I am using a KVM that has redundant Internet Connectivity, redundant AWMN Connectivity and does both the AWMN routing and the Hybrid Internet-AWMN DNS resolving. This way, if the KVM ceases to exist in the AWMN so does the 10.0.0.1/32 route to it.
# apt-get install quagga bind9
Configure Bind
set /etc/bind/named.conf
# vi /etc/bind/named.conf # cat /etc/bind/named.conf include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local";
set /etc/bind/named.conf.options
# cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
allow-recursion { any; };
allow-query { any; };
version "slave awmn.";
auth-nxdomain no; # conform to RFC1035
listen-on { 127.0.0.1; 10.21.241.100; 10.0.0.1; };
listen-on-v6 { any; };
};
set /etc/bind/named.conf.local
# cat /etc/bind/named.conf.local
zone "awmn" IN {
type slave;
file "/var/cache/bind/db.awmn";
masters{ 10.19.143.12; };
};
zone "10.in-addr.arpa" IN {
type slave;
file "/var/cache/bind/db.10.in-addr.arpa";
masters { 10.19.143.12; };
};
zone "." {
type hint;
file "/etc/bind/db.root";
};
use this by the system name resolver
# echo "nameserver 127.0.0.1" > /etc/resolv.conf
Restart Bind
# /etc/init.d/bind9 restart
Test
# dig +short ipduh.com 85.25.242.245 # dig +short ipduh.awmn 10.21.241.4 # dig +short www.awmn srv1.awmn. 10.19.143.13
Add 10.0.0.1 to the loopback interface.
Adjust the lo stanza in /etc/network/interface
# The loopback network interface auto lo iface lo inet loopback ip addr add 10.0.0.1 dev lo
Configure Quagga
set zebra, bgpd , and ospfd to yes in /etc/quagga/daemons
# grep "=yes" /etc/quagga/daemons zebra=yes bgpd=yes ospfd=yes
Copy to /etc/quagga/ some skeleton files
# cp /usr/share/doc/quagga/examples/bgpd.conf.sample /etc/quagga/bgpd.conf # cp /usr/share/doc/quagga/examples/ospfd.conf.sample /etc/quagga/ospfd.conf # cp /usr/share/doc/quagga/examples/zebra.conf.sample /etc/quagga/zebra.conf
Configure Routing
Zebra example configuration file
# cat /etc/quagga/zebra.conf ! -*- zebra -*- ! ! zebra configuration file ! hostname anydns password kodikos1 enable password kodikos2 ! ip route 10.0.0.1/32 10.21.241.100 ip route 0.0.0.0/0 192.168.30.1 ! log file /var/log/quagga/zebra.log
BGP example configuration file
hostname anydns
log file /var/log/quagga/bgpd.log
log monitor
log stdout
log syslog
password kodikos1
enable password kodikos2
router bgp 20305
bgp router-id 10.21.241.100
network 10.0.0.1/32
! ipduh002011
neighbor 10.21.241.69 remote-as 20305
neighbor 10.21.241.69 description ipduh AWMN BGP Feed
neighbor 10.21.241.69 timers 10 30
neighbor 10.21.241.69 capability dynamic
neighbor 10.21.241.69 capability orf prefix-list both
neighbor 10.21.241.69 soft-reconfiguration inbound
! neighbor 10.21.241.69 prefix-list awmn-bgp in
! neighbor 10.21.241.69 filter-list maxaslength out
! ipduh04711
neighbor 10.21.241.68 remote-as 20305
neighbor 10.21.241.68 description ipduh AWMN BGP Feed
neighbor 10.21.241.68 timers 10 30
neighbor 10.21.241.68 capability dynamic
neighbor 10.21.241.68 capability orf prefix-list both
neighbor 10.21.241.68 soft-reconfiguration inbound
! neighbor 10.21.241.68 prefix-list awmn-bgp in
! neighbor 10.21.241.68 filter-list maxaslength out
! ipduh01433
neighbor 10.21.241.67 remote-as 20305
neighbor 10.21.241.67 description ipduh AWMN BGP Feed
neighbor 10.21.241.67 timers 10 30
neighbor 10.21.241.67 capability dynamic
neighbor 10.21.241.67 capability orf prefix-list both
neighbor 10.21.241.67 soft-reconfiguration inbound
!
!
! ipduh03711
neighbor 10.21.241.66 remote-as 20305
neighbor 10.21.241.66 description ipduh AWMN BGP Feed
neighbor 10.21.241.66 timers 10 30
neighbor 10.21.241.66 capability dynamic
neighbor 10.21.241.66 capability orf prefix-list both
neighbor 10.21.241.66 soft-reconfiguration inbound
!
!
! ares
neighbor 10.21.241.126 remote-as 20305
neighbor 10.21.241.126 description ipduh AWMN BGP Feed
neighbor 10.21.241.126 timers 10 30
neighbor 10.21.241.126 capability dynamic
neighbor 10.21.241.126 capability orf prefix-list both
neighbor 10.21.241.126 soft-reconfiguration inbound
!need to update these filters ...
!not important, this is an inner router in full mess with the border routers
!ip prefix-list awmn-bgp seq 5 permit 10.0.0.0/8 ge 9 le 24
!ip prefix-list awmn-bgp seq 10 permit 10.0.0.0/15 le 32
!ip prefix-list awmn-bgp seq 15 deny any
!
!!ip as-path access-list maxaslength deny ( [0-9]+){250}$
ip as-path access-list maxaslength permit .*
!
line vty
!
end
OSPF configuration
# cat /etc/quagga/ospfd.conf ! -*- ospf -*- ! ! OSPFd configuration file ! ! hostname anydns password kodikos1 enable password kodikos2 ! router ospf network 10.21.241.0/25 area 0 ospf router-id 10.21.241.100 ! log stdout
Cool now add this BGP peer to your other routers and get rid off any 0/0 route in configuration files other than the zebra.
Obviously you do not need any 10/8 route any more.
Firewall
# iptables -t filter -A INPUT -p udp -d 10.0.0.1/32 --dport domain -j ACCEPT # iptables -t filter -A INPUT -p tcp -d 10.0.0.1/32 -j REJECT --reject-with tcp-reset # iptables -t filter -A INPUT -d 10.0.0.1/32 -j REJECTMake it stick
# iptables-save > /etc/rules.iptables # vi /etc/network/if-pre-up.d/ipv4init.sh # cat /etc/network/if-pre-up.d/ipv4init.sh #!/bin/sh /sbin/iptables-restore < /etc/rules.iptables
Test, test again, and then test some more ...
AWMN Anycasta DNS How-To
