Actions
The ungleich DNS infrastructure » History » Revision 16
« Previous |
Revision 16/27
(diff)
| Next »
Nico Schottelius, 12/17/2019 12:01 PM
The ungleich DNS infrastructure¶
- Table of contents
- The ungleich DNS infrastructure
Status¶
This document is IN PRODUCTION.
SEE ALSO¶
Overview¶
| place4 | place5 | place6 | |
| DNS64 prefix | - | 2a0a:e5c0:0:1::/96 | 2a0a:e5c0:2:10::/96 |
| DNS resolver | - | 2a0a:e5c0::3 2a0a:e5c0::4 | 2a0a:e5c0:2:1::5 2a0a:e5c0:2:1::6 |
| DNS auth BIND | dns1.ungleich.ch | dns2.ungleich.ch | dns3.ungleich.ch |
| 2a01:4f8:150:7092::2 | 2a0a:e5c0::1 | 2a0a:e5c0:2:1::7 | |
| 176.9.50.202 | 185.203.112.1 | 185.203.114.1 | |
| DNS auth KNOT | - | dns7.ungleich.ch | dns6.ungleich.ch |
- Every place has 2 redundant caching nameservers.
- All zones have 3 authorative nameservers, located in 3 different places
- Important zones (like ungleich.ch) need to be resolvable, even if a place goes offline
- For this reason some authorative data needs to be on the caching name servers
- For this reason we stay with a bind9 based setup for the moment (might change in the future)
Architecture¶
In total we are running 5 servers that are responsible for caching and authorative answers:
- Authorative
- 1x server in place4 (bind)
- 1x VRRP IP of routers in place5 (bind)
- 1x VRRP IP of routers in place6 (bind)
- Caching
- 2x server ip of router in place5 (bind)
- 2x server ip of router in place6 (bind)
How to update the ungleich DNS servers¶
To update all servers, use:
cdist config d{1..7}.ungleich.ch
How to use the authorative DNS servers in zone files¶
Add the following to your zone file:
; server1.place4
IN NS dns1.ungleich.ch.
; vrrp active router @ place5
IN NS dns2.ungleich.ch.
; vrrp active router @ place6
IN NS dns3.ungleich.ch.
Updated by Nico Schottelius almost 5 years ago · 16 revisions