The ungleich DNS infrastructure » History » Revision 8
Revision 7 (Nico Schottelius, 11/13/2018 02:53 PM) → Revision 8/27 (Nico Schottelius, 11/13/2018 02:54 PM)
h1. The ungleich DNS infrastructure
{{toc}}
h2. Status
This document is *IN PROGRESS*.
h2. Overview
| | *place4* | *place5* *place5 | *place6* |
| *DNS64 prefix* | - | 2a0a:e5c0:0:1::/96 | 2a0a:e5c0:2:10::/96 |
| *DNS resolver* | - | 2a0a:e5c0::3 2a0a:e5c0::4 | 2a0a:e5c0:2:1::5 2a0a:e5c0:2:1::6! |
| *DNS authorative* | dns1 | dns2 | dns3 |
| | 2a01:4f8:150:7092::2 | 2a0a:e5c0::1 | 2a0a:e5c0:2:1::7 |
| | 176.9.50.202 | 185.203.112.1 | 185.203.114.1 |
* Every place has 2 redundant caching nameservers.
* All zones have 3 authorative nameservers, located in 3 different places
* Important zones (like ungleich.ch) need to be resolvable, even if a place goes offline
** For this reason some authorative data needs to be on the caching name servers
** For this reason we stay with a bind9 based setup for the moment (might change in the future)
h2. Architecture
In total we are running 5 servers that are responsible for caching and authorative answers:
* Authorative
** 1x server in place4 (bind)
** 1x VRRP IP of routers in place5 (bind)
** 1x VRRP IP of routers in place6 (bind)
* Caching
** 2x server ip of router in place5 (bind)
** 2x server ip of router in place6 (bind)
h2. How to update the ungleich DNS servers
To update all 5 servers, use:
<pre>
cdist config d{1..5}.ungleich.ch
</pre>
h2. How to use the authorative DNS servers in zone files
Add the following to your zone file:
<pre>
; server1.place4
IN NS dns1.ungleich.ch.
; vrrp active router @ place5
IN NS dns2.ungleich.ch.
; vrrp active router @ place6
IN NS dns3.ungleich.ch.
</pre>