Open Infrastructure

h1. The ungleich DNS infrastructure

{{toc}}

h2. Status

This document is *IN PROGRESS*.

h2. Overview

|                   | *place4*             | *place5*                  | *place6*                          |

| *DNS64 prefix*    | -                    | 2a0a:e5c0:0:1::/96        | 2a0a:e5c0:2:10::/96               |

| *DNS resolver*    | -                    | 2a0a:e5c0::3 2a0a:e5c0::4 | 2a0a:e5c0:2:1::5 2a0a:e5c0:2:1::6 |

| *DNS authorative* | dns1.ungleich.ch     | dns2.ungleich.ch          | dns3.ungleich.ch                  |

|                   | 2a01:4f8:150:7092::2 | 2a0a:e5c0::1              | 2a0a:e5c0:2:1::7                  |

|                   | 176.9.50.202         | 185.203.112.1             | 185.203.114.1                     |

* Every place has 2 redundant caching nameservers.

* All zones have 3 authorative nameservers, located in 3 different places

* Important zones (like ungleich.ch) need to be resolvable, even if a place goes offline

** For this reason some authorative data needs to be on the caching name servers

** For this reason we stay with a bind9 based setup for the moment (might change in the future)

h2. Architecture

In total we are running 5 servers that are responsible for caching and authorative answers:

* Authorative

** 1x server in place4 (bind)

** 1x VRRP IP of routers in place5 (bind)

** 1x VRRP IP of routers in place6 (bind)

* Caching

** 2x server ip of router in place5 (bind)

** 2x server ip of router in place6 (bind)

h2. How to update the ungleich DNS servers

To update all 5 servers, use:

<pre>

cdist config d{1..5}.ungleich.ch

</pre>

h2. How to use the authorative DNS servers in zone files

Add the following to your zone file:

<pre>

    ; server1.place4

    IN NS dns1.ungleich.ch.

    ; vrrp active router @ place5

    IN NS dns2.ungleich.ch.

    ; vrrp active router @ place6

    IN NS dns3.ungleich.ch.

</pre>