CRXN documentation / DNS

DNS

Servers

Recursive

DNS IP address
recur1.bandura.crxn fd92:58b6:2b2::5353

Authoritative

DNS IP address
ns1.crxn fd92:58b6:2b2::54

Resolve CRXN domains only

Advantage:

Disadvantage:

You can enter a recursive CRXN server as your DNS server in the operating system.

The configuration of this differs depending on the operating system. For example, in Debian without NetworkManager, you can add the following to /etc/resolv.conf:

nameserver fd92:58b6:2b2::5353

Run your own forwarder

Advantage:

Disadvantage:

With this method, you run a small DNS server of your own, which receives and forwards requests. This is suitable for one computer or very small networks.

There are several software you can use for this.

Coredns

This guide is for Debian based systems. First you need to download Coredns. You can find the software at https://coredns.io/. As a download package you get a compressed file. Extract it and make the file coredns executable and copy it into the directory /usr/local/bin.

$ tar xvf coredns_1.10.0_linux_amd64.tgz
$ chmod +x coredns
$ sudo cp coredns /usr/local/bin/

To start Coredns automatically you can create a Systemd unit:

$ editor /etc/systemd/system/coredns.service

Paste the following:

[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io/
After=network.target
After=alfis.service
After=meshnamed.service

[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
ExecStart=/usr/local/bin/coredns -conf=/etc/coredns/Corefile
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure

[Install]
WantedBy=multi-user.target

After that reload systemd:

$ sudo systemctl daemon-reload

To isolate Coredns, you create a new user:

$ sudo adduser --home /etc/coredns/ --disabled-password --disabled-login coredns

After that you can create and edit the Coredns configuration file Corefile:

$ editor /etc/coredns/Corefile

Paste the following:

crxn., d.f.ip6.arpa. {
  loop
  bind 127.0.0.1 ::1
  forward . fd92:58b6:2b2::5353
}

Replace fd92:58b6:2b2::5353 with your preferred recursive server. With bind 127.0.0.1 ::1 you bind Coredns to your local machine only, so no one else can access it. If you want to create a network forwarder, you have to remove this line. If you want to restrict the forwarder access only to a specific network, you can use the ACL Plugin.

To resolve Clearnet domains, insert the following:

. {
    loop
    bind 127.0.0.1 ::1
    forward . tls://1.1.1.1 tls://1.0.0.1 tls://2606:4700:4700::1111 tls://2606:4700:4700::1001 {
      tls_servername 1dot1dot1dot1.cloudflare-dns.com
    }
}

To start Coredns you can use Systemd:

$ sudo systemctl start coredns

To access the Coredns log you can use one of the following commands:

$ sudo systemctl status coredns
$ sudo journalctl -r -u coredns

To start Coredns automatically, you can enable the unit with the following command:

$ sudo systemctl enable coredns