Changes in ba6dd3a: Updated New DNS (markdown)

services/New-DNS.md

@@ -22,6 +22,16 @@ These are simple authoritative servers for the dn42 zone, rDNS and a few DNS inf

 ## *.master.delegation-servers.dn42

 These instances do not serve any clients. They poll the registry regularly and rebuild and resign (DNSSEC) the zones as needed. If any zone changes, all *.delegation-servers.dn42 instances are notified ([RFC1996](https://tools.ietf.org/html/rfc1996)) which then load the new zone data over AXFR ([RFC5936](https://tools.ietf.org/html/rfc5936)). The pool of masters is intentionally kept very small because of its much higher coordination needs and also the lacking support of a multi-master mode in many authoritative server implementations. The masters are only reachable over dedicated IPv6 assignments which are set up in a way that any master operator can hijack the address of a problematic master without having to wait for its operator to fix something.

+# Running your own instances

+* If you want to run your own instances, make sure you are subscribed to the [[mailinglist|contact]]. It is also strongly recommended to join #dn42-dns@hackint. All changes are announced to the mailinglist but IRC makes debugging sessions much easier.

+* Choose the implementation(s) you want to use. It should support at least AXFR+NOTIFY (*.delegation-servers.dn42) or DNSSEC (*.recursive-servers.dn42).

+* Check if [[TODO|TODO]] already has configuration snippets for your implementation.

+ * If yes, download it from there and include it in the main configuration.

+ * If not, then join us in #dn42-dns@hackint so we can add it together.

+* Verify that everything works:

+ * For *.delegation-servers.dn42: Do an AXFR against all zones and compare with the result of an existing instance. The result should be identical.

+ * For *.recursive-servers.dn42: Query clearnet, dn42 and ICVPN domains including rDNS. Make sure that both signed and unsigned domains work properly.

+

 # [Monitoring](https://grafana.burble.com/d/DjGj6GiWk/dn42-dns-status?orgId=3&refresh=1m)

 burble is providing monitoring for the new DNS system. It does simple checks on all instances every minute and also logs all changes into #dn42-dns@hackint.

...	...	@@ -22,6 +22,16 @@ These are simple authoritative servers for the dn42 zone, rDNS and a few DNS inf
22	22	## *.master.delegation-servers.dn42
23	23	These instances do not serve any clients. They poll the registry regularly and rebuild and resign (DNSSEC) the zones as needed. If any zone changes, all *.delegation-servers.dn42 instances are notified ([RFC1996](https://tools.ietf.org/html/rfc1996)) which then load the new zone data over AXFR ([RFC5936](https://tools.ietf.org/html/rfc5936)). The pool of masters is intentionally kept very small because of its much higher coordination needs and also the lacking support of a multi-master mode in many authoritative server implementations. The masters are only reachable over dedicated IPv6 assignments which are set up in a way that any master operator can hijack the address of a problematic master without having to wait for its operator to fix something.
24	24
	25	+# Running your own instances
	26	+* If you want to run your own instances, make sure you are subscribed to the [[mailinglist\|contact]]. It is also strongly recommended to join #dn42-dns@hackint. All changes are announced to the mailinglist but IRC makes debugging sessions much easier.
	27	+* Choose the implementation(s) you want to use. It should support at least AXFR+NOTIFY (.delegation-servers.dn42) or DNSSEC (.recursive-servers.dn42).
	28	+* Check if [[TODO\|TODO]] already has configuration snippets for your implementation.
	29	+ * If yes, download it from there and include it in the main configuration.
	30	+ * If not, then join us in #dn42-dns@hackint so we can add it together.
	31	+* Verify that everything works:
	32	+ * For *.delegation-servers.dn42: Do an AXFR against all zones and compare with the result of an existing instance. The result should be identical.
	33	+ * For *.recursive-servers.dn42: Query clearnet, dn42 and ICVPN domains including rDNS. Make sure that both signed and unsigned domains work properly.
	34	+
25	35	# [Monitoring](https://grafana.burble.com/d/DjGj6GiWk/dn42-dns-status?orgId=3&refresh=1m)
26	36	burble is providing monitoring for the new DNS system. It does simple checks on all instances every minute and also logs all changes into #dn42-dns@hackint.
27	37