117 lines
7.1 KiB
HTML
117 lines
7.1 KiB
HTML
|
<!doctype html>
|
||
|
<html lang="en">
|
||
|
<head>
|
||
|
<meta charset="utf-8">
|
||
|
<meta http-equiv="x-ua-compatible" content="ie=edge">
|
||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||
|
<title>
|
||
|
Robur's blog - Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel
|
||
|
</title>
|
||
|
<meta name="description" content="The NGI-funded DNSvizor provides core network services on your network; DNS resolution and DHCP.">
|
||
|
<link type="text/css" rel="stylesheet" href="/css/hl.css">
|
||
|
<link type="text/css" rel="stylesheet" href="/css/style.css">
|
||
|
<script src="/js/hl.js"></script>
|
||
|
<link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
|
||
|
</head>
|
||
|
<body>
|
||
|
<header>
|
||
|
<h1>blog.robur.coop</h1>
|
||
|
<blockquote>
|
||
|
The <strong>Robur</strong> cooperative blog.
|
||
|
</blockquote>
|
||
|
</header>
|
||
|
<main><a href="/index.html">Back to index</a>
|
||
|
|
||
|
<article>
|
||
|
<h1>Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</h1>
|
||
|
<ul class="tags-list"><li><a href="/tags.html#tag-OCaml">OCaml</a></li><li><a href="/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="/tags.html#tag-DNSvizor">DNSvizor</a></li></ul><p>TL;DR: We got <a href="https://nlnet.nl/entrust/">NGI0 Entrust (via NLnet)</a> funding for developing
|
||
|
<a href="https://nlnet.nl/project/DNSvizor/">DNSvizor</a> - a DNS resolver and
|
||
|
DHCP server. Please help us by <a href="https://github.com/robur-coop/dnsvizor/issues/new">sharing with us your dnsmasq
|
||
|
configuration</a>, so we can
|
||
|
prioritize the configuration options to support.</p>
|
||
|
<h2 id="introduction"><a class="anchor" aria-hidden="true" href="#introduction"></a>Introduction</h2>
|
||
|
<p>The <a href="https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol">dynamic host configuration protocol (DHCP)</a>
|
||
|
is fundamental in today's Internet and local networks. It usually runs on your
|
||
|
router (or as a dedicated independent service) and automatically configures
|
||
|
computers that join your network (for example wireless laptops, smartphones)
|
||
|
with an IP address, routing information, a DNS resolver, etc. No manual
|
||
|
configuration is needed once your friends' smartphone got the password of your
|
||
|
wireless network \o/</p>
|
||
|
<p>The <a href="https://en.wikipedia.org/wiki/Domain_Name_System">domain name system (DNS)</a>
|
||
|
is responsible for translating domain names (such as "robur.coop", "nlnet.nl")
|
||
|
to IP addresses (such as 193.30.40.138 or 2a0f:7cc7:7cc7:7c40::138) - used by
|
||
|
computers to talk to each other. Humans can remember domain names instead of
|
||
|
memorizing IP addresses. Computers then use DNS to translate these domain names
|
||
|
to IP addresses to communicate with. DNS is a hierarchic, distributed,
|
||
|
faul-tolerant service.</p>
|
||
|
<p>These two protocols are fundamental to today's Internet: without them it would
|
||
|
be much harder for humans to use it.</p>
|
||
|
<h2 id="dnsvizor"><a class="anchor" aria-hidden="true" href="#dnsvizor"></a>DNSvizor</h2>
|
||
|
<p>We at <a href="https://robur.coop">robur</a> got funding (from
|
||
|
<a href="https://nlnet.nl/project/DNSvizor/">NGI0 Entrust via NLnet</a>) to continue our work on
|
||
|
<a href="https://github.com/robur-coop/dnsvizor">DNSvizor</a> - a
|
||
|
<a href="https://mirageos.org">MirageOS unikernel</a> that provides DNS resolution and
|
||
|
DHCP service for a network. This is fully implemented in
|
||
|
<a href="https://ocaml.org">OCaml</a>.</p>
|
||
|
<p>Already at our <a href="https://retreat.mirageos.org">MirageOS retreats</a> we deployed
|
||
|
such unikernel, to test our <a href="https://github.com/mirage/charrua">DHCP implementation</a>
|
||
|
and our <a href="https://github.com/mirage/ocaml-dns">DNS resolver</a> - and found and
|
||
|
fixed issues on-site. At the retreats we have a very limited Internet uplink,
|
||
|
thus caching DNS queries and answers is great for reducing the load on the
|
||
|
uplink.</p>
|
||
|
<p>Thanks to the funding we received, we'll be able to work on improving the
|
||
|
performance, but also to finish our DNSSec implementation, provide DNS-over-TLS
|
||
|
and DNS-over-HTTPS services, and also a web interface. DNSvizor will use the
|
||
|
existing <a href="https://thekelleys.org.uk/dnsmasq/doc.html">dnsmasq</a> configuration
|
||
|
syntax, and provide lots of features from dnsmasq, and also provide features
|
||
|
such as block lists from <a href="https://pi-hole.net/">pi-hole</a>.</p>
|
||
|
<p>We are at a point where the <a href="https://github.com/robur-coop/dnsvizor">basic unikernel (our MVP)</a></p>
|
||
|
<ul>
|
||
|
<li>providing DNS and DHCP services - is ready, and we provide
|
||
|
<a href="https://builds.robur.coop/job/dnsvizor">reproducible binary builds</a>. Phew. This
|
||
|
means that the first step is done. The <code>--dhcp-range</code> from dnsmasq is already
|
||
|
being parsed.</li>
|
||
|
</ul>
|
||
|
<p>We are now curious on concrete usages of dnsmasq and the configurations you use.
|
||
|
If you're interested in dnsvizor, please <a href="https://github.com/robur-coop/dnsvizor/issues/new">open an issue at our repository</a>
|
||
|
with your dnsmasq configuration. This will help us to guide which parts of the configuration to prioritize.</p>
|
||
|
<h2 id="usages-of-dnsvizor"><a class="anchor" aria-hidden="true" href="#usages-of-dnsvizor"></a>Usages of DNSvizor</h2>
|
||
|
<p>We have several use cases for DNSvizor:</p>
|
||
|
<ul>
|
||
|
<li>at your home router to provide DNS resolution and DHCP service, filtering ads,</li>
|
||
|
<li>in the datacenter auto-configuring your machine park,</li>
|
||
|
<li>when running your unikernel swarm to auto-configure them.</li>
|
||
|
</ul>
|
||
|
<p>The first one is where pi-hole as well fits into, and where dnsmasq is used quite
|
||
|
a lot. The second one is also a domain where dnsmasq is used. The third one is
|
||
|
from our experience that lots of people struggle with deploying MirageOS
|
||
|
unikernels since they have to manually do IP configuration etc. We ourselves
|
||
|
also pass additional information to the unikernels, such as syslog host,
|
||
|
monitoring sink, X.509 certificates or host names, do some DNS provisioning, ...</p>
|
||
|
<p>With DNSvizor we will leverage the common configuration options of all
|
||
|
unikernels (reducing the need for boot arguments), and also go a bit further
|
||
|
and make deployment seamless (including adding hostnames to DNS, forwarding
|
||
|
from our reverse TLS proxy, etc.).</p>
|
||
|
<h2 id="conclusion"><a class="anchor" aria-hidden="true" href="#conclusion"></a>Conclusion</h2>
|
||
|
<p><a href="https://github.com/robur-coop/dnsvizor">DNSvizor</a> provides DNS resolution and
|
||
|
DHCP service for your network, and <a href="https://builds.robur.coop/job/dnsvizor">already exists</a> :).
|
||
|
Please <a href="https://github.com/robur-coop/dnsvizor/issues/">report issues</a> you
|
||
|
encounter and questions you may have. Also, if you use dnsmasq, please
|
||
|
<a href="https://github.com/robur-coop/dnsvizor/issues/new">show us your configuration</a>.</p>
|
||
|
<p>If you're interested in MirageOS and using it in your domain, don't hesitate
|
||
|
to reach out to us (via eMail: team@robur.coop) - we're keen to deploy MirageOS
|
||
|
and find more domains where it is useful. If you can
|
||
|
<a href="https://robur.coop/Donate">spare a dime</a>, we're a registered non-profit in
|
||
|
Germany - and can provide tax-deductable receipts in Europe.</p>
|
||
|
|
||
|
</article>
|
||
|
|
||
|
</main>
|
||
|
<footer>
|
||
|
<a href="https://github.com/xhtmlboi/yocaml">Powered by <strong>YOCaml</strong></a>
|
||
|
<br />
|
||
|
</footer>
|
||
|
<script>hljs.highlightAll();</script>
|
||
|
</body>
|
||
|
</html>
|