mirror of https://codeberg.org/CRXN/docs.git
remove old files
Signed-off-by: Marek Küthe <m.k@mk16.de>
This commit is contained in:
parent
79f6927ae8
commit
8c8e80dfec
|
@ -1,4 +0,0 @@
|
||||||
CRXN DNS
|
|
||||||
========
|
|
||||||
|
|
||||||
**CRXN DNS** is coming soon.
|
|
124
docs/dns/home.md
124
docs/dns/home.md
|
@ -1,124 +0,0 @@
|
||||||
# Servers
|
|
||||||
|
|
||||||
## Rekursiv
|
|
||||||
|
|
||||||
| DNS | IP address |
|
|
||||||
| --- | --- |
|
|
||||||
| recur1.bandura.crxn | fd92:58b6:2b2::5353 |
|
|
||||||
|
|
||||||
## Authoritiv
|
|
||||||
|
|
||||||
# Resolve CRXN domains only
|
|
||||||
|
|
||||||
Advantage:
|
|
||||||
- Very simple configuration
|
|
||||||
|
|
||||||
Disadvantage:
|
|
||||||
- No more access to Clearnet domains
|
|
||||||
- Dependence on one server
|
|
||||||
|
|
||||||
You can enter a recursive CRXN server as your DNS server in the operating system.
|
|
||||||
|
|
||||||
The configuration of this differs depending on the operating system. For example, in Debian without NetworkManager, you can add the following to `/etc/resolv.conf`:
|
|
||||||
```
|
|
||||||
nameserver fd92:58b6:2b2::5353
|
|
||||||
```
|
|
||||||
|
|
||||||
# Run your own forwarder
|
|
||||||
|
|
||||||
Advantage:
|
|
||||||
- Simple configuration
|
|
||||||
|
|
||||||
Disadvantage:
|
|
||||||
- Dependence on one server
|
|
||||||
|
|
||||||
With this method, you run a small DNS server of your own, which receives and forwards requests. This is suitable for one computer or very small networks.
|
|
||||||
|
|
||||||
There are several software you can use for this.
|
|
||||||
|
|
||||||
## Coredns
|
|
||||||
|
|
||||||
This guide is for Debian based systems.
|
|
||||||
First you need to download Coredns. You can find the software at https://coredns.io/. As a download package you get a compressed file. Extract it and make the file `coredns` executable and copy it into the directory `/usr/local/bin`.
|
|
||||||
```
|
|
||||||
$tar xvf coredns_1.10.0_linux_amd64.tgz
|
|
||||||
$chmod +x coredns
|
|
||||||
$sudo cp coredns /usr/local/bin/
|
|
||||||
```
|
|
||||||
|
|
||||||
To start Coredns automatically you can create a Systemd unit:
|
|
||||||
```
|
|
||||||
$ editor /etc/systemd/system/coredns.service
|
|
||||||
```
|
|
||||||
|
|
||||||
Paste the following:
|
|
||||||
```
|
|
||||||
[Unit]
|
|
||||||
Description=CoreDNS DNS server
|
|
||||||
Documentation=https://coredns.io/
|
|
||||||
After=network.target
|
|
||||||
After=alfis.service
|
|
||||||
After=meshnamed.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
PermissionsStartOnly=true
|
|
||||||
LimitNOFILE=1048576
|
|
||||||
LimitNPROC=512
|
|
||||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
|
||||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
||||||
NoNewPrivileges=true
|
|
||||||
User=coredns
|
|
||||||
ExecStart=/usr/local/bin/coredns -conf=/etc/coredns/Corefile
|
|
||||||
ExecReload=/bin/kill -SIGUSR1 $MAINPID
|
|
||||||
Restart=on-failure
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
```
|
|
||||||
|
|
||||||
After that reload systemd:
|
|
||||||
```
|
|
||||||
$sudo systemctl daemon-reload
|
|
||||||
```
|
|
||||||
|
|
||||||
To isolate Coredns, you create a new user:
|
|
||||||
```
|
|
||||||
$sudo adduser --home /etc/coredns/ --disabled-password --disabled-login coredns
|
|
||||||
```
|
|
||||||
|
|
||||||
After that you can create and edit the Coredns configuration file `Corefile`:
|
|
||||||
```
|
|
||||||
editor /etc/coredns/Corefile
|
|
||||||
```
|
|
||||||
|
|
||||||
Paste the following:
|
|
||||||
```
|
|
||||||
crxn., d.f.ip6.arpa. {
|
|
||||||
loop
|
|
||||||
bind 127.0.0.1 ::1
|
|
||||||
forward . fd92:58b6:2b2::5353
|
|
||||||
}
|
|
||||||
```
|
|
||||||
Replace `fd92:58b6:2b2::5353` with your preferred recursive server.
|
|
||||||
With `bind 127.0.0.1 ::1` you bind Coredns to your local machine only, so no one else can access it. If you want to create a network forwarder, you have to remove this line. If you want to restrict the forwarder access only to a specific network, you can use the [ACL Plugin](https://coredns.io/plugins/acl/).
|
|
||||||
|
|
||||||
To resolve Clearnet domains, insert the following:
|
|
||||||
```
|
|
||||||
. {
|
|
||||||
loop
|
|
||||||
bind 127.0.0.1 ::1
|
|
||||||
forward . tls://1.1.1.1 tls://1.0.0.1 tls://2606:4700:4700::1111 tls://2606:4700:4700::1001 {
|
|
||||||
tls_servername 1dot1dot1dot1.cloudflare-dns.com
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,124 +0,0 @@
|
||||||
# Servers
|
|
||||||
|
|
||||||
## Rekursiv
|
|
||||||
|
|
||||||
| DNS | IP address |
|
|
||||||
| --- | --- |
|
|
||||||
| recur1.bandura.crxn | fd92:58b6:2b2::5353 |
|
|
||||||
|
|
||||||
## Authoritiv
|
|
||||||
|
|
||||||
# Resolve CRXN domains only
|
|
||||||
|
|
||||||
Advantage:
|
|
||||||
- Very simple configuration
|
|
||||||
|
|
||||||
Disadvantage:
|
|
||||||
- No more access to Clearnet domains
|
|
||||||
- Dependence on one server
|
|
||||||
|
|
||||||
You can enter a recursive CRXN server as your DNS server in the operating system.
|
|
||||||
|
|
||||||
The configuration of this differs depending on the operating system. For example, in Debian without NetworkManager, you can add the following to `/etc/resolv.conf`:
|
|
||||||
```
|
|
||||||
nameserver fd92:58b6:2b2::5353
|
|
||||||
```
|
|
||||||
|
|
||||||
# Run your own forwarder
|
|
||||||
|
|
||||||
Advantage:
|
|
||||||
- Simple configuration
|
|
||||||
|
|
||||||
Disadvantage:
|
|
||||||
- Dependence on one server
|
|
||||||
|
|
||||||
With this method, you run a small DNS server of your own, which receives and forwards requests. This is suitable for one computer or very small networks.
|
|
||||||
|
|
||||||
There are several software you can use for this.
|
|
||||||
|
|
||||||
## Coredns
|
|
||||||
|
|
||||||
This guide is for Debian based systems.
|
|
||||||
First you need to download Coredns. You can find the software at https://coredns.io/. As a download package you get a compressed file. Extract it and make the file `coredns` executable and copy it into the directory `/usr/local/bin`.
|
|
||||||
```
|
|
||||||
$tar xvf coredns_1.10.0_linux_amd64.tgz
|
|
||||||
$chmod +x coredns
|
|
||||||
$sudo cp coredns /usr/local/bin/
|
|
||||||
```
|
|
||||||
|
|
||||||
To start Coredns automatically you can create a Systemd unit:
|
|
||||||
```
|
|
||||||
$ editor /etc/systemd/system/coredns.service
|
|
||||||
```
|
|
||||||
|
|
||||||
Paste the following:
|
|
||||||
```
|
|
||||||
[Unit]
|
|
||||||
Description=CoreDNS DNS server
|
|
||||||
Documentation=https://coredns.io/
|
|
||||||
After=network.target
|
|
||||||
After=alfis.service
|
|
||||||
After=meshnamed.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
PermissionsStartOnly=true
|
|
||||||
LimitNOFILE=1048576
|
|
||||||
LimitNPROC=512
|
|
||||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
|
||||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
||||||
NoNewPrivileges=true
|
|
||||||
User=coredns
|
|
||||||
ExecStart=/usr/local/bin/coredns -conf=/etc/coredns/Corefile
|
|
||||||
ExecReload=/bin/kill -SIGUSR1 $MAINPID
|
|
||||||
Restart=on-failure
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
```
|
|
||||||
|
|
||||||
After that reload systemd:
|
|
||||||
```
|
|
||||||
$sudo systemctl daemon-reload
|
|
||||||
```
|
|
||||||
|
|
||||||
To isolate Coredns, you create a new user:
|
|
||||||
```
|
|
||||||
$sudo adduser --home /etc/coredns/ --disabled-password --disabled-login coredns
|
|
||||||
```
|
|
||||||
|
|
||||||
After that you can create and edit the Coredns configuration file `Corefile`:
|
|
||||||
```
|
|
||||||
editor /etc/coredns/Corefile
|
|
||||||
```
|
|
||||||
|
|
||||||
Paste the following:
|
|
||||||
```
|
|
||||||
crxn., d.f.ip6.arpa. {
|
|
||||||
loop
|
|
||||||
bind 127.0.0.1 ::1
|
|
||||||
forward . fd92:58b6:2b2::5353
|
|
||||||
}
|
|
||||||
```
|
|
||||||
Replace `fd92:58b6:2b2::5353` with your preferred recursive server.
|
|
||||||
With `bind 127.0.0.1 ::1` you bind Coredns to your local machine only, so no one else can access it. If you want to create a network forwarder, you have to remove this line. If you want to restrict the forwarder access only to a specific network, you can use the [ACL Plugin](https://coredns.io/plugins/acl/).
|
|
||||||
|
|
||||||
To resolve Clearnet domains, insert the following:
|
|
||||||
```
|
|
||||||
. {
|
|
||||||
loop
|
|
||||||
bind 127.0.0.1 ::1
|
|
||||||
forward . tls://1.1.1.1 tls://1.0.0.1 tls://2606:4700:4700::1111 tls://2606:4700:4700::1001 {
|
|
||||||
tls_servername 1dot1dot1dot1.cloudflare-dns.com
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue