The ungleich DNS infrastructure » History » Version 15
Nico Schottelius, 04/19/2019 05:30 PM
1 | 1 | Nico Schottelius | h1. The ungleich DNS infrastructure |
---|---|---|---|
2 | |||
3 | 6 | Nico Schottelius | {{toc}} |
4 | |||
5 | 2 | Nico Schottelius | h2. Status |
6 | |||
7 | 13 | Nico Schottelius | This document is *IN PRODUCTION*. |
8 | 2 | Nico Schottelius | |
9 | 11 | Nico Schottelius | h2. SEE ALSO |
10 | |||
11 | * [[The_ungleich_network_infrastructure]] |
||
12 | |||
13 | 1 | Nico Schottelius | h2. Overview |
14 | |||
15 | 7 | Nico Schottelius | |
16 | 10 | Nico Schottelius | | | *place4* | *place5* | *place6* | |
17 | | *DNS64 prefix* | - | 2a0a:e5c0:0:1::/96 | 2a0a:e5c0:2:10::/96 | |
||
18 | | *DNS resolver* | - | 2a0a:e5c0::3 2a0a:e5c0::4 | 2a0a:e5c0:2:1::5 2a0a:e5c0:2:1::6 | |
||
19 | 13 | Nico Schottelius | | *DNS auth BIND* | dns1.ungleich.ch | dns2.ungleich.ch | dns3.ungleich.ch | |
20 | 1 | Nico Schottelius | | | 2a01:4f8:150:7092::2 | 2a0a:e5c0::1 | 2a0a:e5c0:2:1::7 | |
21 | 10 | Nico Schottelius | | | 176.9.50.202 | 185.203.112.1 | 185.203.114.1 | |
22 | 13 | Nico Schottelius | | *DNS auth KNOT* | - | dns7.ungleich.ch | dns6.ungleich.ch | |
23 | 7 | Nico Schottelius | |
24 | |||
25 | 1 | Nico Schottelius | * Every place has 2 redundant caching nameservers. |
26 | * All zones have 3 authorative nameservers, located in 3 different places |
||
27 | * Important zones (like ungleich.ch) need to be resolvable, even if a place goes offline |
||
28 | ** For this reason some authorative data needs to be on the caching name servers |
||
29 | ** For this reason we stay with a bind9 based setup for the moment (might change in the future) |
||
30 | 3 | Nico Schottelius | |
31 | h2. Architecture |
||
32 | |||
33 | In total we are running 5 servers that are responsible for caching and authorative answers: |
||
34 | |||
35 | * Authorative |
||
36 | ** 1x server in place4 (bind) |
||
37 | ** 1x VRRP IP of routers in place5 (bind) |
||
38 | ** 1x VRRP IP of routers in place6 (bind) |
||
39 | * Caching |
||
40 | ** 2x server ip of router in place5 (bind) |
||
41 | ** 2x server ip of router in place6 (bind) |
||
42 | |||
43 | h2. How to update the ungleich DNS servers |
||
44 | 1 | Nico Schottelius | |
45 | 12 | Nico Schottelius | To update all servers, use: |
46 | 1 | Nico Schottelius | |
47 | 3 | Nico Schottelius | <pre> |
48 | 12 | Nico Schottelius | cdist config d{1..7}.ungleich.ch |
49 | 3 | Nico Schottelius | </pre> |
50 | |||
51 | 4 | Nico Schottelius | h2. How to use the authorative DNS servers in zone files |
52 | 3 | Nico Schottelius | |
53 | Add the following to your zone file: |
||
54 | |||
55 | <pre> |
||
56 | 5 | Nico Schottelius | ; server1.place4 |
57 | IN NS dns1.ungleich.ch. |
||
58 | |||
59 | ; vrrp active router @ place5 |
||
60 | IN NS dns2.ungleich.ch. |
||
61 | |||
62 | ; vrrp active router @ place6 |
||
63 | IN NS dns3.ungleich.ch. |
||
64 | 3 | Nico Schottelius | </pre> |
65 | 14 | Nico Schottelius | |
66 | h2. Special zones |
||
67 | |||
68 | h3. whoami6.ungleich.ch, whoami4.ungleich.ch |
||
69 | |||
70 | 15 | Nico Schottelius | * Querying whoami6.ungleich.ch for an AAAA record, will return the query source IPv6 address. Only reachable by IPv6. |
71 | * Querying whoami4.ungleich.ch for an AAAA record, will return query source IPv4 address. Only reachable by IPv4. |