Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/

Difference between revisions of "ChaosVPN:DNS"

From CCCHHWiki
Jump to: navigation, search
m
Line 18: Line 18:
  
 
= HowTo=
 
= HowTo=
 +
 +
 +
== NSD + unbound ==
 +
 +
'''unbound''' and '''NSD''' were developed by [http://www.nlnetlabs.nl/ NLnet Labs] with focus on small footprints and reliability. While '''NSD''' is a complete name server software for authoritative zones only, they also provide '''unbound''' as caching and recursive resolver.
 +
 +
=== nsd ===
 +
In /etc/nsd/nsd3.conf add at bottom:
 +
 +
  zone:
 +
        name: "hack"
 +
        zonefile: "hack.zone"
 +
        allow-notify: 127.0.0.1 NOKEY
 +
        allow-notify: 172.31.0.5 NOKEY
 +
        request-xfr: 172.31.0.5 NOKEY
 +
 +
 +
 +
 
=== unbound ===
 
=== unbound ===
in /etc/unbound/unbound.conf add at bottom:
+
 
 +
In /etc/unbound/unbound.conf add at bottom:
 +
 
 
   forward-zone:
 
   forward-zone:
 
   name: "hack"
 
   name: "hack"
Line 28: Line 49:
 
   forward-addr: 172.22.228.85
 
   forward-addr: 172.22.228.85
 
   forward-addr: 172.22.222.6
 
   forward-addr: 172.22.222.6
 +
  
 
== bind9 ==
 
== bind9 ==

Revision as of 19:21, 18 April 2012

We have a DNS running.

configs

The main zonefile atm is edited with vim on cvpn-dns.

This server is available at 172.31.0.5 or 212.12.52.216.

You can either be secondary and transfer the zonefile or query this server.

If you are a secondary you need to add your server here so it can be included in the zonefile.

secondarys

  • ns.sliepen.hack (172.31.116.1)
  • ns1.syn2cat.hack (195.24.78.86 and 2a01:608:ccc::ccc)
  • ns1.crest.dn42 (172.22.228.6) with 1Mbit/s upstream, ns2.crest.dn42 (172.22.228.85) and ns3.crest.dn42 (172.22.228.84) with 100Mbit/s upstream

HowTo

NSD + unbound

unbound and NSD were developed by NLnet Labs with focus on small footprints and reliability. While NSD is a complete name server software for authoritative zones only, they also provide unbound as caching and recursive resolver.

nsd

In /etc/nsd/nsd3.conf add at bottom:

 zone:
       name: "hack"
       zonefile: "hack.zone"
       allow-notify: 127.0.0.1 NOKEY
       allow-notify: 172.31.0.5 NOKEY
       request-xfr: 172.31.0.5 NOKEY



unbound

In /etc/unbound/unbound.conf add at bottom:

 forward-zone:
 	name: "hack"
 	forward-addr: 172.31.0.5
 	forward-addr: 172.31.116.1
 forward-zone:
 	name: "dn42"
 	forward-addr: 172.22.228.85
 	forward-addr: 172.22.222.6


bind9

Should-Do´s:

in /etc/bind/named.conf:

Bind as secondary

 zone "hack" in{
   type slave;
   file "slave/slave.hack";
   masters {172.31.0.5;};
 };

Bind as Forwarder

 zone "hack" in{
   type forward;
   forwarders {172.31.0.5; 172.31.116.1;}; };
 };

maradns

maradns as secondary

 getzone domain.hack 212.12.52.216 > /etc/maradns/db.domain.hack

Where domain.hack is the domain name, 212.12.52.216is the primary name server and db.domain.hack is the filename of the zonefile.


dnsmasq for OpenWRT

use the well documentend

/etc/dnsmasq.conf