DNS
Servers
Recursive
DNS | IP address |
---|---|
recur1.bandura.crxn | fd92:58b6:2b2::5353 |
Authoritative
DNS | IP address |
---|---|
ns1.crxn | fd92:58b6:2b2::54 |
Resolve CRXN domains only
Advantage:
- Very simple configuration
Disadvantage:
- No more access to Clearnet domains
- Dependence on one server
You can enter a recursive CRXN server as your DNS server in the operating system.
The configuration of this differs depending on the operating system. For example, in Debian without NetworkManager, you can add the following to /etc/resolv.conf
:
nameserver fd92:58b6:2b2::5353
Run your own forwarder
Advantage:
- Simple configuration
Disadvantage:
- Dependence on one server
With this method, you run a small DNS server of your own, which receives and forwards requests. This is suitable for one computer or very small networks.
There are several software you can use for this.
Coredns
This guide is for Debian based systems.
First you need to download Coredns. You can find the software at https://coredns.io/. As a download package you get a compressed file. Extract it and make the file coredns
executable and copy it into the directory /usr/local/bin
.
$ tar xvf coredns_1.10.0_linux_amd64.tgz
$ chmod +x coredns
$ sudo cp coredns /usr/local/bin/
To start Coredns automatically you can create a Systemd unit:
$ editor /etc/systemd/system/coredns.service
Paste the following:
[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io/
After=network.target
After=alfis.service
After=meshnamed.service
[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
ExecStart=/usr/local/bin/coredns -conf=/etc/coredns/Corefile
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure
[Install]
WantedBy=multi-user.target
After that reload systemd:
$ sudo systemctl daemon-reload
To isolate Coredns, you create a new user:
$ sudo adduser --home /etc/coredns/ --disabled-password --disabled-login coredns
After that you can create and edit the Coredns configuration file Corefile
:
$ editor /etc/coredns/Corefile
Paste the following:
crxn., d.f.ip6.arpa. {
loop
bind 127.0.0.1 ::1
forward . fd92:58b6:2b2::5353
}
Replace fd92:58b6:2b2::5353
with your preferred recursive server.
With bind 127.0.0.1 ::1
you bind Coredns to your local machine only, so no one else can access it. If you want to create a network forwarder, you have to remove this line. If you want to restrict the forwarder access only to a specific network, you can use the ACL Plugin.
To resolve Clearnet domains, insert the following:
. {
loop
bind 127.0.0.1 ::1
forward . tls://1.1.1.1 tls://1.0.0.1 tls://2606:4700:4700::1111 tls://2606:4700:4700::1001 {
tls_servername 1dot1dot1dot1.cloudflare-dns.com
}
}
To start Coredns you can use Systemd:
$ sudo systemctl start coredns
To access the Coredns log you can use one of the following commands:
$ sudo systemctl status coredns
$ sudo journalctl -r -u coredns
To start Coredns automatically, you can enable the unit with the following command:
$ sudo systemctl enable coredns