Anycast DNS: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Yanosz (Diskussion | Beiträge) |
Yanosz (Diskussion | Beiträge) |
||
| Zeile 17: | Zeile 17: | ||
== /etc/unbound/unbound.conf == | == /etc/unbound/unbound.conf == | ||
server: | server: | ||
# The following line will configure unbound to perform cryptographic | # The following line will configure unbound to perform cryptographic | ||
# DNSSEC validation using the root trust anchor. | # DNSSEC validation using the root trust anchor. | ||
| Zeile 26: | Zeile 26: | ||
access-control: 172.27.0.0/16 allow | access-control: 172.27.0.0/16 allow | ||
verbosity: 1 | verbosity: 1 | ||
forward-zone: | forward-zone: | ||
name: "hack" | name: "hack" | ||
forward-addr: 172.31.0.5 | forward-addr: 172.31.0.5 | ||
forward-addr: 172.31.116.1 | forward-addr: 172.31.116.1 | ||
forward-zone: | forward-zone: | ||
name: "dn42" | name: "dn42" | ||
forward-addr: 172.22.228.85 | forward-addr: 172.22.228.85 | ||
forward-addr: 172.22.222.6 | forward-addr: 172.22.222.6 | ||
forward-zone: | forward-zone: | ||
name: "." | name: "." | ||
forward-addr: 172.27.255.3 # Paul | forward-addr: 172.27.255.3 # Paul | ||
forward-addr: 172.27.255.2 # Paula | forward-addr: 172.27.255.2 # Paula | ||
Version vom 6. April 2014, 18:33 Uhr
Einleitung
Supernodes betreiben Caching-DNS-Forwarder. Diese sind per anycast erreichbar. Hierzu wird unbound verwendet
Adressen
Das Setup unterscheidet zwischen v4 und v6. Bei v4 wird dem Mesh-Interface (hier bat0) die IP 172.27.0.2 zugewiesen. Bei IPv6 erhält der Loopback-Interface die IP fdd3:5d16:b5dd::2. Anycast auf Basis von Neighbor Discovery ist zur Zeit auf Linux nicht implementiert.
/etc/network/interfaces
iface lo inet loopback
post-up ip -6 addr add fdd3:5d16:b5dd::2/128 dev lo # <-- Zeile hinzufügen
#...
# Neues Interface für zweite IPv4 Adresse
auto br-ff:0 #Ggf. bat0:0, falls keine Bridge existiert
iface br-ff:0 inet static #Ggf. bat0:0, falls keine Bridge existiert
address 172.27.0.2
netmask 255.255.192.0
/etc/unbound/unbound.conf
server:
# The following line will configure unbound to perform cryptographic
# DNSSEC validation using the root trust anchor.
auto-trust-anchor-file: "/var/lib/unbound/root.key"
interface: fdd3:5d16:b5dd::2
access-control: 2001:67c:20a0:b100::/56 allow
interface: 172.27.0.2
access-control: 172.27.0.0/16 allow
verbosity: 1
forward-zone:
name: "hack"
forward-addr: 172.31.0.5
forward-addr: 172.31.116.1
forward-zone:
name: "dn42"
forward-addr: 172.22.228.85
forward-addr: 172.22.222.6
forward-zone:
name: "."
forward-addr: 172.27.255.3 # Paul
forward-addr: 172.27.255.2 # Paula