# Servers

## Rekursiv

| DNS | IP address |
| --- | --- |
| recur1.bandura.crxn | fd92:58b6:2b2::5353 |

## Authoritiv

# Resolve CRXN domains only

Advantage:
- Very simple configuration

Disadvantage:
- No more access to Clearnet domains
- Dependence on one server

You can enter a recursive CRXN server as your DNS server in the operating system.

The configuration of this differs depending on the operating system. For example, in Debian without NetworkManager, you can add the following to `/etc/resolv.conf`:
```
nameserver fd92:58b6:2b2::5353
```

# Run your own forwarder

Advantage:
- Simple configuration

Disadvantage:
- Dependence on one server

With this method, you run a small DNS server of your own, which receives and forwards requests. This is suitable for one computer or very small networks.

There are several software you can use for this.

## Coredns

This guide is for Debian based systems.
First you need to download Coredns. You can find the software at https://coredns.io/. As a download package you get a compressed file. Extract it and make the file `coredns` executable and copy it into the directory `/usr/local/bin`.
```
$tar xvf coredns_1.10.0_linux_amd64.tgz
$chmod +x coredns
$sudo cp coredns /usr/local/bin/
```

To start Coredns automatically you can create a Systemd unit:
```
$ editor /etc/systemd/system/coredns.service
```

Paste the following:
```
[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io/
After=network.target
After=alfis.service
After=meshnamed.service

[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
ExecStart=/usr/local/bin/coredns -conf=/etc/coredns/Corefile
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure

[Install]
WantedBy=multi-user.target
```

After that reload systemd:
```
$sudo systemctl daemon-reload
```

To isolate Coredns, you create a new user:
```
$sudo adduser --home /etc/coredns/ --disabled-password --disabled-login coredns
```

After that you can create and edit the Coredns configuration file `Corefile`:
```
editor /etc/coredns/Corefile
```

Paste the following:
```
crxn., d.f.ip6.arpa. {
  loop
  bind 127.0.0.1 ::1
  forward . fd92:58b6:2b2::5353
}
```
Replace `fd92:58b6:2b2::5353` with your preferred recursive server.
With `bind 127.0.0.1 ::1` you bind Coredns to your local machine only, so no one else can access it. If you want to create a network forwarder, you have to remove this line. If you want to restrict the forwarder access only to a specific network, you can use the [ACL Plugin](https://coredns.io/plugins/acl/).

To resolve Clearnet domains, insert the following:
```
. {
    loop
    bind 127.0.0.1 ::1
    forward . tls://1.1.1.1 tls://1.0.0.1 tls://2606:4700:4700::1111 tls://2606:4700:4700::1001 {
      tls_servername 1dot1dot1dot1.cloudflare-dns.com
    }
}

```