AS112 Setup and Configuration Help Page (last updated: 31-May-2003-JMB)
Click here for more information on the AS-112
Project.
The purpose of this site is to help those that wish to configure a AS112 system. Configuring an AS-112 server and anycasting it within your local network or exchange point is a GoodThing(tm). It will capture RFC-1918 DNS queries and updates within your network thus preventing that traffic from going towards the root-dns servers. For those that would like to read more about this problem I have a internet-draft that I'm working on located here. It has not been published on any IETF WG yet as I'm finishing it up.
|
||||||||||||
Configuring an AS112 server is quite simple and easy to do First you need a dedicated machine. Depending on how you plan to use this server it could see upwards of 2000 queries (UDP and or TCP) per second. So plan as needed...A basic beginning would be:
Next you need name server software. I recommend BIND 8-latest, but BIND-9-latest will also work just fine. You can find BIND-8 here and BIND-9 here There is other DNS server software out there as well. Some works better than others. Another good choice would be NSD which you can learn more about here You have two ways of dealing with routing. 1. You can assign the AS112 prefix to your server and setup a static route on your router. This will prevent you from announcing the prefix with AS112 as the origin, not-recommended for transit providers or IX's, but it does work. This method is the easy way for companies that what to inject this locally but not deal with BGP and such. 2. You can use ZEBRA or Quagga Routing Suite as a BGP speaker on your AS112 server. This will allow you to inject via BGP the DNS servers prefix with AS112 being the origin AS. Much better solution for IX and service providers. (More info on using Quagga coming shortly) Last choice is OS. While I personally favor BSD, Linux, Solaris or any other flavor of UN*X will work just fine. Please don't come to me if you use Windows. I don't know windows DNS and thus have NO way to help you. Next you build the machine, and software components. Default config options worked just fine for us when building the software. Once you have the machine built, OS loaded, a name server running, and Zebra installed its time to configure the software. I'm assuming that the reader knows how to rumble around a UNIX machine.
OS Config: Not much needed here. I'd install some level of host based packet filters (ipfw, ipchains, etc) that limit the box to only port 53 (UDP and TCP) and 22 (TCP) and any others that you might absolutely need. Kill daemons that you aren't going to use like, inetd, sendmail, nfs goop (portmap, rpc.statd, mountd, etc), telnet, ftp, and such. Ya don't need them Your ethernet interface will have 4 IP addresses assigned (there might be a better way with zebra, need to research it abit more). The first IP is the unicast IP for the machine, this will come from your local pool of IP addresses. The next three are from the AS112 project: 192.175.48.1, 192.175.48.6, 192.175.48.42 The last thing you will need to do is make sure your kernel is configured to handle the large number TCP connections you may receive, number of send and receive buffers and such. Make sure you watch your memory requirements when making these changes. This depends on the size of the community that will have access to your box. Since the choice of OS's is left to the reader, so is the details on how to tune your kernel. Some reference sites are: Rob Thomas ala CYMRU: http://www.cymru.com/Documents/ip-stack-tuning.html FreeBSD: http://www.freebsd.org/cgi/man.cgi?query=tuning
Next Configuring ZEBRA. Setting up Zebra is pretty straight forward. If you have done BGP configs before this will look a lot like a Cisco config. Here is my ZEBRA config. If you have comments or better ways to do things, feed back is appreciated ! -*- zebra -*- ! -*- zebra -*-
Next is setting up your DNS server. We will provide a code sample for BIND 8/9 Others DNS server programs typically have some way of converting a BIND config to their format. named.conf: options { dump-file "s/named_dump.db"; zone "0.0.127.IN-ADDR.ARPA" { zone "10.in-addr.arpa" { type master; file "m/db.RFC-1918"; }; zone "16.172.in-addr.arpa" { type master; file "m/db.RFC-1918";
}; zone "168.192.in-addr.arpa" { type master; file "m/db.RFC-1918"; }; zone "254.169.in-addr.arpa" { type master; file "m/db.RFC-1918"; }; zone "hostname.as112.net" { type master; file "m/db.hostname.as112.net"; };
Next you need to create your RFC-1918 zone file db.RFC-1918 zone file: $TTL 300 The db.hostname.as112.net zone file: $TTL 300 TXT "IXNM, Inc. New Mexico's only Neutral
IX" You should change the text in the TXT records above to reflect YOUR configuration.
All that's left is starting up your name server, and zebra and testing with some dig commands. You should make sure your start-up scripts, things like rc.d scripts, are configured to start your name server and zebra when the box is booted up. I would recommend that you start your name server first. Make sure its running (you can test for a PID) and then start zebra. No need in having Zebra running and traffic flowing that you can't answer because your name server isn't running. :)
If you have any feed back, comments, or corrections, please email them
to
|
||||||||||||
Legal Notice: The contents of this page is Copyright 2003,2004,2005, Chagres Research, Inc. All rights reserved. You are allowed to link to or reproduce this page as long as proper credit is given. The authors and Chagres Research, Inc. are NOT liable for any damages that may occur from the use or misuse of the information contained on this web page. By using this web page and its information you agree to hold Chagres Research, Inc and the authors free from liability for your use or misuse of this information. This information is provided AS IS WITH NO WARANTY OF ANY KIND. |