Project

General

Profile

History

Wiki ยป

The ungleich DNS infrastructure » History » Revision 16

Revision 15 (Nico Schottelius, 04/19/2019 05:30 PM) → Revision 16/27 (Nico Schottelius, 12/17/2019 12:01 PM) 

h1. The ungleich DNS infrastructure 

 {{toc}} 

 h2. Status 

 This document is *IN PRODUCTION*. 

 h2. SEE ALSO 

 * [[The_ungleich_network_infrastructure]] 

 h2. Overview 


 |                     | *place4*               | *place5*                    | *place6*                            | 
 | *DNS64 prefix*      | -                      | 2a0a:e5c0:0:1::/96          | 2a0a:e5c0:2:10::/96                 | 
 | *DNS resolver*      | -                      | 2a0a:e5c0::3 2a0a:e5c0::4 | 2a0a:e5c0:2:1::5 2a0a:e5c0:2:1::6 | 
 | *DNS auth BIND*     | dns1.ungleich.ch       | dns2.ungleich.ch            | dns3.ungleich.ch                    | 
 |                     | 2a01:4f8:150:7092::2 | 2a0a:e5c0::1                | 2a0a:e5c0:2:1::7                    | 
 |                     | 176.9.50.202           | 185.203.112.1               | 185.203.114.1                       | 
 | *DNS auth KNOT*     | -                      | dns7.ungleich.ch            | dns6.ungleich.ch                    | 


 * Every place has 2 redundant caching nameservers. 
 * All zones have 3 authorative nameservers, located in 3 different places 
 * Important zones (like ungleich.ch) need to be resolvable, even if a place goes offline 
 ** For this reason some authorative data needs to be on the caching name servers 
 ** For this reason we stay with a bind9 based setup for the moment (might change in the future) 

 h2. Architecture 

 In total we are running 5 servers that are responsible for caching and authorative answers: 

 * Authorative 
 ** 1x server in place4 (bind) 
 ** 1x VRRP IP of routers in place5 (bind) 
 ** 1x VRRP IP of routers in place6 (bind) 
 * Caching 
 ** 2x server ip of router in place5 (bind) 
 ** 2x server ip of router in place6 (bind) 

 h2. How to update the ungleich DNS servers 

 To update all servers, use: 

 <pre> 
 cdist config d{1..7}.ungleich.ch 
 </pre> 

 h2. How to use the authorative DNS servers in zone files 

 Add the following to your zone file: 

 <pre> 
     ; server1.place4 
     IN NS dns1.ungleich.ch. 

     ; vrrp active router @ place5 
     IN NS dns2.ungleich.ch. 
    
     ; vrrp active router @ place6 
     IN NS dns3.ungleich.ch. 
 </pre> 

 h2. Special zones 

 h3. whoami6.ungleich.ch, whoami4.ungleich.ch 

 * Querying whoami6.ungleich.ch for an AAAA record, will return the query source IPv6 address. Only reachable by IPv6. 
 * Querying whoami4.ungleich.ch for an AAAA record, will return query source IPv4 address. Only reachable by IPv4.