031c3323ca6afac48e3aac53f1a978785d5be17b
Services-DNS.md
| ... | ... | @@ -1,7 +1,21 @@ |
| 1 | 1 | # DNS |
| 2 | 2 | |
| 3 | -We have a TLD for the dn42, which is .dn42 and the Anycast-DNS-server for it runs on 172.22.0.53. |
|
| 4 | -**DNS is build from whois database. So please edit your DNS-records there.** |
|
| 3 | +*(tl;dr)* We have a TLD for dn42, which is `.dn42`. The anycast resolver for `.dn42` runs on `172.22.0.53`. |
|
| 4 | +**DNS is build from [[whois database|Services Whois]]. So please edit your DNS-records there.** |
|
| 5 | + |
|
| 6 | +## Using the DNS service |
|
| 7 | + |
|
| 8 | +You can either use the anycast resolver directly, or configure your local resolver to forward queries in the `.dn42` zone. |
|
| 9 | + |
|
| 10 | +### Using the anycast resolver directly |
|
| 11 | + |
|
| 12 | +Please be aware that this method sends **all** your DNS queries (e.g. `google.com`) to a random DNS server inside dn42. The server could fake the result and point you towards the russian mafia. They probably won't, but think about what you are doing. At the end of the day, your ISP could be evil as well, so it always boils down to a question of trust. |
|
| 13 | + |
|
| 14 | +To do this, just use `172.22.0.53` as your resolver, for instance in `/etc/resolv.conf`. |
|
| 15 | + |
|
| 16 | +### Forwarding `.dn42`queries |
|
| 17 | + |
|
| 18 | +If you run your own resolver (`unbound`, `dnsmasq`, `bind`), you can configure it to forward dn42 queries to the anycast DNS resolver. See [[DNS forwarder configuration|Services DNS Configuration]]. |
|
| 5 | 19 | |
| 6 | 20 | ## Anycast DNS |
| 7 | 21 |