dn42-wiki/services/DNS.html

<!DOCTYPE html>
<html lang="en">
    <head>
<meta charset="UTF-8">



<title>DN42 DNS | dn42 wiki</title>

<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="robots" content="index, follow">
<meta name="keywords" content="dn42,wiki,routing,bgp">

<link rel="canonical" href="https://dn42.obl.ong/services/DNS.html">
<link rel="icon" type="image/x-icon" href="/favicon.ico">
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">

<link rel="author" type="text/html" href="/docs/people">

<link rel="stylesheet" href="/css/normalize.css">
<link rel="stylesheet" href="/css/simple.min.css">
<link rel="stylesheet" href="/css/style.css">
<link rel="stylesheet" href="/css/menu.css">


</head>
    
    <body>

        <header>


<b>dn42 wiki / DN42 DNS</b>

<div id="dn42_header">
    
    <p><a href="/"><img src="/dn42.png" alt="dn42" /></a></p>

</div>
</header>

        <main>
            <h1 id="dn42-dns">DN42 DNS</h1>

<p>This page covers guidance and examples on using DNS within DN42.</p>

<h2 id="quick-start">Quick Start</h2>

<p>It is recommended to run your own DNS resolver as this provides you with the most security and privacy. 
However, to get started, or if running your own resolver isn’t desirable an anycast service
is available. The anycast service supports DNSSEC and will resolve public DNS names together with all the 
relevant DN42 and affiliated networks’ names.</p>

<h3 id="using-the-dns-anycast-service">Using the DNS Anycast Service</h3>

<p>The DNS anycast service is provided by multiple operators, with each operator contributing to one of the two separate 
anycast services. By configuring both services, users get additional resiliency from having two, independent, resolvers.</p>

<table>
  <thead>
    <tr>
      <th>Name</th>
      <th>IPv4</th>
      <th>IPv6</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td>a0.recursive-servers.dn42</td>
      <td>172.20.0.53</td>
      <td>fd42:d42:d42:54::1</td>
    </tr>
    <tr>
      <td>a3.recursive-servers.dn42</td>
      <td>172.23.0.53</td>
      <td>fd42:d42:d42:53::1</td>
    </tr>
  </tbody>
</table>

<p>To configure the service, ping both sets of addresses then set your primary nameserver to the lowest latency 
service and configure the other service as the secondary or backup nameserver.</p>

<p>Example resolv.conf, preferring a0.recursive-servers.dn42 and IPv4:</p>

<div class="language-conf highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">nameserver</span> <span class="m">172</span>.<span class="m">20</span>.<span class="m">0</span>.<span class="m">53</span>
<span class="n">nameserver</span> <span class="m">172</span>.<span class="m">23</span>.<span class="m">0</span>.<span class="m">53</span>
<span class="n">nameserver</span> <span class="n">fd42</span>:<span class="n">d42</span>:<span class="n">d42</span>:<span class="m">54</span>::<span class="m">1</span>
<span class="n">nameserver</span> <span class="n">fd42</span>:<span class="n">d42</span>:<span class="n">d42</span>:<span class="m">53</span>::<span class="m">1</span>
<span class="n">search</span> <span class="n">dn42</span>
</code></pre></div></div>

<p>Example resolv.conf, preferring a3.recursive-servers.dn42 and IPv6:</p>

<div class="language-conf highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">nameserver</span> <span class="n">fd42</span>:<span class="n">d42</span>:<span class="n">d42</span>:<span class="m">53</span>::<span class="m">1</span>
<span class="n">nameserver</span> <span class="n">fd42</span>:<span class="n">d42</span>:<span class="n">d42</span>:<span class="m">54</span>::<span class="m">1</span>
<span class="n">nameserver</span> <span class="m">172</span>.<span class="m">23</span>.<span class="m">0</span>.<span class="m">53</span>
<span class="n">nameserver</span> <span class="m">172</span>.<span class="m">20</span>.<span class="m">0</span>.<span class="m">53</span>
<span class="n">option</span> <span class="n">inet6</span>       <span class="c"># Linux/glibc
</span><span class="n">family</span> <span class="n">inet6</span> <span class="n">inet4</span> <span class="c"># BSD
</span><span class="n">search</span> <span class="n">dn42</span>
</code></pre></div></div>

<h2 id="advanced-configuration">Advanced Configuration</h2>

<p>There are multiple top level domains (TLDs) associated with DN42, its affiliated networks and for reverse DNS that must
be configured in order to run your own resolver. The registry is the authoritative source of active TLDs, but see also
this page <a href="/services/dns/External-DNS">dns/External-DNS</a> in the wiki.</p>

<h3 id="split-horizon-dns">Split horizon DNS</h3>

<p>In this configuration, you run your own, caching resolver but forward DN42 related queries (with recursion bit set) 
to the anycast service. Example configurations for different recursor implementations are included in the <a href="/services/dns/Configuration">dns/Configuration</a> page.</p>

<h3 id="full-recursion">Full recursion</h3>

<p>Authoritative DNS for DN42 is provided by the *.delegation-servers.dn42 servers, see the DNS architecture here 
<a href="/services/New-DNS">New DNS</a> Delegations servers have full support for DNSSEC. Example configuration unbound implementations are included in the <a href="/services/dns/Configuration#resolver-setup">dns/Configuration</a> page.</p>

<h2 id="further-information">Further Information</h2>

<ul>
  <li><a href="/services/dns/Configuration">dns/Configuration</a> - Forwarder/Resolver configuration examples</li>
  <li><a href="/services/New-DNS">New DNS</a> - current architecture</li>
  <li><a href="/services/dns/External-DNS">dns/External-DNS</a> - external DNS zones from interconnected networks</li>
  <li><a href="/services/Old-Hierarchical-DNS">Old Hierarchical DNS</a> - deprecated</li>
  <li><a href="/services/Original-DNS-(deprecated)">Original DNS (deprecated)</a> - deprecated</li>
</ul>



            <div id="menu-container" class="menu-container">
                <hr>
                <div id="menu" class="menu">
                    
                    <ul>
  <li><a href="/Home">Home</a>
    <ul>
      <li><a href="/howto/Getting-Started">Getting Started</a></li>
      <li><a href="/howto/Registry-Authentication">Registry Authentication</a></li>
      <li><a href="/howto/Address-Space">Address Space</a></li>
      <li><a href="/howto/BGP-communities">BGP communities</a></li>
      <li><a href="/FAQ">FAQ</a></li>
    </ul>
  </li>
  <li>How-To
    <ul>
      <li><a href="/howto/wireguard">Wireguard</a></li>
      <li><a href="/howto/openvpn">Openvpn</a></li>
      <li><a href="/howto/IPsec-with-PublicKeys">IPsec With Public Keys</a></li>
      <li><a href="/howto/tinc">Tinc</a></li>
      <li><a href="/howto/GRE-on-FreeBSD">GRE on FreeBSD</a></li>
      <li><a href="/howto/GRE-on-OpenBSD">GRE on OpenBSD</a></li>
      <li><a href="/howto/IPv6-Multicast">IPv6 Multicast (PIM-SM)</a></li>
      <li><a href="/howto/multicast">SSM Multicast</a></li>
      <li><a href="/howto/mpls">MPLS</a></li>
      <li><a href="/howto/Bird2">Bird2</a></li>
      <li><a href="/howto/frr">FRRouting</a></li>
      <li><a href="/howto/OpenBGPD">OpenBGPD</a></li>
      <li><a href="/howto/mikrotik">Mikrotik RouterOS</a></li>
      <li><a href="/howto/EdgeOS-Config">EdgeRouter</a></li>
      <li><a href="/howto/Static-routes-on-Windows">Static routes on Windows</a></li>
      <li><a href="/howto/networksettings">Universal Network Requirements</a></li>
      <li><a href="/howto/vyos1.4.x">VyOS</a></li>
      <li><a href="/howto/nixos">NixOS</a></li>
    </ul>
  </li>
  <li>Services
    <ul>
      <li><a href="/services/IRC">IRC</a></li>
      <li><a href="/services/Whois">Whois registry</a></li>
      <li><a href="/services/DNS">DNS</a></li>
      <li><a href="/services/IX-Collection">IX Collection</a></li>
      <li><a href="/services/Clearnet-Domains">Public DNS</a></li>
      <li><a href="/services/Looking-Glasses">Looking Glasses</a></li>
      <li><a href="/services/Automatic-Peering">Automatic Peering</a></li>
      <li><a href="/services/Repository-Mirrors">Repository Mirrors</a></li>
      <li><a href="/services/Distributed-Wiki">Distributed Wiki</a></li>
      <li><a href="/services/Certificate-Authority">Certificate Authority</a></li>
      <li><a href="/services/Route-Collector">Route Collector</a></li>
    </ul>
  </li>
  <li>Internal
    <ul>
      <li><a href="/internal/Internal-Services">Internal services</a></li>
      <li><a href="/internal/Interconnections">Interconnections</a></li>
      <li><a href="/internal/APIs">APIs</a></li>
      <li><a href="/internal/ShowAndTell">Show and Tell</a></li>
      <li><a href="/internal/Historical-Services">Historical services</a></li>
    </ul>
  </li>
  <li>Historical
    <ul>
      <li><a href="/historical/Bird">Bird 1</a></li>
      <li><a href="/historical/Quagga">Quagga</a></li>
    </ul>
  </li>
  <li>External Tools
    <ul>
      <li><a href="https://paste.dn42.us">Paste Board</a></li>
      <li><a href="https://git.dn42.dev">Git Repositories</a></li>
    </ul>
  </li>
</ul>

<hr />


                </div>
            </div>
        </main>
        
        <footer><div class="center">
    <div id="dn42_footer">
        
        <table>
  <tbody>
    <tr>
      <td>Hosted by: <a href="mailto:dn42@burble.com">BURBLE-MNT</a>, <a href="mailto:nurtic-vibe@grmml.net">GRMML-MNT</a>, <a href="mailto:xuu@dn42.us">XUU-MNT</a>, <a href="mailto:janeric@ortgies.it">JAN-MNT</a>, <a href="mailto:lare@lare.cc">LARE-MNT</a>, <a href="mailto:danny@saru.moe">SARU-MNT</a>, <a href="mailto:androw95220@gmail.com">ANDROW-MNT</a>, <a href="mailto:dn42@mk16.de">MARK22K-MNT</a></td>
      <td>Accessible via: <a href="https://wiki.dn42">dn42</a>, <a href="https://dn42.dev/">dn42.dev</a>, <a href="https://dn42.eu/">dn42.eu</a>, <a href="https://wiki.dn42.us/">wiki.dn42.us</a>, <a href="https://dn42.de/">dn42.de</a> (IPv6-only), <a href="https://dn42.cc/">dn42.cc</a> (wiki-ng), <a href="https://dn42.wiki/">dn42.wiki</a>, <a href="https://dn42.pp.ua/">dn42.pp.ua</a>, <a href="https://dn42.obl.ong/">dn42.obl.ong</a></td>
    </tr>
  </tbody>
</table>

    </div>
</div>
</footer>

        

    </body>

</html>