Building DNS infrastructure for an AS(mesh network)?

Installing and Using OpenWrt
1

Hi,
I'm wondering how to integrate a DNS structure into an autonomous system. We have several OpenWRT routers connected to a mesh network spanning the whole city of Berlin. You can imagine that we have for each house a layer 2 domain with a core-router doing all the routing work. This core-router is connected to multiple clients, such as antennas or dump APs. I would like to give each core-router its own sub-domain and the router should be the authoratitive for this domain. We have multiple gateways running BGP connections. They should be authoritative for the top-domain (funk.berlin or whatever) and should delegate the requests to the corresponding core-routers. Further, servers that are connected to the core-router should also be able to get a domain name, however the core-router should be authoritative for them.

Any suggestions?

dns
dns509×581 33.7 KB

2

If I understand correctly, you'd simply make this the domain in dnsmasq. If the domains were indeed delegated it to you, I believe this should work.

3

I thought about using bind.

For setting-up an authoritative name-server with dnsmasq, I only find this example: https://www.onderka.com/computer-und-netzwerk/autoritativer-dns-server-mit-dnsmasq

However, I can not find any example for setting a ns record with dnsmasq? I suppose on the gateways I need to delegate subdomains in my zonefile, something like this:

              IN      NS     ns.location.funk.berlin
              IN      NS     ns.otherlocation.funk.berlin

...

https://www.zytrax.com/books/dns/ch9/delegate.html or https://gist.github.com/magnetikonline/70625d14aabe25a227e3

Edit:
Okay, maybe I can do something like this on the gateways:

server=/location.funk.berlin/10.0.0.1
server=/otherlocation.funk.berlin/10.0.0.2
4

Back in the days of Athens WMN, we did it with bind. It was quite a big size of 700+ ASes and each one had a delegated zone, e.g trendy.awmn , as well as a reverse. However this meant that each admin was responsible to set it up properly.
It is possible to do it with dnsmasq, however I am not sure if you can do recursive lookups from one leaf node to the root server and get the answer or a hint about the authoritative. Otherwise you'll have to add a server entry to all instances every time there is a new zone.

2 Likes
5

Maybe I should mention that I want to work with public ipv6 in the end. :wink:

I am now at a point where I get really confused. How on earth can I also support Reverse DNS lookup?

6

The configured prefixes on the interfaces are automatically served.
If you need more zones you need to configure them.
From dnsmasq manual

Dnsmasq acts as an authoritative server for in-addr.arpa and ip6.arpa domains associated with the subnets given in --auth-zone declarations, so reverse (address to name) lookups can be simply configured with a suitable NS record, for instance in this example, where we allow 1.2.3.0/24 addresses.

3.2.1.in-addr.arpa NS our.zone.com

Note that at present, reverse (in-addr.arpa and ip6.arpa) zones are not available in zone transfers, so there is no point arranging secondary servers for reverse lookups.