The ungleich DNS infrastructure » History » Version 14
Nico Schottelius, 04/19/2019 05:27 PM
| 1 | 1 | Nico Schottelius | h1. The ungleich DNS infrastructure |
|---|---|---|---|
| 2 | |||
| 3 | 6 | Nico Schottelius | {{toc}} |
| 4 | |||
| 5 | 2 | Nico Schottelius | h2. Status |
| 6 | |||
| 7 | 13 | Nico Schottelius | This document is *IN PRODUCTION*. |
| 8 | 2 | Nico Schottelius | |
| 9 | 11 | Nico Schottelius | h2. SEE ALSO |
| 10 | |||
| 11 | * [[The_ungleich_network_infrastructure]] |
||
| 12 | |||
| 13 | 1 | Nico Schottelius | h2. Overview |
| 14 | |||
| 15 | 7 | Nico Schottelius | |
| 16 | 10 | Nico Schottelius | | | *place4* | *place5* | *place6* | |
| 17 | | *DNS64 prefix* | - | 2a0a:e5c0:0:1::/96 | 2a0a:e5c0:2:10::/96 | |
||
| 18 | | *DNS resolver* | - | 2a0a:e5c0::3 2a0a:e5c0::4 | 2a0a:e5c0:2:1::5 2a0a:e5c0:2:1::6 | |
||
| 19 | 13 | Nico Schottelius | | *DNS auth BIND* | dns1.ungleich.ch | dns2.ungleich.ch | dns3.ungleich.ch | |
| 20 | 1 | Nico Schottelius | | | 2a01:4f8:150:7092::2 | 2a0a:e5c0::1 | 2a0a:e5c0:2:1::7 | |
| 21 | 10 | Nico Schottelius | | | 176.9.50.202 | 185.203.112.1 | 185.203.114.1 | |
| 22 | 13 | Nico Schottelius | | *DNS auth KNOT* | - | dns7.ungleich.ch | dns6.ungleich.ch | |
| 23 | 7 | Nico Schottelius | |
| 24 | |||
| 25 | 1 | Nico Schottelius | * Every place has 2 redundant caching nameservers. |
| 26 | * All zones have 3 authorative nameservers, located in 3 different places |
||
| 27 | * Important zones (like ungleich.ch) need to be resolvable, even if a place goes offline |
||
| 28 | ** For this reason some authorative data needs to be on the caching name servers |
||
| 29 | ** For this reason we stay with a bind9 based setup for the moment (might change in the future) |
||
| 30 | 3 | Nico Schottelius | |
| 31 | h2. Architecture |
||
| 32 | |||
| 33 | In total we are running 5 servers that are responsible for caching and authorative answers: |
||
| 34 | |||
| 35 | * Authorative |
||
| 36 | ** 1x server in place4 (bind) |
||
| 37 | ** 1x VRRP IP of routers in place5 (bind) |
||
| 38 | ** 1x VRRP IP of routers in place6 (bind) |
||
| 39 | * Caching |
||
| 40 | ** 2x server ip of router in place5 (bind) |
||
| 41 | ** 2x server ip of router in place6 (bind) |
||
| 42 | |||
| 43 | h2. How to update the ungleich DNS servers |
||
| 44 | 1 | Nico Schottelius | |
| 45 | 12 | Nico Schottelius | To update all servers, use: |
| 46 | 1 | Nico Schottelius | |
| 47 | 3 | Nico Schottelius | <pre> |
| 48 | 12 | Nico Schottelius | cdist config d{1..7}.ungleich.ch |
| 49 | 3 | Nico Schottelius | </pre> |
| 50 | |||
| 51 | 4 | Nico Schottelius | h2. How to use the authorative DNS servers in zone files |
| 52 | 3 | Nico Schottelius | |
| 53 | Add the following to your zone file: |
||
| 54 | |||
| 55 | <pre> |
||
| 56 | 5 | Nico Schottelius | ; server1.place4 |
| 57 | IN NS dns1.ungleich.ch. |
||
| 58 | |||
| 59 | ; vrrp active router @ place5 |
||
| 60 | IN NS dns2.ungleich.ch. |
||
| 61 | |||
| 62 | ; vrrp active router @ place6 |
||
| 63 | IN NS dns3.ungleich.ch. |
||
| 64 | 3 | Nico Schottelius | </pre> |
| 65 | 14 | Nico Schottelius | |
| 66 | h2. Special zones |
||
| 67 | |||
| 68 | h3. whoami6.ungleich.ch, whoami4.ungleich.ch |
||
| 69 | |||
| 70 | * Querying whoami6.ungleich.ch for an AAAA record, will return your IPv6 address. Only reachable by IPv6. |
||
| 71 | * Querying whoami4.ungleich.ch for an AAAA record, will return your IPv4 address. Only reachable by IPv4. |