on their own if they want NAT64 or not.
Details¶
- 2 VMs in place6
- names: unbound1.place6.ungleich.ch, unbound2.place6.ungleich.ch
- OS: Alpine
- fully cdist configured
- create a new type __ungleich_unbound that accepts as parameter:
- upstream dns servers
- dns64 prefix
- create a new type __ungleich_unbound that accepts as parameter:
- Use the DNS64 prefix from place6
- Configure unbound to lookup names via 2a0a:e5c0:2:1::5 and 2a0a:e5c0:2:1::6
- Because unbound is IPv6 only, it is not able to query IPv4 only domains
documentation¶
- After it has been implemented and verified by Balazs, please update the documentation on The_ungleich_DNS_infrastructure
Updated by Nico Schottelius almost 5 years ago
- Priority changed from Normal to High
Updated by Timothée Floure almost 5 years ago
- Status changed from New to In Progress
Updated by Timothée Floure almost 5 years ago
Merge request opened against dot-cdist: https://code.ungleich.ch/ungleich-intern/dot-cdist/merge_requests/65
Updated by Nico Schottelius almost 5 years ago
- Blocks Task #7560: Document DNS64 setup for VMs added
Updated by Timothée Floure almost 5 years ago
It's deployed: there's just monitoring to setup before it can be closed.
Updated by Timothée Floure almost 5 years ago
- Status changed from In Progress to Closed
Unbound DNS servers are now monitored by the prometheus blackbox exporter. Closing.
Actions