Changes in e8471f4: Renamed Services DNS Configuration to /services/services/dns/Configuration

services/Services-DNS-Configuration.md

@@ -1,133 +0,0 @@

-# Forwarder setup

-

-Configuration of common resolver softwares, to forward DNS queries for `.dn42` (and reverse DNS) to `172.22.0.53`.

-

-## BIND

-

-If you already run a local DNS server, you can tell it to query the dn42 anycast servers for the relevant domains

-by adding the following to /etc/bind/named.conf.local 

-

-```

-zone "dn42" {

- type forward;

- forwarders { 172.22.0.53; };

-};

-zone "22.172.in-addr.arpa" {

- type forward;

- forwarders { 172.22.0.53; };

-};

-zone "23.172.in-addr.arpa" {

- type forward;

- forwarders { 172.22.0.53; };

-};

-```

-

-## dnsmasq

-

-If you are running dnsmasq under openwrt, you just have to add 

-

-```

-config dnsmasq

- option boguspriv '0'

- option rebind_protection '1'

- list rebind_domain 'dn42'

- list server '/dn42/172.22.0.53'

- list server '/22.172.in-addr.arpa/172.22.0.53'

- list server '/23.172.in-addr.arpa/172.22.0.53'

-```

-

-to `/etc/config/dhcp` and run `/etc/init.d/dnsmasq` restart. After that you are able to resolve `.dn42` 

-with the anycast DNS-Server, while your normal requests go to your standard DNS-resolver.

-

-Attention: If you go with the default config you'll have to disable "boguspriv" in the first dnsmasq config section.

-

-For normal dnsmasq use

-

-```

-server=/dn42/172.22.0.53

-server=/22.172.in-addr.arpa/172.22.0.53

-server=/23.172.in-addr.arpa/172.22.0.53

-```

-in `dnsmasq.conf`.

-

-## PowerDNS recursor

-Add this to /etc/powerdns/recursor.conf (at least in Debian)

-

-```

-dont-query=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, ::1/128, fe80::/10

-forward-zones= dn42=172.22.0.53,22.172.in-addr.arpa=172.22.0.53,23.172.in-addr.arpa=172.22.0.53

-```

-

-## MaraDNS

-Put this in your mararc:

-

-```

-ipv4_alias["dn42_root"] = "172.22.0.53"

-root_servers["dn42."] = "dn42_root"

-root_servers["22.172.in-addr.arpa."] = "dn42_root"

-root_servers["23.172.in-addr.arpa."] = "dn42_root"

-```

-

-## Unbound

-

-`unbound.conf` for forwarding requests to `172.22.0.53`.

-

-

-```

-server:

- domain-insecure: "dn42"

- local-zone: "22.172.in-addr.arpa." nodefault

- local-zone: "23.172.in-addr.arpa." nodefault

- local-zone: "d.f.ip6.arpa." nodefault

-

-forward-zone: 

- name: "dn42"

- forward-addr: 172.22.0.53

-

-forward-zone: 

- name: "22.172.in-addr.arpa"

- forward-addr: 172.22.0.53

-

-forward-zone: 

- name: "23.172.in-addr.arpa"

- forward-addr: 172.22.0.53

-

-forward-zone:

- name: "d.f.ip6.arpa"

- forward-addr: 172.22.0.53

-```

-

-## JunOS (SRX 12.1X46)

-Should also work in 12.1X44 and 12.1X45. After making the changes below you may need to run:

-```

-restart named-service

-```

-Config (vlan.0 is presumed to be your LAN/Trust interface)

-```

-system {

- services {

- dns {

- dns-proxy {

- interface {

- vlan.0;

- }

- default-domain dn42 {

- forwarders {

- 172.22.0.53;

- }

- }

- default-domain 22.172.in-addr.arpa {

- forwarders {

- 172.22.0.53;

- }

- } 

- default-domain 23.172.in-addr.arpa {

- forwarders {

- 172.22.0.53;

- }

- }

- }

- }

- }

-}

-```

\ No newline at end of file

services/services/dns/Configuration.md

@@ -0,0 +1,133 @@

+# Forwarder setup

+

+Configuration of common resolver softwares, to forward DNS queries for `.dn42` (and reverse DNS) to `172.22.0.53`.

+

+## BIND

+

+If you already run a local DNS server, you can tell it to query the dn42 anycast servers for the relevant domains

+by adding the following to /etc/bind/named.conf.local 

+

+```

+zone "dn42" {

+ type forward;

+ forwarders { 172.22.0.53; };

+};

+zone "22.172.in-addr.arpa" {

+ type forward;

+ forwarders { 172.22.0.53; };

+};

+zone "23.172.in-addr.arpa" {

+ type forward;

+ forwarders { 172.22.0.53; };

+};

+```

+

+## dnsmasq

+

+If you are running dnsmasq under openwrt, you just have to add 

+

+```

+config dnsmasq

+ option boguspriv '0'

+ option rebind_protection '1'

+ list rebind_domain 'dn42'

+ list server '/dn42/172.22.0.53'

+ list server '/22.172.in-addr.arpa/172.22.0.53'

+ list server '/23.172.in-addr.arpa/172.22.0.53'

+```

+

+to `/etc/config/dhcp` and run `/etc/init.d/dnsmasq` restart. After that you are able to resolve `.dn42` 

+with the anycast DNS-Server, while your normal requests go to your standard DNS-resolver.

+

+Attention: If you go with the default config you'll have to disable "boguspriv" in the first dnsmasq config section.

+

+For normal dnsmasq use

+

+```

+server=/dn42/172.22.0.53

+server=/22.172.in-addr.arpa/172.22.0.53

+server=/23.172.in-addr.arpa/172.22.0.53

+```

+in `dnsmasq.conf`.

+

+## PowerDNS recursor

+Add this to /etc/powerdns/recursor.conf (at least in Debian)

+

+```

+dont-query=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, ::1/128, fe80::/10

+forward-zones= dn42=172.22.0.53,22.172.in-addr.arpa=172.22.0.53,23.172.in-addr.arpa=172.22.0.53

+```

+

+## MaraDNS

+Put this in your mararc:

+

+```

+ipv4_alias["dn42_root"] = "172.22.0.53"

+root_servers["dn42."] = "dn42_root"

+root_servers["22.172.in-addr.arpa."] = "dn42_root"

+root_servers["23.172.in-addr.arpa."] = "dn42_root"

+```

+

+## Unbound

+

+`unbound.conf` for forwarding requests to `172.22.0.53`.

+

+

+```

+server:

+ domain-insecure: "dn42"

+ local-zone: "22.172.in-addr.arpa." nodefault

+ local-zone: "23.172.in-addr.arpa." nodefault

+ local-zone: "d.f.ip6.arpa." nodefault

+

+forward-zone: 

+ name: "dn42"

+ forward-addr: 172.22.0.53

+

+forward-zone: 

+ name: "22.172.in-addr.arpa"

+ forward-addr: 172.22.0.53

+

+forward-zone: 

+ name: "23.172.in-addr.arpa"

+ forward-addr: 172.22.0.53

+

+forward-zone:

+ name: "d.f.ip6.arpa"

+ forward-addr: 172.22.0.53

+```

+

+## JunOS (SRX 12.1X46)

+Should also work in 12.1X44 and 12.1X45. After making the changes below you may need to run:

+```

+restart named-service

+```

+Config (vlan.0 is presumed to be your LAN/Trust interface)

+```

+system {

+ services {

+ dns {

+ dns-proxy {

+ interface {

+ vlan.0;

+ }

+ default-domain dn42 {

+ forwarders {

+ 172.22.0.53;

+ }

+ }

+ default-domain 22.172.in-addr.arpa {

+ forwarders {

+ 172.22.0.53;

+ }

+ } 

+ default-domain 23.172.in-addr.arpa {

+ forwarders {

+ 172.22.0.53;

+ }

+ }

+ }

+ }

+ }

+}

+```

\ No newline at end of file

...	...	@@ -1,133 +0,0 @@
1		-# Forwarder setup
2		-
3		-Configuration of common resolver softwares, to forward DNS queries for `.dn42` (and reverse DNS) to `172.22.0.53`.
4		-
5		-## BIND
6		-
7		-If you already run a local DNS server, you can tell it to query the dn42 anycast servers for the relevant domains
8		-by adding the following to /etc/bind/named.conf.local
9		-
10		-```
11		-zone "dn42" {
12		- type forward;
13		- forwarders { 172.22.0.53; };
14		-};
15		-zone "22.172.in-addr.arpa" {
16		- type forward;
17		- forwarders { 172.22.0.53; };
18		-};
19		-zone "23.172.in-addr.arpa" {
20		- type forward;
21		- forwarders { 172.22.0.53; };
22		-};
23		-```
24		-
25		-## dnsmasq
26		-
27		-If you are running dnsmasq under openwrt, you just have to add
28		-
29		-```
30		-config dnsmasq
31		- option boguspriv '0'
32		- option rebind_protection '1'
33		- list rebind_domain 'dn42'
34		- list server '/dn42/172.22.0.53'
35		- list server '/22.172.in-addr.arpa/172.22.0.53'
36		- list server '/23.172.in-addr.arpa/172.22.0.53'
37		-```
38		-
39		-to `/etc/config/dhcp` and run `/etc/init.d/dnsmasq` restart. After that you are able to resolve `.dn42`
40		-with the anycast DNS-Server, while your normal requests go to your standard DNS-resolver.
41		-
42		-Attention: If you go with the default config you'll have to disable "boguspriv" in the first dnsmasq config section.
43		-
44		-For normal dnsmasq use
45		-
46		-```
47		-server=/dn42/172.22.0.53
48		-server=/22.172.in-addr.arpa/172.22.0.53
49		-server=/23.172.in-addr.arpa/172.22.0.53
50		-```
51		-in `dnsmasq.conf`.
52		-
53		-## PowerDNS recursor
54		-Add this to /etc/powerdns/recursor.conf (at least in Debian)
55		-
56		-```
57		-dont-query=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, ::1/128, fe80::/10
58		-forward-zones= dn42=172.22.0.53,22.172.in-addr.arpa=172.22.0.53,23.172.in-addr.arpa=172.22.0.53
59		-```
60		-
61		-## MaraDNS
62		-Put this in your mararc:
63		-
64		-```
65		-ipv4_alias["dn42_root"] = "172.22.0.53"
66		-root_servers["dn42."] = "dn42_root"
67		-root_servers["22.172.in-addr.arpa."] = "dn42_root"
68		-root_servers["23.172.in-addr.arpa."] = "dn42_root"
69		-```
70		-
71		-## Unbound
72		-
73		-`unbound.conf` for forwarding requests to `172.22.0.53`.
74		-
75		-
76		-```
77		-server:
78		- domain-insecure: "dn42"
79		- local-zone: "22.172.in-addr.arpa." nodefault
80		- local-zone: "23.172.in-addr.arpa." nodefault
81		- local-zone: "d.f.ip6.arpa." nodefault
82		-
83		-forward-zone:
84		- name: "dn42"
85		- forward-addr: 172.22.0.53
86		-
87		-forward-zone:
88		- name: "22.172.in-addr.arpa"
89		- forward-addr: 172.22.0.53
90		-
91		-forward-zone:
92		- name: "23.172.in-addr.arpa"
93		- forward-addr: 172.22.0.53
94		-
95		-forward-zone:
96		- name: "d.f.ip6.arpa"
97		- forward-addr: 172.22.0.53
98		-```
99		-
100		-## JunOS (SRX 12.1X46)
101		-Should also work in 12.1X44 and 12.1X45. After making the changes below you may need to run:
102		-```
103		-restart named-service
104		-```
105		-Config (vlan.0 is presumed to be your LAN/Trust interface)
106		-```
107		-system {
108		- services {
109		- dns {
110		- dns-proxy {
111		- interface {
112		- vlan.0;
113		- }
114		- default-domain dn42 {
115		- forwarders {
116		- 172.22.0.53;
117		- }
118		- }
119		- default-domain 22.172.in-addr.arpa {
120		- forwarders {
121		- 172.22.0.53;
122		- }
123		- }
124		- default-domain 23.172.in-addr.arpa {
125		- forwarders {
126		- 172.22.0.53;
127		- }
128		- }
129		- }
130		- }
131		- }
132		-}
133		-```
...	...	\ No newline at end of file

...	...	@@ -0,0 +1,133 @@
	1	+# Forwarder setup
	2	+
	3	+Configuration of common resolver softwares, to forward DNS queries for `.dn42` (and reverse DNS) to `172.22.0.53`.
	4	+
	5	+## BIND
	6	+
	7	+If you already run a local DNS server, you can tell it to query the dn42 anycast servers for the relevant domains
	8	+by adding the following to /etc/bind/named.conf.local
	9	+
	10	+```
	11	+zone "dn42" {
	12	+ type forward;
	13	+ forwarders { 172.22.0.53; };
	14	+};
	15	+zone "22.172.in-addr.arpa" {
	16	+ type forward;
	17	+ forwarders { 172.22.0.53; };
	18	+};
	19	+zone "23.172.in-addr.arpa" {
	20	+ type forward;
	21	+ forwarders { 172.22.0.53; };
	22	+};
	23	+```
	24	+
	25	+## dnsmasq
	26	+
	27	+If you are running dnsmasq under openwrt, you just have to add
	28	+
	29	+```
	30	+config dnsmasq
	31	+ option boguspriv '0'
	32	+ option rebind_protection '1'
	33	+ list rebind_domain 'dn42'
	34	+ list server '/dn42/172.22.0.53'
	35	+ list server '/22.172.in-addr.arpa/172.22.0.53'
	36	+ list server '/23.172.in-addr.arpa/172.22.0.53'
	37	+```
	38	+
	39	+to `/etc/config/dhcp` and run `/etc/init.d/dnsmasq` restart. After that you are able to resolve `.dn42`
	40	+with the anycast DNS-Server, while your normal requests go to your standard DNS-resolver.
	41	+
	42	+Attention: If you go with the default config you'll have to disable "boguspriv" in the first dnsmasq config section.
	43	+
	44	+For normal dnsmasq use
	45	+
	46	+```
	47	+server=/dn42/172.22.0.53
	48	+server=/22.172.in-addr.arpa/172.22.0.53
	49	+server=/23.172.in-addr.arpa/172.22.0.53
	50	+```
	51	+in `dnsmasq.conf`.
	52	+
	53	+## PowerDNS recursor
	54	+Add this to /etc/powerdns/recursor.conf (at least in Debian)
	55	+
	56	+```
	57	+dont-query=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, ::1/128, fe80::/10
	58	+forward-zones= dn42=172.22.0.53,22.172.in-addr.arpa=172.22.0.53,23.172.in-addr.arpa=172.22.0.53
	59	+```
	60	+
	61	+## MaraDNS
	62	+Put this in your mararc:
	63	+
	64	+```
	65	+ipv4_alias["dn42_root"] = "172.22.0.53"
	66	+root_servers["dn42."] = "dn42_root"
	67	+root_servers["22.172.in-addr.arpa."] = "dn42_root"
	68	+root_servers["23.172.in-addr.arpa."] = "dn42_root"
	69	+```
	70	+
	71	+## Unbound
	72	+
	73	+`unbound.conf` for forwarding requests to `172.22.0.53`.
	74	+
	75	+
	76	+```
	77	+server:
	78	+ domain-insecure: "dn42"
	79	+ local-zone: "22.172.in-addr.arpa." nodefault
	80	+ local-zone: "23.172.in-addr.arpa." nodefault
	81	+ local-zone: "d.f.ip6.arpa." nodefault
	82	+
	83	+forward-zone:
	84	+ name: "dn42"
	85	+ forward-addr: 172.22.0.53
	86	+
	87	+forward-zone:
	88	+ name: "22.172.in-addr.arpa"
	89	+ forward-addr: 172.22.0.53
	90	+
	91	+forward-zone:
	92	+ name: "23.172.in-addr.arpa"
	93	+ forward-addr: 172.22.0.53
	94	+
	95	+forward-zone:
	96	+ name: "d.f.ip6.arpa"
	97	+ forward-addr: 172.22.0.53
	98	+```
	99	+
	100	+## JunOS (SRX 12.1X46)
	101	+Should also work in 12.1X44 and 12.1X45. After making the changes below you may need to run:
	102	+```
	103	+restart named-service
	104	+```
	105	+Config (vlan.0 is presumed to be your LAN/Trust interface)
	106	+```
	107	+system {
	108	+ services {
	109	+ dns {
	110	+ dns-proxy {
	111	+ interface {
	112	+ vlan.0;
	113	+ }
	114	+ default-domain dn42 {
	115	+ forwarders {
	116	+ 172.22.0.53;
	117	+ }
	118	+ }
	119	+ default-domain 22.172.in-addr.arpa {
	120	+ forwarders {
	121	+ 172.22.0.53;
	122	+ }
	123	+ }
	124	+ default-domain 23.172.in-addr.arpa {
	125	+ forwarders {
	126	+ 172.22.0.53;
	127	+ }
	128	+ }
	129	+ }
	130	+ }
	131	+ }
	132	+}
	133	+```
...	...	\ No newline at end of file