The ungleich DNS infrastructure¶

Status¶

This document is IN PROGRESS.

Overview¶

• Every place has 2 redundant caching nameservers.
• All zones have 3 authorative nameservers, located in 3 different places
• Important zones (like ungleich.ch) need to be resolvable, even if a place goes offline
  • For this reason some authorative data needs to be on the caching name servers
  • For this reason we stay with a bind9 based setup for the moment (might change in the future)

Architecture¶

In total we are running 5 servers that are responsible for caching and authorative answers:

• Authorative
  • 1x server in place4 (bind)
  • 1x VRRP IP of routers in place5 (bind)
  • 1x VRRP IP of routers in place6 (bind)
• Caching
  • 2x server ip of router in place5 (bind)
  • 2x server ip of router in place6 (bind)

How to update the ungleich DNS servers¶

To update all 5 servers, use:

cdist config d{1..5}.ungleich.ch

How to use the authorative DNS servers in zone files¶

Add the following to your zone file:

    ; server1.place4
    IN NS dns1.ungleich.ch.

    ; vrrp active router @ place5
    IN NS dns2.ungleich.ch.

    ; vrrp active router @ place6
    IN NS dns3.ungleich.ch.