AWMN Anycast DNS

Notes on setting a slave root awmn. Anycast IPv4 DNS server

I am using a KVM that has redundant Internet Connectivity, redundant AWMN Connectivity and does both the AWMN routing and the Hybrid Internet-AWMN DNS resolving. This way, if the KVM ceases to exist in the AWMN so does the 10.0.0.1/32 route to it.

# apt-get install quagga bind9


Configure Bind

set /etc/bind/named.conf
# vi /etc/bind/named.conf
# cat /etc/bind/named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";


set /etc/bind/named.conf.options
# cat /etc/bind/named.conf.options 
options {
 directory "/var/cache/bind";
 allow-recursion { any; };
        allow-query { any; };
 version "slave awmn.";
 auth-nxdomain no;    # conform to RFC1035
 listen-on { 127.0.0.1; 10.21.241.100; 10.0.0.1;  };
 listen-on-v6 { any; };
};


set /etc/bind/named.conf.local
# cat /etc/bind/named.conf.local 

zone "awmn" IN {
 type slave;
 file "/var/cache/bind/db.awmn";
 masters{ 10.19.143.12; };
};

zone "10.in-addr.arpa" IN {
 type slave;
 file "/var/cache/bind/db.10.in-addr.arpa";
 masters { 10.19.143.12; };
};

zone "." {
        type hint;
        file "/etc/bind/db.root";
};



use this by the system name resolver
# echo "nameserver 127.0.0.1" > /etc/resolv.conf


Restart Bind
# /etc/init.d/bind9 restart


Test
# dig +short ipduh.com
85.25.242.245
# dig +short ipduh.awmn
10.21.241.4
# dig +short www.awmn
srv1.awmn.
10.19.143.13


Add 10.0.0.1 to the loopback interface.
Adjust the lo stanza in /etc/network/interface
# The loopback network interface
auto lo
iface lo inet loopback
ip addr add 10.0.0.1 dev lo


Configure Quagga

set zebra, bgpd , and ospfd to yes in /etc/quagga/daemons
# grep "=yes" /etc/quagga/daemons 
zebra=yes
bgpd=yes
ospfd=yes


Copy to /etc/quagga/ some skeleton files
# cp /usr/share/doc/quagga/examples/bgpd.conf.sample /etc/quagga/bgpd.conf
# cp /usr/share/doc/quagga/examples/ospfd.conf.sample /etc/quagga/ospfd.conf
# cp /usr/share/doc/quagga/examples/zebra.conf.sample /etc/quagga/zebra.conf


Configure Routing

Zebra example configuration file
# cat /etc/quagga/zebra.conf 
! -*- zebra -*-
!
! zebra configuration file
!
hostname anydns
password kodikos1
enable password kodikos2
!
ip route 10.0.0.1/32 10.21.241.100
ip route 0.0.0.0/0 192.168.30.1
!

log file /var/log/quagga/zebra.log



BGP example configuration file
hostname anydns

log file /var/log/quagga/bgpd.log
log monitor
log stdout
log syslog

password kodikos1
enable password kodikos2

router bgp 20305
 bgp router-id 10.21.241.100
 network 10.0.0.1/32

! ipduh002011
 neighbor 10.21.241.69 remote-as 20305
 neighbor 10.21.241.69 description ipduh AWMN BGP Feed
 neighbor 10.21.241.69 timers 10 30
 neighbor 10.21.241.69 capability dynamic
 neighbor 10.21.241.69 capability orf prefix-list both
 neighbor 10.21.241.69 soft-reconfiguration inbound

! neighbor 10.21.241.69 prefix-list awmn-bgp in
! neighbor 10.21.241.69 filter-list maxaslength out

! ipduh04711 
 neighbor 10.21.241.68 remote-as 20305
 neighbor 10.21.241.68 description ipduh AWMN BGP Feed
 neighbor 10.21.241.68 timers 10 30
 neighbor 10.21.241.68 capability dynamic
 neighbor 10.21.241.68 capability orf prefix-list both
 neighbor 10.21.241.68 soft-reconfiguration inbound

! neighbor 10.21.241.68 prefix-list awmn-bgp in
! neighbor 10.21.241.68 filter-list maxaslength out

! ipduh01433
 neighbor 10.21.241.67 remote-as 20305
 neighbor 10.21.241.67 description ipduh AWMN BGP Feed
 neighbor 10.21.241.67 timers 10 30
 neighbor 10.21.241.67 capability dynamic
 neighbor 10.21.241.67 capability orf prefix-list both
 neighbor 10.21.241.67 soft-reconfiguration inbound

!
!

! ipduh03711
 neighbor 10.21.241.66 remote-as 20305
 neighbor 10.21.241.66 description ipduh AWMN BGP Feed
 neighbor 10.21.241.66 timers 10 30
 neighbor 10.21.241.66 capability dynamic
 neighbor 10.21.241.66 capability orf prefix-list both
 neighbor 10.21.241.66 soft-reconfiguration inbound

!
!

! ares
 neighbor 10.21.241.126 remote-as 20305
 neighbor 10.21.241.126 description ipduh AWMN BGP Feed
 neighbor 10.21.241.126 timers 10 30
 neighbor 10.21.241.126 capability dynamic
 neighbor 10.21.241.126 capability orf prefix-list both
 neighbor 10.21.241.126 soft-reconfiguration inbound


!need to update these filters ... 
!not important, this is an inner router in full mess with the border routers
!ip prefix-list awmn-bgp seq 5 permit 10.0.0.0/8 ge 9 le 24
!ip prefix-list awmn-bgp seq 10 permit 10.0.0.0/15 le 32
!ip prefix-list awmn-bgp seq 15 deny any
!
!!ip as-path access-list maxaslength deny ( [0-9]+){250}$
ip as-path access-list maxaslength permit .*
!
line vty
!
end


OSPF configuration
# cat /etc/quagga/ospfd.conf 
! -*- ospf -*-
!
! OSPFd configuration file
!
!
hostname anydns
password kodikos1
enable password kodikos2
!
router ospf
   network 10.21.241.0/25 area 0
ospf router-id 10.21.241.100
!
log stdout



Cool now add this BGP peer to your other routers and get rid off any 0/0 route in configuration files other than the zebra.
Obviously you do not need any 10/8 route any more.

Firewall
# iptables -t filter -A INPUT -p udp -d 10.0.0.1/32 --dport domain -j ACCEPT
# iptables -t filter -A INPUT -p tcp -d 10.0.0.1/32 -j REJECT --reject-with tcp-reset
# iptables -t filter -A INPUT -d 10.0.0.1/32 -j REJECT
Make it stick
# iptables-save > /etc/rules.iptables
# vi /etc/network/if-pre-up.d/ipv4init.sh
# cat /etc/network/if-pre-up.d/ipv4init.sh 
#!/bin/sh
/sbin/iptables-restore < /etc/rules.iptables


Test, test again, and then test some more ...







AWMN Anycasta DNS How-To