wiki/services/DNS.md

# DN42 DNS

This page covers guidance and examples on using DNS within DN42.

## Quick Start

It is recommended to run your own DNS resolver as this provides you with the most security and privacy. 
However, to get started, or if running your own resolver isn't desirable an anycast service
is available. The anycast service supports DNSSEC and will resolve public DNS names together with all the 
relevant DN42 and affiliated networks' names.

### Using the DNS Anycast Service

The DNS anycast service is provided by multiple operators, with each operator contributing to one of the two separate 
anycast services. By configuring both services, users get additional resiliency from having two, independent, resolvers. 

| Name | IPv4 | IPv6 |
|---|---|---|
| a0.recursive-servers.dn42 | 172.20.0.53 | fd42:d42:d42:54::1 |
| a3.recursive-servers.dn42 | 172.23.0.53 | fd42:d42:d42:53::1 |

To configure the service, ping both sets of addresses then set your primary nameserver to the lowest latency 
service and configure the other service as the secondary or backup nameserver.

Example resolv.conf, preferring a0.recursive-servers.dn42 and IPv4:

```conf
nameserver 172.20.0.53
nameserver 172.23.0.53
nameserver fd42:d42:d42:54::1
nameserver fd42:d42:d42:53::1
search dn42
```

Example resolv.conf, preferring a3.recursive-servers.dn42 and IPv6:

```conf
nameserver fd42:d42:d42:53::1
nameserver fd42:d42:d42:54::1
nameserver 172.23.0.53
nameserver 172.20.0.53
option inet6       # Linux/glibc
family inet6 inet4 # BSD
search dn42
```

## Advanced Configuration

There are multiple top level domains (TLDs) associated with DN42, its affiliated networks and for reverse DNS that must
be configured in order to run your own resolver. The registry is the authoritative source of active TLDs, but see also
this page [dns/External-DNS](/services/dns/External-DNS) in the wiki.

### Split horizon DNS

In this configuration, you run your own, caching resolver but forward DN42 related queries (with recursion bit set) 
to the anycast service. Example configurations for different recursor implementations are included in the [dns/Configuration](/services/dns/Configuration) page.

### Full recursion 

Authoritative DNS for DN42 is provided by the *.delegation-servers.dn42 servers, see the DNS architecture here 
[New DNS](/services/New-DNS) Delegations servers have full support for DNSSEC. Example configuration unbound implementations are included in the [dns/Configuration](/services/dns/Configuration#resolver-setup) page.

## Further Information

* [dns/Configuration](/services/dns/Configuration) - Forwarder/Resolver configuration examples
* [New DNS](/services/New-DNS) - current architecture
* [dns/External-DNS](/services/dns/External-DNS) - external DNS zones from interconnected networks
* [Old Hierarchical DNS](/services/Old-Hierarchical-DNS) - deprecated
* [Original DNS (deprecated)](/services/Original-DNS-(deprecated)) - deprecated
Updated DNS (markdown) 2020-04-06 12:22:36 +02:00			`# DN42 DNS`
Created DNS (markdown) 2020-02-24 18:32:39 +01:00
Updated DNS (markdown) 2020-04-06 12:22:36 +02:00			`This page covers guidance and examples on using DNS within DN42.`
Created DNS (markdown) 2020-02-24 18:32:39 +01:00
Updated DNS (markdown) 2020-04-06 12:22:36 +02:00			`## Quick Start`
Updated DNS (markdown) 2020-03-03 07:08:42 +01:00
Updated DNS (markdown) 2020-04-06 12:22:36 +02:00			`It is recommended to run your own DNS resolver as this provides you with the most security and privacy.`
			`However, to get started, or if running your own resolver isn't desirable an anycast service`
			`is available. The anycast service supports DNSSEC and will resolve public DNS names together with all the`
			`relevant DN42 and affiliated networks' names.`
Updated DNS (markdown) 2020-03-03 07:08:42 +01:00
Updated DNS (markdown) 2020-04-06 12:22:36 +02:00			`### Using the DNS Anycast Service`
Updated DNS (markdown) 2020-03-03 07:08:42 +01:00
Updated DNS (markdown) 2020-04-06 12:22:36 +02:00			`The DNS anycast service is provided by multiple operators, with each operator contributing to one of the two separate`
			`anycast services. By configuring both services, users get additional resiliency from having two, independent, resolvers.`

			`\| Name \| IPv4 \| IPv6 \|`
			`\|---\|---\|---\|`
			`\| a0.recursive-servers.dn42 \| 172.20.0.53 \| fd42:d42:d42:54::1 \|`
			`\| a3.recursive-servers.dn42 \| 172.23.0.53 \| fd42:d42:d42:53::1 \|`

			`To configure the service, ping both sets of addresses then set your primary nameserver to the lowest latency`
			`service and configure the other service as the secondary or backup nameserver.`

			`Example resolv.conf, preferring a0.recursive-servers.dn42 and IPv4:`

backport (cosmetic) changes from wiki-ng 2023-04-08 22:08:13 +02:00			```conf
Updated DNS (markdown) 2020-04-06 12:22:36 +02:00			`nameserver 172.20.0.53`
			`nameserver 172.23.0.53`
			`nameserver fd42:d42:d42:54::1`
			`nameserver fd42:d42:d42:53::1`
			`search dn42`
			```

			`Example resolv.conf, preferring a3.recursive-servers.dn42 and IPv6:`

backport (cosmetic) changes from wiki-ng 2023-04-08 22:08:13 +02:00			```conf
Updated DNS (markdown) 2020-04-06 12:22:36 +02:00			`nameserver fd42:d42:d42:53::1`
			`nameserver fd42:d42:d42:54::1`
			`nameserver 172.23.0.53`
			`nameserver 172.20.0.53`
Prefer AAAA to A as well when prefering IPv6 in resolv.conf(5) 2020-12-05 19:56:24 +01:00			`option inet6 # Linux/glibc`
			`family inet6 inet4 # BSD`
Updated DNS (markdown) 2020-04-06 12:22:36 +02:00			`search dn42`
			```

			`## Advanced Configuration`

			`There are multiple top level domains (TLDs) associated with DN42, its affiliated networks and for reverse DNS that must`
			`be configured in order to run your own resolver. The registry is the authoritative source of active TLDs, but see also`
Replace wikilink style links with generic markdown 2021-05-30 22:35:15 +02:00			`this page [dns/External-DNS](/services/dns/External-DNS) in the wiki.`
Updated DNS (markdown) 2020-04-06 12:22:36 +02:00
			`### Split horizon DNS`

			`In this configuration, you run your own, caching resolver but forward DN42 related queries (with recursion bit set)`
Replace wikilink style links with generic markdown 2021-05-30 22:35:15 +02:00			`to the anycast service. Example configurations for different recursor implementations are included in the [dns/Configuration](/services/dns/Configuration) page.`
Updated DNS (markdown) 2020-04-06 12:22:36 +02:00
			`### Full recursion`

			`Authoritative DNS for DN42 is provided by the *.delegation-servers.dn42 servers, see the DNS architecture here`
add resolver 2022-04-03 07:37:22 +02:00			`[New DNS](/services/New-DNS) Delegations servers have full support for DNSSEC. Example configuration unbound implementations are included in the [dns/Configuration](/services/dns/Configuration#resolver-setup) page.`
Updated DNS (markdown) 2020-04-06 12:22:36 +02:00
			`## Further Information`

add resolver 2022-04-03 07:37:22 +02:00			`* [dns/Configuration](/services/dns/Configuration) - Forwarder/Resolver configuration examples`
Fix broken link 2021-07-12 04:52:24 +02:00			`* [New DNS](/services/New-DNS) - current architecture`
Replace wikilink style links with generic markdown 2021-05-30 22:35:15 +02:00			`* [dns/External-DNS](/services/dns/External-DNS) - external DNS zones from interconnected networks`
fix wrong path 2022-08-15 20:18:31 +02:00			`* [Old Hierarchical DNS](/services/Old-Hierarchical-DNS) - deprecated`
			`* [Original DNS (deprecated)](/services/Original-DNS-(deprecated)) - deprecated`