I'm wondering how to integrate a DNS structure into an autonomous system. We have several OpenWRT routers connected to a mesh network spanning the whole city of Berlin. You can imagine that we have for each house a layer 2 domain with a core-router doing all the routing work. This core-router is connected to multiple clients, such as antennas or dump APs. I would like to give each core-router its own sub-domain and the router should be the authoratitive for this domain. We have multiple gateways running BGP connections. They should be authoritative for the top-domain (funk.berlin or whatever) and should delegate the requests to the corresponding core-routers. Further, servers that are connected to the core-router should also be able to get a domain name, however the core-router should be authoritative for them.
If I understand correctly, you'd simply make this the domain in dnsmasq. If the domains were indeed delegated it to you, I believe this should work.
I thought about using bind.
For setting-up an authoritative name-server with dnsmasq, I only find this example: https://www.onderka.com/computer-und-netzwerk/autoritativer-dns-server-mit-dnsmasq
However, I can not find any example for setting a ns record with dnsmasq? I suppose on the gateways I need to delegate subdomains in my zonefile, something like this:
IN NS ns.location.funk.berlin
IN NS ns.otherlocation.funk.berlin
https://www.zytrax.com/books/dns/ch9/delegate.html or https://gist.github.com/magnetikonline/70625d14aabe25a227e3
Okay, maybe I can do something like this on the gateways:
Back in the days of Athens WMN, we did it with bind. It was quite a big size of 700+ ASes and each one had a delegated zone, e.g
trendy.awmn , as well as a reverse. However this meant that each admin was responsible to set it up properly.
It is possible to do it with dnsmasq, however I am not sure if you can do recursive lookups from one leaf node to the root server and get the answer or a hint about the authoritative. Otherwise you'll have to add a
server entry to all instances every time there is a new zone.
Maybe I should mention that I want to work with public ipv6 in the end.
I am now at a point where I get really confused. How on earth can I also support Reverse DNS lookup?
The configured prefixes on the interfaces are automatically served.
If you need more zones you need to configure them.
From dnsmasq manual
Dnsmasq acts as an authoritative server for in-addr.arpa and ip6.arpa domains associated with the subnets given in --auth-zone declarations, so reverse (address to name) lookups can be simply configured with a suitable NS record, for instance in this example, where we allow 184.108.40.206/24 addresses.
3.2.1.in-addr.arpa NS our.zone.com
Note that at present, reverse (in-addr.arpa and ip6.arpa) zones are not available in zone transfers, so there is no point arranging secondary servers for reverse lookups.