robur/blog.robur.coop
4
0
Fork 1
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Pushed by YOCaml 2

Browse source
This commit is contained in:
The Robur Team 2024-10-25 10:04:17 +00:00
parent 36a581e53e
commit ef7d2a697c
6 changed files with 168 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

116
articles/dnsvizor01.html Normal file
View file

@ -0,0 +1,116 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>
Robur's blogMeet DNSvizor: run your own DHCP and DNS MirageOS unikernel
</title>
<meta name="description" content="The NGI-funded DNSvizor provides core network services on your network; DNS resolution and DHCP.">
<link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/hl.css">
<link type="text/css" rel="stylesheet" href="https://blog.robur.coop/css/style.css">
<script src="https://blog.robur.coop/js/hl.js"></script>
<link rel="alternate" type="application/rss+xml" href="https://blog.robur.coop/feed.xml" title="blog.robur.coop">
</head>
<body>
<header>
<h1>blog.robur.coop</h1>
<blockquote>
The <strong>Robur</strong> cooperative blog.
</blockquote>
</header>
<main><a href="https://blog.robur.coop/index.html">Back to index</a>
<article>
<h1>Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</h1>
<ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="https://blog.robur.coop/tags.html#tag-DNSvizor">DNSvizor</a></li></ul><p>TL;DR: We got <a href="https://nlnet.nl/entrust/">NGI0 Entrust (via NLnet)</a> funding for developing
<a href="https://nlnet.nl/project/DNSvizor/">DNSvizor</a> - a DNS resolver and
DHCP server. Please help us by <a href="https://github.com/robur-coop/dnsvizor/issues/new">sharing with us your dnsmasq
configuration</a>, so we can
prioritize the configuration options to support.</p>
<h2 id="introduction"><a class="anchor" aria-hidden="true" href="#introduction"></a>Introduction</h2>
<p>The <a href="https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol">dynamic host configuration protocol (DHCP)</a>
is fundamental in today's Internet and local networks. It usually runs on your
router (or as a dedicated independent service) and automatically configures
computers that join your network (for example wireless laptops, smartphones)
with an IP address, routing information, a DNS resolver, etc. No manual
configuration is needed once your friends' smartphone got the password of your
wireless network \o/</p>
<p>The <a href="https://en.wikipedia.org/wiki/Domain_Name_System">domain name system (DNS)</a>
is responsible for translating domain names (such as &quot;robur.coop&quot;, &quot;nlnet.nl&quot;)
to IP addresses (such as 193.30.40.138 or 2a0f:7cc7:7cc7:7c40::138) - used by
computers to talk to each other. Humans can remember domain names instead of
memorizing IP addresses. Computers then use DNS to translate these domain names
to IP addresses to communicate with. DNS is a hierarchic, distributed,
faul-tolerant service.</p>
<p>These two protocols are fundamental to today's Internet: without them it would
be much harder for humans to use it.</p>
<h2 id="dnsvizor"><a class="anchor" aria-hidden="true" href="#dnsvizor"></a>DNSvizor</h2>
<p>We at <a href="https://robur.coop">robur</a> got funding (from
<a href="https://nlnet.nl/project/DNSvizor/">NGI0 Entrust via NLnet</a>) to continue our work on
<a href="https://github.com/robur-coop/dnsvizor">DNSvizor</a> - a
<a href="https://mirageos.org">MirageOS unikernel</a> that provides DNS resolution and
DHCP service for a network. This is fully implemented in
<a href="https://ocaml.org">OCaml</a>.</p>
<p>Already at our <a href="https://retreat.mirageos.org">MirageOS retreats</a> we deployed
such unikernel, to test our <a href="https://github.com/mirage/charrua">DHCP implementation</a>
and our <a href="https://github.com/mirage/ocaml-dns">DNS resolver</a> - and found and
fixed issues on-site. At the retreats we have a very limited Internet uplink,
thus caching DNS queries and answers is great for reducing the load on the
uplink.</p>
<p>Thanks to the funding we received, we'll be able to work on improving the
performance, but also to finish our DNSSec implementation, provide DNS-over-TLS
and DNS-over-HTTPS services, and also a web interface. DNSvizor will use the
existing <a href="https://thekelleys.org.uk/dnsmasq/doc.html">dnsmasq</a> configuration
syntax, and provide lots of features from dnsmasq, and also provide features
such as block lists from <a href="https://pi-hole.net/">pi-hole</a>.</p>
<p>We are at a point where the <a href="https://github.com/robur-coop/dnsvizor">basic unikernel (our MVP)</a></p>
<ul>
<li>providing DNS and DHCP services - is ready, and we provide
<a href="https://builds.robur.coop/job/dnsvizor">reproducible binary builds</a>. Phew. This
means that the first step is done. The <code>--dhcp-range</code> from dnsmasq is already
being parsed.</li>
</ul>
<p>We are now curious on concrete usages of dnsmasq and the configurations you use.
If you're interested in dnsvizor, please <a href="https://github.com/robur-coop/dnsvizor/issues/new">open an issue at our repository</a>
with your dnsmasq configuration. This will help us to guide which parts of the configuration to prioritize.</p>
<h2 id="usages-of-dnsvizor"><a class="anchor" aria-hidden="true" href="#usages-of-dnsvizor"></a>Usages of DNSvizor</h2>
<p>We have several use cases for DNSvizor:</p>
<ul>
<li>at your home router to provide DNS resolution and DHCP service, filtering ads,</li>
<li>in the datacenter auto-configuring your machine park,</li>
<li>when running your unikernel swarm to auto-configure them.</li>
</ul>
<p>The first one is where pi-hole as well fits into, and where dnsmasq is used quite
a lot. The second one is also a domain where dnsmasq is used. The third one is
from our experience that lots of people struggle with deploying MirageOS
unikernels since they have to manually do IP configuration etc. We ourselves
also pass additional information to the unikernels, such as syslog host,
monitoring sink, X.509 certificates or host names, do some DNS provisioning, ...</p>
<p>With DNSvizor we will leverage the common configuration options of all
unikernels (reducing the need for boot arguments), and also go a bit further
and make deployment seamless (including adding hostnames to DNS, forwarding
from our reverse TLS proxy, etc.).</p>
<h2 id="conclusion"><a class="anchor" aria-hidden="true" href="#conclusion"></a>Conclusion</h2>
<p><a href="https://github.com/robur-coop/dnsvizor">DNSvizor</a> provides DNS resolution and
DHCP service for your network, and <a href="https://builds.robur.coop/job/dnsvizor">already exists</a> :).
Please <a href="https://github.com/robur-coop/dnsvizor/issues/">report issues</a> you
encounter and questions you may have. Also, if you use dnsmasq, please
<a href="https://github.com/robur-coop/dnsvizor/issues/new">show us your configuration</a>.</p>
<p>If you're interested in MirageOS and using it in your domain, don't hesitate
to reach out to us (via eMail: team@robur.coop) - we're keen to deploy MirageOS
and find more domains where it is useful. If you can
<a href="https://robur.coop/Donate">spare a dime</a>, we're a registered non-profit in
Germany - and can provide tax-deductable receipts in Europe.</p>
</article>
</main>
<footer>
<a href="https://github.com/xhtmlboi/yocaml">Powered by <strong>YOCaml</strong></a>
<br />
</footer>
<script>hljs.highlightAll();</script>
</body>
</html>

14
atom.xml
View file

@ -3,12 +3,24 @@
<id>https://blog.robur.coop/atom.xml</id>
<title type="text">The Robur&apos;s blog</title>
<generator uri="https://github.com/xhtmlboi/yocaml" version="2">YOCaml</generator>
<updated>2024-10-22T00:00:00Z</updated>
<updated>2024-10-25T00:00:00Z</updated>
<author>
<name>The Robur Team</name>
</author>
<link href="https://blog.robur.coop/"/>
<link href="https://blog.robur.coop/atom.xml" rel="self"/>
<entry>
<id>https://blog.robur.coop//articles/dnsvizor01.html</id>
<title type="text">Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</title>
<updated>2024-10-25T00:00:00Z</updated>
<summary type="text">
The NGI-funded DNSvizor provides core network services on your network; DNS resolution and DHCP.
</summary>
<link href="https://blog.robur.coop//articles/dnsvizor01.html" rel="alternate" title="Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel"/>
<category term="OCaml"/>
<category term="MirageOS"/>
<category term="DNSvizor"/>
</entry>
<entry>
<id>https://blog.robur.coop//articles/arguments.html</id>
<title type="text">Runtime arguments in MirageOS</title>

11
feed.xml
View file

@ -5,9 +5,18 @@
<link>https://blog.robur.coop/</link>
<description><![CDATA[The Robur cooperative blog]]></description>
<atom:link href="https://blog.robur.coop/feed.xml" rel="self" type="application/rss+xml"/>
<lastBuildDate>Tue, 22 Oct 2024 00:00:00 GMT</lastBuildDate>
<lastBuildDate>Fri, 25 Oct 2024 00:00:00 GMT</lastBuildDate>
<docs>https://www.rssboard.org/rss-specification</docs>
<generator>YOCaml</generator>
<item>
<title>Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</title>
<link>https://blog.robur.coop//articles/dnsvizor01.html</link>
<description>
<![CDATA[The NGI-funded DNSvizor provides core network services on your network; DNS resolution and DHCP.]]>
</description>
<guid isPermaLink="true">https://blog.robur.coop//articles/dnsvizor01.html</guid>
<pubDate>Fri, 25 Oct 2024 00:00:00 GMT</pubDate>
</item>
<item>
<title>Runtime arguments in MirageOS</title>
<link>https://blog.robur.coop//articles/arguments.html</link>

13
index.html
View file

@ -25,6 +25,19 @@
<h3>Essays and ramblings</h3>
<ol reversed class="list-articles"><li>
<div class="side">
<a href="https://hannes.robur.coop">
<img src="https://www.gravatar.com/avatar/25558b4457cf73159f5427fdf2b4a717">
</a></div>
<div class="content">
<span class="date">2024-10-25</span>
<a href="https://blog.robur.coop/articles/dnsvizor01.html">Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</a><br />
<p>The NGI-funded DNSvizor provides core network services on your network; DNS resolution and DHCP.</p>
<div class="bottom">
<ul class="tags-list"><li><a href="https://blog.robur.coop/tags.html#tag-OCaml">OCaml</a></li><li><a href="https://blog.robur.coop/tags.html#tag-MirageOS">MirageOS</a></li><li><a href="https://blog.robur.coop/tags.html#tag-DNSvizor">DNSvizor</a></li></ul>
</div>
</div>
</li><li>
<div class="side">
<a href="https://hannes.robur.coop">
<img src="https://www.gravatar.com/avatar/25558b4457cf73159f5427fdf2b4a717">

8
rss1.xml
View file

@ -6,6 +6,7 @@
<description><![CDATA[The Robur cooperative blog]]></description>
<items>
<rdf:Seq>
<rdf:li resource="https://blog.robur.coop//articles/dnsvizor01.html"/>
<rdf:li resource="https://blog.robur.coop//articles/arguments.html"/>
<rdf:li resource="https://blog.robur.coop//articles/finances.html"/>
<rdf:li resource="https://blog.robur.coop//articles/2024-08-21-OpenVPN-and-MirageVPN.html"/>
@ -22,6 +23,13 @@
</rdf:Seq>
</items>
</channel>
<item rdf:about="https://blog.robur.coop//articles/dnsvizor01.html">
<title>Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</title>
<link>https://blog.robur.coop//articles/dnsvizor01.html</link>
<description>
<![CDATA[The NGI-funded DNSvizor provides core network services on your network; DNS resolution and DHCP.]]>
</description>
</item>
<item rdf:about="https://blog.robur.coop//articles/arguments.html">
<title>Runtime arguments in MirageOS</title>
<link>https://blog.robur.coop//articles/arguments.html</link>

11
tags.html
View file

@ -22,7 +22,7 @@
</header>
<main><a href="/index.html">Back to index</a>
<ul class="tags-list aeration"><li><a href="#tag-Community">Community</a></li><li><a href="#tag-Cstruct">Cstruct</a></li><li><a href="#tag-Git">Git</a></li><li><a href="#tag-MirageOS">MirageOS</a></li><li><a href="#tag-MirageVPN">MirageVPN</a></li><li><a href="#tag-OCaml">OCaml</a></li><li><a href="#tag-OpenVPN">OpenVPN</a></li><li><a href="#tag-Python">Python</a></li><li><a href="#tag-QubesOS">QubesOS</a></li><li><a href="#tag-Scheduler">Scheduler</a></li><li><a href="#tag-Unikernel">Unikernel</a></li><li><a href="#tag-VPN">VPN</a></li><li><a href="#tag-cooperative">cooperative</a></li><li><a href="#tag-cryptography">cryptography</a></li><li><a href="#tag-finances">finances</a></li><li><a href="#tag-functors">functors</a></li><li><a href="#tag-gpt">gpt</a></li><li><a href="#tag-mbr">mbr</a></li><li><a href="#tag-performance">performance</a></li><li><a href="#tag-persistent storage">persistent storage</a></li><li><a href="#tag-security">security</a></li><li><a href="#tag-tar">tar</a></li><li><a href="#tag-unicode">unicode</a></li><li><a href="#tag-unikernel">unikernel</a></li><li><a href="#tag-vpn">vpn</a></li></ul><div class="tag-box" id="tag-Community">
<ul class="tags-list aeration"><li><a href="#tag-Community">Community</a></li><li><a href="#tag-Cstruct">Cstruct</a></li><li><a href="#tag-DNSvizor">DNSvizor</a></li><li><a href="#tag-Git">Git</a></li><li><a href="#tag-MirageOS">MirageOS</a></li><li><a href="#tag-MirageVPN">MirageVPN</a></li><li><a href="#tag-OCaml">OCaml</a></li><li><a href="#tag-OpenVPN">OpenVPN</a></li><li><a href="#tag-Python">Python</a></li><li><a href="#tag-QubesOS">QubesOS</a></li><li><a href="#tag-Scheduler">Scheduler</a></li><li><a href="#tag-Unikernel">Unikernel</a></li><li><a href="#tag-VPN">VPN</a></li><li><a href="#tag-cooperative">cooperative</a></li><li><a href="#tag-cryptography">cryptography</a></li><li><a href="#tag-finances">finances</a></li><li><a href="#tag-functors">functors</a></li><li><a href="#tag-gpt">gpt</a></li><li><a href="#tag-mbr">mbr</a></li><li><a href="#tag-performance">performance</a></li><li><a href="#tag-persistent storage">persistent storage</a></li><li><a href="#tag-security">security</a></li><li><a href="#tag-tar">tar</a></li><li><a href="#tag-unicode">unicode</a></li><li><a href="#tag-unikernel">unikernel</a></li><li><a href="#tag-vpn">vpn</a></li></ul><div class="tag-box" id="tag-Community">
<h3>
<span>Community</span>
</h3>
@ -32,6 +32,11 @@
<span>Cstruct</span>
</h3>
<ul><li><a href="/articles/tar-release.html">The new Tar release, a retrospective</a></li></ul>
</div><div class="tag-box" id="tag-DNSvizor">
<h3>
<span>DNSvizor</span>
</h3>
<ul><li><a href="/articles/dnsvizor01.html">Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</a></li></ul>
</div><div class="tag-box" id="tag-Git">
<h3>
<span>Git</span>
@ -41,7 +46,7 @@
<h3>
<span>MirageOS</span>
</h3>
<ul><li><a href="/articles/miragevpn.html">MirageVPN &amp; tls-crypt-v2</a></li><li><a href="/articles/miragevpn-ncp.html">MirageVPN updated (AEAD, NCP)</a></li><li><a href="/articles/speeding-ec-string.html">Speeding elliptic curve cryptography</a></li><li><a href="/articles/miragevpn-performance.html">Speeding up MirageVPN and use it in the wild</a></li><li><a href="/articles/miragevpn-server.html">MirageVPN server</a></li><li><a href="/articles/arguments.html">Runtime arguments in MirageOS</a></li></ul>
<ul><li><a href="/articles/miragevpn.html">MirageVPN &amp; tls-crypt-v2</a></li><li><a href="/articles/miragevpn-ncp.html">MirageVPN updated (AEAD, NCP)</a></li><li><a href="/articles/speeding-ec-string.html">Speeding elliptic curve cryptography</a></li><li><a href="/articles/miragevpn-performance.html">Speeding up MirageVPN and use it in the wild</a></li><li><a href="/articles/miragevpn-server.html">MirageVPN server</a></li><li><a href="/articles/arguments.html">Runtime arguments in MirageOS</a></li><li><a href="/articles/dnsvizor01.html">Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</a></li></ul>
</div><div class="tag-box" id="tag-MirageVPN">
<h3>
<span>MirageVPN</span>
@ -51,7 +56,7 @@
<h3>
<span>OCaml</span>
</h3>
<ul><li><a href="/articles/miragevpn.html">MirageVPN &amp; tls-crypt-v2</a></li><li><a href="/articles/miragevpn-ncp.html">MirageVPN updated (AEAD, NCP)</a></li><li><a href="/articles/2024-02-03-python-str-repr.html">Python&apos;s `str.__repr__()`</a></li><li><a href="/articles/lwt_pause.html">Cooperation and Lwt.pause</a></li><li><a href="/articles/speeding-ec-string.html">Speeding elliptic curve cryptography</a></li><li><a href="/articles/gptar.html">GPTar</a></li><li><a href="/articles/miragevpn-performance.html">Speeding up MirageVPN and use it in the wild</a></li><li><a href="/articles/miragevpn-server.html">MirageVPN server</a></li><li><a href="/articles/qubes-miragevpn.html">qubes-miragevpn, a MirageVPN client for QubesOS</a></li><li><a href="/articles/tar-release.html">The new Tar release, a retrospective</a></li><li><a href="/articles/arguments.html">Runtime arguments in MirageOS</a></li></ul>
<ul><li><a href="/articles/miragevpn.html">MirageVPN &amp; tls-crypt-v2</a></li><li><a href="/articles/miragevpn-ncp.html">MirageVPN updated (AEAD, NCP)</a></li><li><a href="/articles/2024-02-03-python-str-repr.html">Python&apos;s `str.__repr__()`</a></li><li><a href="/articles/lwt_pause.html">Cooperation and Lwt.pause</a></li><li><a href="/articles/speeding-ec-string.html">Speeding elliptic curve cryptography</a></li><li><a href="/articles/gptar.html">GPTar</a></li><li><a href="/articles/miragevpn-performance.html">Speeding up MirageVPN and use it in the wild</a></li><li><a href="/articles/miragevpn-server.html">MirageVPN server</a></li><li><a href="/articles/qubes-miragevpn.html">qubes-miragevpn, a MirageVPN client for QubesOS</a></li><li><a href="/articles/tar-release.html">The new Tar release, a retrospective</a></li><li><a href="/articles/arguments.html">Runtime arguments in MirageOS</a></li><li><a href="/articles/dnsvizor01.html">Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel</a></li></ul>
</div><div class="tag-box" id="tag-OpenVPN">
<h3>
<span>OpenVPN</span>