The ungleich DNS infrastructure » History » Revision 14

« Previous | Revision 14/27 (diff) | Next »
Nico Schottelius, 04/19/2019 05:27 PM

The ungleich DNS infrastructure


This document is IN PRODUCTION.



place4 place5 place6
DNS64 prefix - 2a0a:e5c0:0:1::/96 2a0a:e5c0:2:10::/96
DNS resolver - 2a0a:e5c0::3 2a0a:e5c0::4 2a0a:e5c0:2:1::5 2a0a:e5c0:2:1::6
2a01:4f8:150:7092::2 2a0a:e5c0::1 2a0a:e5c0:2:1::7
DNS auth KNOT -
  • Every place has 2 redundant caching nameservers.
  • All zones have 3 authorative nameservers, located in 3 different places
  • Important zones (like need to be resolvable, even if a place goes offline
    • For this reason some authorative data needs to be on the caching name servers
    • For this reason we stay with a bind9 based setup for the moment (might change in the future)


In total we are running 5 servers that are responsible for caching and authorative answers:

  • Authorative
    • 1x server in place4 (bind)
    • 1x VRRP IP of routers in place5 (bind)
    • 1x VRRP IP of routers in place6 (bind)
  • Caching
    • 2x server ip of router in place5 (bind)
    • 2x server ip of router in place6 (bind)

How to update the ungleich DNS servers

To update all servers, use:

cdist config d{1..7}

How to use the authorative DNS servers in zone files

Add the following to your zone file:

    ; server1.place4
    IN NS

    ; vrrp active router @ place5
    IN NS

    ; vrrp active router @ place6
    IN NS

Special zones,

  • Querying for an AAAA record, will return your IPv6 address. Only reachable by IPv6.
  • Querying for an AAAA record, will return your IPv4 address. Only reachable by IPv4.

Updated by Nico Schottelius over 4 years ago · 14 revisions