Requirements

• Local DNS resolution
• Forwarding of DNS resolution for GeolocationTunneling
• Fallback to reliable DNS

Optional

• Caching

Implementation

• Perimeter Router - local and forwarding using dnsmasq
• Hastur

---

SRV records for XMPP

http://prosody.im/doc/dns

• _xmpp-client is for client-to-server connections
• _xmpp-server is for server-to-server connections

For GTalk:

_xmpp-client._tcp 10800 IN SRV 20 0 5222 alt1.xmpp-server.l.google.com.
_xmpp-client._tcp 10800 IN SRV 20 0 5222 alt2.xmpp-server.l.google.com.
_xmpp-client._tcp 10800 IN SRV 20 0 5222 alt3.xmpp-server.l.google.com.
_xmpp-client._tcp 10800 IN SRV 20 0 5222 alt4.xmpp-server.l.google.com.
_xmpp-client._tcp 10800 IN SRV 5 0 5222 xmpp-server.l.google.com.
_xmpp-server._tcp 10800 IN SRV 20 0 5269 alt1.xmpp-server.l.google.com.
_xmpp-server._tcp 10800 IN SRV 20 0 5269 alt2.xmpp-server.l.google.com.
_xmpp-server._tcp 10800 IN SRV 20 0 5269 alt3.xmpp-server.l.google.com.
_xmpp-server._tcp 10800 IN SRV 20 0 5269 alt4.xmpp-server.l.google.com.
_xmpp-server._tcp 10800 IN SRV 5 0 5269 xmpp-server.l.google.com.

---

Obsolete Configuration Plans

These requirements were largely meant for the publically accessible network now implemented by Yuggoth.

Requirements

• Separation of Auth and Resolving services
• Separation of public and non-public network information
• 3 Authoritative DNS servers
  • Primary public
  • Secondary public
  • Private
• Recursive (Caching) Resolvers
• Auth DNS supporting
  • A
  • AAAA (IPv6)
  • MX (Mail)
  • SRV (for VoIP)
  • Zone transfers
• Local Caching DNS

This involves eventually having three authoritative nameservers.

• Two for publicly accessible systems (DNS1 and an off-site Secondary)
• A third for the private net (DNS2)

Phase I requires a single authoritative DNS server (Niggurath) for publicly accessible systems and one caching DNS (for resolving non-local addresses).

Complete local network info is maintained in /etc/hosts files.

When a public domain name is registered a secondary will be set up using a free DNS service.

Phase II requires a second DNS server, located on the Private Subnet, to handle all Private Subnet records and (optionally) cache queries from private systems. The primary DNS is reconfigured as a forwarder for queries from the private DNS.

Phase III requires a walldns-like record for wireless (IPv6) clients.

Components

• Authoritative
• Caching

Available DNS servers

http://en.wikipedia.org/wiki/Comparison_of_DNS_server_software

Auth & Cache

• BIND
• djbdns (dnscache, tinydns)

Auth only

• NSD - http://www.nlnetlabs.nl/nsd/

Free DNS services

• http://freedns.afraid.org/
• http://www.dollardns.net/hosting.html
• http://www.xname.org/ (No SRV records)

---

Log

2006-04-22 BIND too buggy, too cludgy.
djbdns, like qmail is unmaintained. AAAA and SRV?