DNS

Keybinding Markup

---
title: DNS
---

# Requirements

*   Local DNS resolution 
*   Forwarding of DNS resolution for [GeolocationTunneling][1] 
*   Fallback to reliable DNS

## Optional

*   Caching

# Implementation

*   [Perimeter Router][2] - local and forwarding using dnsmasq 
*   [Hastur][3]

* * *

# SRV records for XMPP

<http://prosody.im/doc/dns>

*   `_xmpp-client` is for client-to-server connections 
*   `_xmpp-server` is for server-to-server connections

For GTalk:

_xmpp-client._tcp 10800 IN SRV 20 0 5222 alt1.xmpp-server.l.google.com.
    _xmpp-client._tcp 10800 IN SRV 20 0 5222 alt2.xmpp-server.l.google.com.
    _xmpp-client._tcp 10800 IN SRV 20 0 5222 alt3.xmpp-server.l.google.com.
    _xmpp-client._tcp 10800 IN SRV 20 0 5222 alt4.xmpp-server.l.google.com.
    _xmpp-client._tcp 10800 IN SRV 5 0 5222 xmpp-server.l.google.com.
    _xmpp-server._tcp 10800 IN SRV 20 0 5269 alt1.xmpp-server.l.google.com.
    _xmpp-server._tcp 10800 IN SRV 20 0 5269 alt2.xmpp-server.l.google.com.
    _xmpp-server._tcp 10800 IN SRV 20 0 5269 alt3.xmpp-server.l.google.com.
    _xmpp-server._tcp 10800 IN SRV 20 0 5269 alt4.xmpp-server.l.google.com.
    _xmpp-server._tcp 10800 IN SRV 5 0 5269 xmpp-server.l.google.com.

* * *

# Obsolete Configuration Plans

These requirements were largely meant for the publically accessible network now implemented by [Yuggoth][5].

## Requirements

*   Separation of Auth and Resolving services 
*   Separation of public and non-public network information 
*   3 Authoritative DNS servers 
    *   Primary public 
    *   Secondary public 
    *   Private 
*   Recursive (Caching) Resolvers 
*   Auth DNS supporting 
    *   A 
    *   AAAA ([IPv6][6]) 
    *   MX (Mail) 
    *   SRV (for VoIP) 
    *   Zone transfers 
*   Local Caching DNS

This involves eventually having three authoritative nameservers.

*   Two for publicly accessible systems (DNS1 and an off-site Secondary) 
*   A third for the private net (DNS2)

Phase I requires a single authoritative [DNS][11] server ([Niggurath][12]) for publicly accessible systems and one caching DNS (for resolving non-local addresses).

Complete local network info is maintained in /etc/hosts files.

When a public domain name is registered a secondary will be set up using a free DNS service.

Phase II requires a second [DNS][11] server, located on the Private Subnet, to handle all Private Subnet records and (optionally) cache queries from private systems. The primary [DNS][11] is reconfigured as a forwarder for queries from the private [DNS][11].

Phase III requires a walldns-like record for wireless ([IPv6][6]) clients.

## Components

*   Authoritative 
*   Caching

## Available DNS servers

[http://en.wikipedia.org/wiki/Comparison\_of\_DNS\_server\_software][16]

### Auth & Cache

*   BIND 
*   djbdns (dnscache, tinydns)

### Auth only

*   NSD - <http://www.nlnetlabs.nl/nsd/>

## Free DNS services

*   <http://freedns.afraid.org/> 
*   <http://www.dollardns.net/hosting.html> 
*   <http://www.xname.org/> (No SRV records)

* * *

# Log

**2006-04-22** BIND too buggy, too cludgy.   
djbdns, like qmail is unmaintained. AAAA and SRV?

[1]: GeolocationTunneling
 [2]: PerimeterRouter
 [3]: Hastur
 [5]: Yuggoth
 [6]: IPv6
 [11]: DNS
 [12]: Niggurath
 [16]: http://en.wikipedia.org/wiki/Comparison_of_DNS_server_software

Uploading file...

Sidebar

Edit message:

Cancel

Editing DNS

Sidebar