dnsvizor, first article
This commit is contained in:
parent
06b0b673c6
commit
52d6ce6b67
1 changed files with 85 additions and 0 deletions
85
articles/dnsvizor01.md
Normal file
85
articles/dnsvizor01.md
Normal file
|
@ -0,0 +1,85 @@
|
||||||
|
---
|
||||||
|
date: 2024-10-25
|
||||||
|
title: Meet DNSvizor: run your DHCP and DNS MirageOS unikernel
|
||||||
|
description:
|
||||||
|
The NGI-funded DNSvizor provides core network services on your network; DNS resolution and DHCP.
|
||||||
|
tags:
|
||||||
|
- OCaml
|
||||||
|
- MirageOS
|
||||||
|
- DNSvizor
|
||||||
|
author:
|
||||||
|
name: Hannes Mehnert
|
||||||
|
email: hannes@mehnert.org
|
||||||
|
link: https://hannes.robur.coop
|
||||||
|
---
|
||||||
|
|
||||||
|
TL;DR: We got [NGI0 Entrust (via NLnet)](https://nlnet.nl/entrust/) funding for developing
|
||||||
|
[DNSvizor](https://nlnet.nl/project/DNSvizor/) - a DNS resolver and
|
||||||
|
DHCP server. Please help us by [showing us your dnsmasq
|
||||||
|
configuration](https://github.com/robur-coop/dnsvizor/issues/new), so we can
|
||||||
|
prioritize the configuration options to support.
|
||||||
|
|
||||||
|
## Introduction
|
||||||
|
|
||||||
|
The [dynamic host configuration protocol (DHCP)](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol)
|
||||||
|
is fundamental in today's Internet and local networks. It usually runs on your
|
||||||
|
router (or as a dedicated independent service) and automatically configures
|
||||||
|
computers that join your network (for example wireless laptops, smartphones)
|
||||||
|
with an IP address, routing information, a DNS resolver, etc. No manual
|
||||||
|
configuration is needed once your friends' smartphone got the password of your
|
||||||
|
wireless network \o/
|
||||||
|
|
||||||
|
The [domain name system (DNS)](https://en.wikipedia.org/wiki/Domain_Name_System)
|
||||||
|
is responsible for translating domain names (such as "robur.coop", "nlnet.nl")
|
||||||
|
to IP addresses (such as 193.30.40.138 or 2a0f:7cc7:7cc7:7c40::138) - used by
|
||||||
|
computers to talk to each other. Humans can remember domain names instead of
|
||||||
|
memorizing IP addresses. Computers than use DNS to translate these domain names
|
||||||
|
to IP addresses to communicate with. DNS is a hierarchic, distributed,
|
||||||
|
faul-tolerant service.
|
||||||
|
|
||||||
|
These two protocols are fundamental to today's Internet: without them it would
|
||||||
|
be much harder for humans to use it.
|
||||||
|
|
||||||
|
## DNSvizor
|
||||||
|
|
||||||
|
We at [robur](https://robur.coop) got funding (from
|
||||||
|
[NGI0 Entrust via NLnet](https://nlnet.nl/project/DNSvizor/)) to continue our work on
|
||||||
|
[DNSvizor](https://github.com/robur-coop/dnsvizor) - a
|
||||||
|
[MirageOS unikernel](https://mirageos.org) that provides DNS resolution and
|
||||||
|
DHCP service for a network. This is fully implemented in
|
||||||
|
[OCaml](https://ocaml.org).
|
||||||
|
|
||||||
|
Already at our [MirageOS retreats](https://retreat.mirageos.org) we deployed
|
||||||
|
such unikernel, to test our [DHCP implementation](https://github.com/mirage/charrua)
|
||||||
|
and our [DNS resolver](https://github.com/mirage/ocaml-dns) - and found and
|
||||||
|
fixed issues on-site. At the retreats we have a very limited Internet uplink,
|
||||||
|
thus caching DNS queries and answers is great for reducing the load on the
|
||||||
|
uplink.
|
||||||
|
|
||||||
|
Thanks to the funding we received, we'll be able to work on improving the
|
||||||
|
performance, but also to finish our DNSSec implementation, provide DNS-over-TLS
|
||||||
|
and DNS-over-HTTPS services, and also a web interface. DNSvizor will use the
|
||||||
|
existing [dnsmasq](https://thekelleys.org.uk/dnsmasq/doc.html) configuration
|
||||||
|
syntax, and provide lots of features from dnsmasq, and also provide features
|
||||||
|
such as block lists from [pi-hole](https://pi-hole.net/).
|
||||||
|
|
||||||
|
We are at a point where the [basic unikernel (our MVP)](https://github.com/robur-coop/dnsvizor)
|
||||||
|
- providing DNS and DHCP services - is ready, and we provide
|
||||||
|
[reproducible binary builds](https://builds.robur.coop/job/dnsvizor). Phew. This
|
||||||
|
means that the first step is done.
|
||||||
|
|
||||||
|
We are now curious on concrete usages of dnsmasq and the configurations you use.
|
||||||
|
If you're interested in dnsvizor, please [open an issue at our repository](https://github.com/robur-coop/dnsvizor/issues/new)
|
||||||
|
with your dnsmasq configuration. This will help us to guide which parts of the configuration to prioritize.
|
||||||
|
|
||||||
|
## Conclusion
|
||||||
|
|
||||||
|
DNSvizor provides DNS resolution and DHCP service for your network, and already
|
||||||
|
exists :). Please report issues you encounter and questions you may have. Also,
|
||||||
|
if you use dnsmasq, please [show us your configuration](https://github.com/robur-coop/dnsvizor/issues/new).
|
||||||
|
|
||||||
|
If you're interested in MirageOS and using it in your domain, don't hesitate
|
||||||
|
to reach out to us (via eMail: team@robur.coop) - we're keen to deploy MirageOS
|
||||||
|
and find more domains where it is useful. If you can spare a dime, we're a
|
||||||
|
registered non-profit in Germany - and can provide tax-deductable receipts for
|
||||||
|
donations ([more information](https://robur.coop/Donate)).
|
Loading…
Reference in a new issue