From ef7d2a697c6608a73042845f9700e3d935792550 Mon Sep 17 00:00:00 2001 From: The Robur Team Date: Fri, 25 Oct 2024 10:04:17 +0000 Subject: [PATCH] Pushed by YOCaml 2 --- articles/dnsvizor01.html | 116 +++++++++++++++++++++++++++++++++++++++ atom.xml | 14 ++++- feed.xml | 11 +++- index.html | 13 +++++ rss1.xml | 8 +++ tags.html | 11 +++- 6 files changed, 168 insertions(+), 5 deletions(-) create mode 100644 articles/dnsvizor01.html diff --git a/articles/dnsvizor01.html b/articles/dnsvizor01.html new file mode 100644 index 0000000..a5cdafe --- /dev/null +++ b/articles/dnsvizor01.html @@ -0,0 +1,116 @@ + + + + + + + + Robur's blogMeet DNSvizor: run your own DHCP and DNS MirageOS unikernel + + + + + + + + +
+

blog.robur.coop

+
+ The Robur cooperative blog. +
+
+
Back to index + +
+

Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel

+

TL;DR: We got NGI0 Entrust (via NLnet) funding for developing +DNSvizor - a DNS resolver and +DHCP server. Please help us by sharing with us your dnsmasq +configuration, so we can +prioritize the configuration options to support.

+

Introduction

+

The dynamic host configuration protocol (DHCP) +is fundamental in today's Internet and local networks. It usually runs on your +router (or as a dedicated independent service) and automatically configures +computers that join your network (for example wireless laptops, smartphones) +with an IP address, routing information, a DNS resolver, etc. No manual +configuration is needed once your friends' smartphone got the password of your +wireless network \o/

+

The domain name system (DNS) +is responsible for translating domain names (such as "robur.coop", "nlnet.nl") +to IP addresses (such as 193.30.40.138 or 2a0f:7cc7:7cc7:7c40::138) - used by +computers to talk to each other. Humans can remember domain names instead of +memorizing IP addresses. Computers then use DNS to translate these domain names +to IP addresses to communicate with. DNS is a hierarchic, distributed, +faul-tolerant service.

+

These two protocols are fundamental to today's Internet: without them it would +be much harder for humans to use it.

+

DNSvizor

+

We at robur got funding (from +NGI0 Entrust via NLnet) to continue our work on +DNSvizor - a +MirageOS unikernel that provides DNS resolution and +DHCP service for a network. This is fully implemented in +OCaml.

+

Already at our MirageOS retreats we deployed +such unikernel, to test our DHCP implementation +and our DNS resolver - and found and +fixed issues on-site. At the retreats we have a very limited Internet uplink, +thus caching DNS queries and answers is great for reducing the load on the +uplink.

+

Thanks to the funding we received, we'll be able to work on improving the +performance, but also to finish our DNSSec implementation, provide DNS-over-TLS +and DNS-over-HTTPS services, and also a web interface. DNSvizor will use the +existing dnsmasq configuration +syntax, and provide lots of features from dnsmasq, and also provide features +such as block lists from pi-hole.

+

We are at a point where the basic unikernel (our MVP)

+
    +
  • providing DNS and DHCP services - is ready, and we provide +reproducible binary builds. Phew. This +means that the first step is done. The --dhcp-range from dnsmasq is already +being parsed.
    • +
+

We are now curious on concrete usages of dnsmasq and the configurations you use. +If you're interested in dnsvizor, please open an issue at our repository +with your dnsmasq configuration. This will help us to guide which parts of the configuration to prioritize.

+

Usages of DNSvizor

+

We have several use cases for DNSvizor:

+
    +
  • at your home router to provide DNS resolution and DHCP service, filtering ads,
    • +
  • in the datacenter auto-configuring your machine park,
    • +
  • when running your unikernel swarm to auto-configure them.
    • +
+

The first one is where pi-hole as well fits into, and where dnsmasq is used quite +a lot. The second one is also a domain where dnsmasq is used. The third one is +from our experience that lots of people struggle with deploying MirageOS +unikernels since they have to manually do IP configuration etc. We ourselves +also pass additional information to the unikernels, such as syslog host, +monitoring sink, X.509 certificates or host names, do some DNS provisioning, ...

+

With DNSvizor we will leverage the common configuration options of all +unikernels (reducing the need for boot arguments), and also go a bit further +and make deployment seamless (including adding hostnames to DNS, forwarding +from our reverse TLS proxy, etc.).

+

Conclusion

+

DNSvizor provides DNS resolution and +DHCP service for your network, and already exists :). +Please report issues you +encounter and questions you may have. Also, if you use dnsmasq, please +show us your configuration.

+

If you're interested in MirageOS and using it in your domain, don't hesitate +to reach out to us (via eMail: team@robur.coop) - we're keen to deploy MirageOS +and find more domains where it is useful. If you can +spare a dime, we're a registered non-profit in +Germany - and can provide tax-deductable receipts in Europe.

+ +
+ +
+ + + + diff --git a/atom.xml b/atom.xml index 6a1959c..a7356f2 100644 --- a/atom.xml +++ b/atom.xml @@ -3,12 +3,24 @@ https://blog.robur.coop/atom.xml The Robur's blog YOCaml - 2024-10-22T00:00:00Z + 2024-10-25T00:00:00Z The Robur Team + + https://blog.robur.coop//articles/dnsvizor01.html + Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel + 2024-10-25T00:00:00Z + + The NGI-funded DNSvizor provides core network services on your network; DNS resolution and DHCP. + + + + + + https://blog.robur.coop//articles/arguments.html Runtime arguments in MirageOS diff --git a/feed.xml b/feed.xml index 5a6cc45..ca3a5fb 100644 --- a/feed.xml +++ b/feed.xml @@ -5,9 +5,18 @@ https://blog.robur.coop/ - Tue, 22 Oct 2024 00:00:00 GMT + Fri, 25 Oct 2024 00:00:00 GMT https://www.rssboard.org/rss-specification YOCaml + + Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel + https://blog.robur.coop//articles/dnsvizor01.html + + + + https://blog.robur.coop//articles/dnsvizor01.html + Fri, 25 Oct 2024 00:00:00 GMT + Runtime arguments in MirageOS https://blog.robur.coop//articles/arguments.html diff --git a/index.html b/index.html index 578fdba..fa0ae79 100644 --- a/index.html +++ b/index.html @@ -25,6 +25,19 @@

Essays and ramblings

  1. +
    + + +
    +
    + 2024-10-25 + Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel
    +

    The NGI-funded DNSvizor provides core network services on your network; DNS resolution and DHCP.

    +
    + +
    +
    +
  2. diff --git a/rss1.xml b/rss1.xml index 3ddc3f3..e235efb 100644 --- a/rss1.xml +++ b/rss1.xml @@ -6,6 +6,7 @@ + @@ -22,6 +23,13 @@ + + Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel + https://blog.robur.coop//articles/dnsvizor01.html + + + + Runtime arguments in MirageOS https://blog.robur.coop//articles/arguments.html diff --git a/tags.html b/tags.html index 8d24d36..6cc8340 100644 --- a/tags.html +++ b/tags.html @@ -22,7 +22,7 @@
    Back to index -
    +

    Community

    @@ -32,6 +32,11 @@ Cstruct +

    OpenVPN