Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/
Difference between revisions of "ChaosVPN:DNS"
(→Bind 9.8+ using static-stub (preferred method, Debian Wheezy or newer)) |
m (Server is down.) |
||
| Line 1: | Line 1: | ||
We have a DNS running. | We have a DNS running. | ||
| − | |||
| − | |||
| − | |||
| − | |||
= configs = | = configs = | ||
| Line 9: | Line 5: | ||
The main zonefile atm is edited with vim on cvpn-dns. | The main zonefile atm is edited with vim on cvpn-dns. | ||
| − | This server is available at 172.31.0.5. | + | This server is available at 172.31.0.5 or 212.12.52.216. |
| − | |||
| − | |||
| + | You can either be secondary and transfer the zonefile or query this server. | ||
| − | + | If you are a secondary you need to add your server here so it can be included in the zonefile. | |
| − | + | = secondarys = | |
| − | + | * ns.sliepen.hack (172.31.116.1) | |
| − | + | * ns1.syn2cat.hack (195.24.78.86 and 2a01:608:ccc::ccc) | |
| − | + | * ns1.crest.dn42 (172.22.228.6) with 1Mbit/s upstream, ns2.crest.dn42 (172.22.228.85) and ns3.crest.dn42 (172.22.228.84) with 100Mbit/s upstream | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| + | = HowTo= | ||
| Line 123: | Line 47: | ||
forward-zone: | forward-zone: | ||
name: "dn42" | name: "dn42" | ||
| − | forward-addr: 172.22. | + | forward-addr: 172.22.228.85 |
| − | + | forward-addr: 172.22.222.6 | |
| + | |||
| + | |||
| + | == bind9 == | ||
| + | |||
| + | Should-Do´s: | ||
| + | |||
| + | in /etc/bind/named.conf: | ||
| + | |||
| + | === Bind as secondary === | ||
| + | |||
| + | zone "hack" in{ | ||
| + | type slave; | ||
| + | file "slave/slave.hack"; | ||
| + | masters {172.31.0.5;}; | ||
| + | }; | ||
| − | + | === Bind as Forwarder === | |
| − | + | ||
| − | + | zone "hack" in{ | |
| − | + | type forward; | |
| + | forwarders {172.31.0.5; 172.31.116.1;}; }; | ||
| + | }; | ||
== maradns == | == maradns == | ||
| Line 139: | Line 80: | ||
Where '''mycoolnode.hack''' is the domain name, '''212.12.52.216''' is the primary name server and '''db.domain.hack''' is the filename of the zonefile. | Where '''mycoolnode.hack''' is the domain name, '''212.12.52.216''' is the primary name server and '''db.domain.hack''' is the filename of the zonefile. | ||
| + | == dnsmasq == | ||
| + | edit | ||
| + | |||
| + | /etc/dnsmasq.conf | ||
| + | |||
| + | # Tells dnsmasq to forward anything with the domain of .hack to dns server 172.31.0.5 | ||
| + | server=/.hack/172.31.0.5 | ||
| + | |||
| + | # Listen to requests only coming from the local machine | ||
| + | listen-address=127.0.0.1 | ||
| + | |||
| + | # Do not cache anything | ||
| + | # A decent dns server will already cache for your local network | ||
| + | cache-size=0 | ||
| + | |||
| + | and <br> | ||
| + | /etc/resolv.conf | ||
| − | + | # local dnsmasq server | |
| + | nameserver 127.0.0.1 | ||
| + | |||
| + | # Your main dns server (dnsmasq will forward all requests to this server) 208.67.222.222 OpenDNS / 172.31.0.5 main ChaosVPn DNS Server | ||
| + | nameserver 208.67.222.222 | ||
| + | nameserver 172.31.0.5 | ||
Revision as of 01:37, 5 April 2015
We have a DNS running.
Contents
configs
The main zonefile atm is edited with vim on cvpn-dns.
This server is available at 172.31.0.5 or 212.12.52.216.
You can either be secondary and transfer the zonefile or query this server.
If you are a secondary you need to add your server here so it can be included in the zonefile.
secondarys
- ns.sliepen.hack (172.31.116.1)
- ns1.syn2cat.hack (195.24.78.86 and 2a01:608:ccc::ccc)
- ns1.crest.dn42 (172.22.228.6) with 1Mbit/s upstream, ns2.crest.dn42 (172.22.228.85) and ns3.crest.dn42 (172.22.228.84) with 100Mbit/s upstream
HowTo
NSD + unbound
unbound and NSD were developed by NLnet Labs with focus on small footprints and reliability. While NSD is a complete name server software for authoritative zones only, they also provide unbound as caching and recursive resolver.
nsd
In /etc/nsd/nsd3.conf add at bottom:
zone:
name: "hack"
zonefile: "hack.zone"
allow-notify: 127.0.0.1 NOKEY
allow-notify: 172.31.0.5 NOKEY
request-xfr: 172.31.0.5 NOKEY
unbound
In /etc/unbound/unbound.conf add at bottom:
forward-zone: name: "hack" forward-addr: 172.31.0.5 forward-addr: 172.31.116.1 forward-zone: name: "dn42" forward-addr: 172.22.228.85 forward-addr: 172.22.222.6
bind9
Should-Do´s:
in /etc/bind/named.conf:
Bind as secondary
zone "hack" in{
type slave;
file "slave/slave.hack";
masters {172.31.0.5;};
};
Bind as Forwarder
zone "hack" in{
type forward;
forwarders {172.31.0.5; 172.31.116.1;}; };
};
maradns
maradns as secondary
getzone mycoolnode.hack 212.12.52.216 > /etc/maradns/db.domain.hack
Where mycoolnode.hack is the domain name, 212.12.52.216 is the primary name server and db.domain.hack is the filename of the zonefile.
dnsmasq
edit
/etc/dnsmasq.conf
# Tells dnsmasq to forward anything with the domain of .hack to dns server 172.31.0.5 server=/.hack/172.31.0.5 # Listen to requests only coming from the local machine listen-address=127.0.0.1 # Do not cache anything # A decent dns server will already cache for your local network cache-size=0
and
/etc/resolv.conf
# local dnsmasq server nameserver 127.0.0.1 # Your main dns server (dnsmasq will forward all requests to this server) 208.67.222.222 OpenDNS / 172.31.0.5 main ChaosVPn DNS Server nameserver 208.67.222.222 nameserver 172.31.0.5
