dnsvizor, first article

This commit is contained in:
Hannes Mehnert 2024-10-24 12:52:28 +02:00
parent 06b0b673c6
commit 52d6ce6b67

85
articles/dnsvizor01.md Normal file
View file

@ -0,0 +1,85 @@
---
date: 2024-10-25
title: Meet DNSvizor: run your DHCP and DNS MirageOS unikernel
description:
The NGI-funded DNSvizor provides core network services on your network; DNS resolution and DHCP.
tags:
- OCaml
- MirageOS
- DNSvizor
author:
name: Hannes Mehnert
email: hannes@mehnert.org
link: https://hannes.robur.coop
---
TL;DR: We got [NGI0 Entrust (via NLnet)](https://nlnet.nl/entrust/) funding for developing
[DNSvizor](https://nlnet.nl/project/DNSvizor/) - a DNS resolver and
DHCP server. Please help us by [showing us your dnsmasq
configuration](https://github.com/robur-coop/dnsvizor/issues/new), so we can
prioritize the configuration options to support.
## Introduction
The [dynamic host configuration protocol (DHCP)](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol)
is fundamental in today's Internet and local networks. It usually runs on your
router (or as a dedicated independent service) and automatically configures
computers that join your network (for example wireless laptops, smartphones)
with an IP address, routing information, a DNS resolver, etc. No manual
configuration is needed once your friends' smartphone got the password of your
wireless network \o/
The [domain name system (DNS)](https://en.wikipedia.org/wiki/Domain_Name_System)
is responsible for translating domain names (such as "robur.coop", "nlnet.nl")
to IP addresses (such as 193.30.40.138 or 2a0f:7cc7:7cc7:7c40::138) - used by
computers to talk to each other. Humans can remember domain names instead of
memorizing IP addresses. Computers than use DNS to translate these domain names
to IP addresses to communicate with. DNS is a hierarchic, distributed,
faul-tolerant service.
These two protocols are fundamental to today's Internet: without them it would
be much harder for humans to use it.
## DNSvizor
We at [robur](https://robur.coop) got funding (from
[NGI0 Entrust via NLnet](https://nlnet.nl/project/DNSvizor/)) to continue our work on
[DNSvizor](https://github.com/robur-coop/dnsvizor) - a
[MirageOS unikernel](https://mirageos.org) that provides DNS resolution and
DHCP service for a network. This is fully implemented in
[OCaml](https://ocaml.org).
Already at our [MirageOS retreats](https://retreat.mirageos.org) we deployed
such unikernel, to test our [DHCP implementation](https://github.com/mirage/charrua)
and our [DNS resolver](https://github.com/mirage/ocaml-dns) - and found and
fixed issues on-site. At the retreats we have a very limited Internet uplink,
thus caching DNS queries and answers is great for reducing the load on the
uplink.
Thanks to the funding we received, we'll be able to work on improving the
performance, but also to finish our DNSSec implementation, provide DNS-over-TLS
and DNS-over-HTTPS services, and also a web interface. DNSvizor will use the
existing [dnsmasq](https://thekelleys.org.uk/dnsmasq/doc.html) configuration
syntax, and provide lots of features from dnsmasq, and also provide features
such as block lists from [pi-hole](https://pi-hole.net/).
We are at a point where the [basic unikernel (our MVP)](https://github.com/robur-coop/dnsvizor)
- providing DNS and DHCP services - is ready, and we provide
[reproducible binary builds](https://builds.robur.coop/job/dnsvizor). Phew. This
means that the first step is done.
We are now curious on concrete usages of dnsmasq and the configurations you use.
If you're interested in dnsvizor, please [open an issue at our repository](https://github.com/robur-coop/dnsvizor/issues/new)
with your dnsmasq configuration. This will help us to guide which parts of the configuration to prioritize.
## Conclusion
DNSvizor provides DNS resolution and DHCP service for your network, and already
exists :). Please report issues you encounter and questions you may have. Also,
if you use dnsmasq, please [show us your configuration](https://github.com/robur-coop/dnsvizor/issues/new).
If you're interested in MirageOS and using it in your domain, don't hesitate
to reach out to us (via eMail: team@robur.coop) - we're keen to deploy MirageOS
and find more domains where it is useful. If you can spare a dime, we're a
registered non-profit in Germany - and can provide tax-deductable receipts for
donations ([more information](https://robur.coop/Donate)).