Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/
Difference between revisions of "ChaosVPN:DNS"
m |
|||
Line 18: | Line 18: | ||
= HowTo= | = HowTo= | ||
+ | |||
+ | |||
+ | == NSD + unbound == | ||
+ | |||
+ | '''unbound''' and '''NSD''' were developed by [http://www.nlnetlabs.nl/ NLnet Labs] with focus on small footprints and reliability. While '''NSD''' is a complete name server software for authoritative zones only, they also provide '''unbound''' as caching and recursive resolver. | ||
+ | |||
+ | === nsd === | ||
+ | In /etc/nsd/nsd3.conf add at bottom: | ||
+ | |||
+ | zone: | ||
+ | name: "hack" | ||
+ | zonefile: "hack.zone" | ||
+ | allow-notify: 127.0.0.1 NOKEY | ||
+ | allow-notify: 172.31.0.5 NOKEY | ||
+ | request-xfr: 172.31.0.5 NOKEY | ||
+ | |||
+ | |||
+ | |||
+ | |||
=== unbound === | === unbound === | ||
− | + | ||
+ | In /etc/unbound/unbound.conf add at bottom: | ||
+ | |||
forward-zone: | forward-zone: | ||
name: "hack" | name: "hack" | ||
Line 28: | Line 49: | ||
forward-addr: 172.22.228.85 | forward-addr: 172.22.228.85 | ||
forward-addr: 172.22.222.6 | forward-addr: 172.22.222.6 | ||
+ | |||
== bind9 == | == bind9 == |
Revision as of 19:21, 18 April 2012
We have a DNS running.
Contents
configs
The main zonefile atm is edited with vim on cvpn-dns.
This server is available at 172.31.0.5 or 212.12.52.216.
You can either be secondary and transfer the zonefile or query this server.
If you are a secondary you need to add your server here so it can be included in the zonefile.
secondarys
- ns.sliepen.hack (172.31.116.1)
- ns1.syn2cat.hack (195.24.78.86 and 2a01:608:ccc::ccc)
- ns1.crest.dn42 (172.22.228.6) with 1Mbit/s upstream, ns2.crest.dn42 (172.22.228.85) and ns3.crest.dn42 (172.22.228.84) with 100Mbit/s upstream
HowTo
NSD + unbound
unbound and NSD were developed by NLnet Labs with focus on small footprints and reliability. While NSD is a complete name server software for authoritative zones only, they also provide unbound as caching and recursive resolver.
nsd
In /etc/nsd/nsd3.conf add at bottom:
zone: name: "hack" zonefile: "hack.zone" allow-notify: 127.0.0.1 NOKEY allow-notify: 172.31.0.5 NOKEY request-xfr: 172.31.0.5 NOKEY
unbound
In /etc/unbound/unbound.conf add at bottom:
forward-zone: name: "hack" forward-addr: 172.31.0.5 forward-addr: 172.31.116.1 forward-zone: name: "dn42" forward-addr: 172.22.228.85 forward-addr: 172.22.222.6
bind9
Should-Do´s:
in /etc/bind/named.conf:
Bind as secondary
zone "hack" in{ type slave; file "slave/slave.hack"; masters {172.31.0.5;}; };
Bind as Forwarder
zone "hack" in{ type forward; forwarders {172.31.0.5; 172.31.116.1;}; }; };
maradns
maradns as secondary
getzone domain.hack 212.12.52.216 > /etc/maradns/db.domain.hack
Where domain.hack is the domain name, 212.12.52.216is the primary name server and db.domain.hack is the filename of the zonefile.
dnsmasq for OpenWRT
use the well documentend
/etc/dnsmasq.conf