We have a DNS running.

configs

The main zonefile atm is edited with vim on cvpn-dns.

This server is available at 172.31.0.5 or 212.12.52.216.

You can either be secondary and transfer the zonefile or query this server.

If you are a secondary you need to add your server here so it can be included in the zonefile.

secondarys

• ns.sliepen.hack (172.31.116.1)
• ns1.syn2cat.hack (195.24.78.86 and 2a01:608:ccc::ccc)
• ns1.crest.dn42 (172.22.228.6) with 1Mbit/s upstream, ns2.crest.dn42 (172.22.228.85) and ns3.crest.dn42 (172.22.228.84) with 100Mbit/s upstream
• ns.yojimbo.hack (10.103.252.85)

HowTo

NSD + unbound

unbound and NSD were developed by NLnet Labs with focus on small footprints and reliability. While NSD is a complete name server software for authoritative zones only, they also provide unbound as caching and recursive resolver.

nsd

In /etc/nsd/nsd3.conf add at bottom:

 zone:
       name: "hack"
       zonefile: "hack.zone"
       allow-notify: 127.0.0.1 NOKEY
       allow-notify: 172.31.0.5 NOKEY
       request-xfr: 172.31.0.5 NOKEY

unbound

In /etc/unbound/unbound.conf add at bottom:

 forward-zone:
 	name: "hack"
 	forward-addr: 172.31.0.5
 	forward-addr: 172.31.116.1
 forward-zone:
 	name: "dn42"
 	forward-addr: 172.22.228.85
 	forward-addr: 172.22.222.6

bind9

Should-Do´s:

in /etc/bind/named.conf (or for Debian in /etc/bind/named.conf.local):

Bind 9.8+ using static-stub (preferred method, Debian Wheezy or newer)

 zone "hack" {
   type static-stub;      
   server-addresses { 172.31.0.5; 172.31.2.51; };      
 };
 zone "31.172.in-addr.arpa" {
   type static-stub;      
   server-addresses { 172.31.0.5; 172.31.2.51; };      
 };
 zone "100.10.in-addr.arpa" {
   type static-stub;      
   server-addresses { 172.31.0.5; 172.31.2.51; };      
 };
 zone "101.10.in-addr.arpa" {
   type static-stub;      
   server-addresses { 172.31.0.5; 172.31.2.51; };      
 };
 zone "102.10.in-addr.arpa" {
   type static-stub;      
   server-addresses { 172.31.0.5; 172.31.2.51; };      
 };
 zone "103.10.in-addr.arpa" {
   type static-stub;      
   server-addresses { 172.31.0.5; 172.31.2.51; };      
 };

Bind as secondary

 zone "hack" {
   type slave;
   file "slave/slave.hack";
   masters { 172.31.0.5; };
 };

Old Bind as Forwarder

 zone "hack" {
   type forward;
   forwarders { 172.31.0.5; };
 };

maradns

maradns as secondary

 getzone mycoolnode.hack 212.12.52.216 > /etc/maradns/db.domain.hack

Where mycoolnode.hack is the domain name, 212.12.52.216 is the primary name server and db.domain.hack is the filename of the zonefile.

dnsmasq

edit

/etc/dnsmasq.conf

# Tells dnsmasq to forward anything with the domain of .hack to dns server 172.31.0.5
server=/.hack/172.31.0.5

# Listen to requests only coming from the local machine
listen-address=127.0.0.1

# Do not cache anything
# A decent dns server will already cache for your local network
cache-size=0

and
/etc/resolv.conf

# local dnsmasq server
nameserver 127.0.0.1

# Your main dns server (dnsmasq will forward all requests to this server) 208.67.222.222 OpenDNS / 172.31.0.5 main ChaosVPn DNS Server
nameserver 208.67.222.222
nameserver 172.31.0.5