A hidden primary master is a nameserver which is not publicly advertised. It does not answer queries; it’s only purpose is to act as source for authoritative data. The easiest way to achieve this is to treat the publicly advertised nameservers as slaves:
Continue Reading
DNS Infrastructure: #1 Overview
Here’s an Overview about the setup I’ve built.
Continue Reading
Leftover
I’ve been working self-employed since 2003 doing Webdevelopment, Webhosting and Systemadministration. End of 2014 I started my life as employee and in November last year I’ve decided to quit being self-employed. In this category I am publishing documentation, howtos which I wrote for myself.
Overriding BIND systemd script in Debian
Ever wondered how to modify/override a systemd script in Debian?
Continue Reading
Parallel DNS lookup using dnsmasq
Well up until now I did believe that a DNS query would cause all nameserver in /etc/resolv.conf to be queried in parallel and the first (and hence fastest) answer would be taken. Just noticed I’m wrong.
Continue Reading
dns monitoring scripts
Lately I am contributing to a repository on github which contains several test-scripts for DNS & DNSSEC Monitoring to verify the functionality of your authoritative nameserver or rather your nameserver configuration…
Continue Reading
Connection Tracking and UDP DNS with nftables
I’m working with nftables lately, here’s an example for disabling connection tracking of UDP DNS packets with it. Nftables is a replacement for iptables, ip6tables, arptables and ebtables – and once you get used to it does a pretty nice job.
Continue Reading
Conntrack and UDP DNS with iptables
Conntrack (or rather connection tracking) is a pretty useful thing; That’s however not necessarily the case with udp dns packets. Here’s how to disable it with iptables.
Continue Reading
Reducing initial latency in your resolver using stub zones with Unbound
Assuming you do have an authoritative and a resolving nameserver. The resolving nameserver (my-resolver in the following) runs Unbound. If your resolver has jeanbruenn.info in it’s cache resolving is pretty fast:
DNSSEC resolver using BIND or Unbound
In fact I am an ISC-Fanboy and so I’ve been using BIND since I can remember. Never taken a look at different Nameservers up until a few weeks ago. A few weeks ago I did setup Unbound as resolver to take a look on how it performs and how easy it is to set it up. However, this post is just about how to setup that stuff and make sure it does DNSSEC.
Continue Reading