Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel
+TL;DR: We got NGI0 Entrust (via NLnet) funding for developing +DNSvizor - a DNS resolver and +DHCP server. Please help us by sharing with us your dnsmasq +configuration, so we can +prioritize the configuration options to support.
+Introduction
+The dynamic host configuration protocol (DHCP) +is fundamental in today's Internet and local networks. It usually runs on your +router (or as a dedicated independent service) and automatically configures +computers that join your network (for example wireless laptops, smartphones) +with an IP address, routing information, a DNS resolver, etc. No manual +configuration is needed once your friends' smartphone got the password of your +wireless network \o/
+The domain name system (DNS) +is responsible for translating domain names (such as "robur.coop", "nlnet.nl") +to IP addresses (such as 193.30.40.138 or 2a0f:7cc7:7cc7:7c40::138) - used by +computers to talk to each other. Humans can remember domain names instead of +memorizing IP addresses. Computers then use DNS to translate these domain names +to IP addresses to communicate with. DNS is a hierarchic, distributed, +faul-tolerant service.
+These two protocols are fundamental to today's Internet: without them it would +be much harder for humans to use it.
+DNSvizor
+We at robur got funding (from +NGI0 Entrust via NLnet) to continue our work on +DNSvizor - a +MirageOS unikernel that provides DNS resolution and +DHCP service for a network. This is fully implemented in +OCaml.
+Already at our MirageOS retreats we deployed +such unikernel, to test our DHCP implementation +and our DNS resolver - and found and +fixed issues on-site. At the retreats we have a very limited Internet uplink, +thus caching DNS queries and answers is great for reducing the load on the +uplink.
+Thanks to the funding we received, we'll be able to work on improving the +performance, but also to finish our DNSSec implementation, provide DNS-over-TLS +and DNS-over-HTTPS services, and also a web interface. DNSvizor will use the +existing dnsmasq configuration +syntax, and provide lots of features from dnsmasq, and also provide features +such as block lists from pi-hole.
+We are at a point where the basic unikernel (our MVP)
+-
+
- providing DNS and DHCP services - is ready, and we provide
+reproducible binary builds. Phew. This
+means that the first step is done. The
--dhcp-rangefrom dnsmasq is already +being parsed.
+
We are now curious on concrete usages of dnsmasq and the configurations you use. +If you're interested in dnsvizor, please open an issue at our repository +with your dnsmasq configuration. This will help us to guide which parts of the configuration to prioritize.
+Usages of DNSvizor
+We have several use cases for DNSvizor:
+-
+
- at your home router to provide DNS resolution and DHCP service, filtering ads, +
- in the datacenter auto-configuring your machine park, +
- when running your unikernel swarm to auto-configure them. +
The first one is where pi-hole as well fits into, and where dnsmasq is used quite +a lot. The second one is also a domain where dnsmasq is used. The third one is +from our experience that lots of people struggle with deploying MirageOS +unikernels since they have to manually do IP configuration etc. We ourselves +also pass additional information to the unikernels, such as syslog host, +monitoring sink, X.509 certificates or host names, do some DNS provisioning, ...
+With DNSvizor we will leverage the common configuration options of all +unikernels (reducing the need for boot arguments), and also go a bit further +and make deployment seamless (including adding hostnames to DNS, forwarding +from our reverse TLS proxy, etc.).
+Conclusion
+DNSvizor provides DNS resolution and +DHCP service for your network, and already exists :). +Please report issues you +encounter and questions you may have. Also, if you use dnsmasq, please +show us your configuration.
+If you're interested in MirageOS and using it in your domain, don't hesitate +to reach out to us (via eMail: team@robur.coop) - we're keen to deploy MirageOS +and find more domains where it is useful. If you can +spare a dime, we're a registered non-profit in +Germany - and can provide tax-deductable receipts in Europe.
+ +
+