services/dns/Recursive DNS resolver

• Home

  • Getting Started
  • Registry Authentication
  • Address Space
  • BGP communities
  • FAQ

• How-To

  • Wireguard
  • Openvpn
  • IPsec With Public Keys
  • Tinc
  • GRE on FreeBSD
  • GRE on OpenBSD
  • IPv6 Multicast (PIM-SM)
  • SSM Multicast
  • MPLS
  • Bird2
  • FRRouting
  • OpenBGPD
  • Mikrotik RouterOS
  • EdgeRouter
  • Static routes on Windows
  • Universal Network Requirements
  • VyOS
  • NixOS

• Services

  • IRC
  • Whois registry
  • DNS
  • IX Collection
  • Public DNS
  • Looking Glasses
  • Automatic Peering
  • Repository Mirrors
  • Distributed Wiki
  • Certificate Authority
  • Route Collector
  • Registry

• Internal

  • Internal services
  • Interconnections
  • APIs
  • Show and Tell
    
  • Historical services

• Historical

  • Bird 1
  • Quagga

• External Tools

  • Paste Board
  • Git Repositories

---

If you want to run your own recursive DNS server, you must find upstream servers that are authoritative for the dn42 zones.

You may use some servers listed in the table of anycast servers, or just use 172.22.119.160 and 172.22.119.163 (ns{1,2}.fritz.dn42).

Configuration

Unbound

Configuration for unbound.conf

server:
        local-zone: "22.172.in-addr.arpa." nodefault
        local-zone: "23.172.in-addr.arpa." nodefault

stub-zone:
        name: "dn42"
        stub-prime: yes
        stub-addr: 172.22.119.160
        stub-addr: 172.22.119.163

stub-zone:
        name: "22.172.in-addr.arpa"
        stub-prime: yes
        stub-addr: 172.22.119.160
        stub-addr: 172.22.119.163

stub-zone:
        name: "23.172.in-addr.arpa"
        stub-prime: yes
        stub-addr: 172.22.119.160
        stub-addr: 172.22.119.163

Unbound with root-hints

Alternatively you can put dn42 root servers in the root-hints file for recursive resolving.

# /etc/unbound/unbound.conf.d/dn42.conf 
server:
        # DNSSEC validation will fail
        val-permissive-mode: yes
        # recursive queries for everyone
        access-control: 0.0.0.0/0 allow
        # dn42 root servers
        root-hints: /etc/unbound/dn42.hints
	# enable IPv6
	do-ip6: yes
	# allow reverse lookup of rfc1918 space, which includes the DN42 address space
	unblock-lan-zones: yes
	insecure-lan-zones: yes

remote-control:
        control-enable: no

The /etc/unbound/dn42.hints file:

.                                         NS    a.root-servers.dn42.
a.root-servers.dn42.           3600000    A     172.22.177.6
.                                         NS    m.root-servers.dn42.
m.root-servers.dn42.           3600000    A     172.23.67.67
.                                         NS    t.root-servers.dn42.
t.root-servers.dn42.           3600000    A     172.22.102.141
.                                         NS    x.root-servers.dn42.
x.root-servers.dn42.           3600000    A     172.22.141.1

Hosted by: BURBLE-MNT, GRMML-MNT, XUU-MNT, JAN-MNT, LARE-MNT, SARU-MNT, ANDROW-MNT, MARK22K-MNT | Accessible via: dn42, dn42.dev, dn42.eu, wiki.dn42.us, dn42.de (IPv6-only), dn42.cc (wiki-ng), dn42.wiki, dn42.pp.ua, dn42.obl.ong