Merge pull request 'dnsvizor, first article' (#16) from dnsvizor into main

Reviewed-on: #16
Reviewed-by: Reynir Björnsson <reynir@reynir.dk>
Reviewed-by: dinosaure <romain.calascibetta@gmail.com>

articles/dnsvizor01.md

@@ -0,0 +1,107 @@
+---
+date: 2024-10-25
+title: "Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel"
+description:
+  The NGI-funded DNSvizor provides core network services on your network; DNS resolution and DHCP.
+tags:
+  - OCaml
+  - MirageOS
+  - DNSvizor
+author:
+  name: Hannes Mehnert
+  email: hannes@mehnert.org
+  link: https://hannes.robur.coop
+---
+
+TL;DR: We got [NGI0 Entrust (via NLnet)](https://nlnet.nl/entrust/) funding for developing
+[DNSvizor](https://nlnet.nl/project/DNSvizor/) - a DNS resolver and
+DHCP server. Please help us by [sharing with us your dnsmasq
+configuration](https://github.com/robur-coop/dnsvizor/issues/new), so we can
+prioritize the configuration options to support.
+
+## Introduction
+
+The [dynamic host configuration protocol (DHCP)](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol)
+is fundamental in today's Internet and local networks. It usually runs on your
+router (or as a dedicated independent service) and automatically configures
+computers that join your network (for example wireless laptops, smartphones)
+with an IP address, routing information, a DNS resolver, etc. No manual
+configuration is needed once your friends' smartphone got the password of your
+wireless network \o/
+
+The [domain name system (DNS)](https://en.wikipedia.org/wiki/Domain_Name_System)
+is responsible for translating domain names (such as "robur.coop", "nlnet.nl")
+to IP addresses (such as 193.30.40.138 or 2a0f:7cc7:7cc7:7c40::138) - used by
+computers to talk to each other. Humans can remember domain names instead of
+memorizing IP addresses. Computers then use DNS to translate these domain names
+to IP addresses to communicate with. DNS is a hierarchic, distributed,
+faul-tolerant service.
+
+These two protocols are fundamental to today's Internet: without them it would
+be much harder for humans to use it.
+
+## DNSvizor
+
+We at [robur](https://robur.coop) got funding (from
+[NGI0 Entrust via NLnet](https://nlnet.nl/project/DNSvizor/)) to continue our work on
+[DNSvizor](https://github.com/robur-coop/dnsvizor) - a
+[MirageOS unikernel](https://mirageos.org) that provides DNS resolution and
+DHCP service for a network. This is fully implemented in
+[OCaml](https://ocaml.org).
+
+Already at our [MirageOS retreats](https://retreat.mirageos.org) we deployed
+such unikernel, to test our [DHCP implementation](https://github.com/mirage/charrua)
+and our [DNS resolver](https://github.com/mirage/ocaml-dns) - and found and
+fixed issues on-site. At the retreats we have a very limited Internet uplink,
+thus caching DNS queries and answers is great for reducing the load on the
+uplink.
+
+Thanks to the funding we received, we'll be able to work on improving the
+performance, but also to finish our DNSSec implementation, provide DNS-over-TLS
+and DNS-over-HTTPS services, and also a web interface. DNSvizor will use the
+existing [dnsmasq](https://thekelleys.org.uk/dnsmasq/doc.html) configuration
+syntax, and provide lots of features from dnsmasq, and also provide features
+such as block lists from [pi-hole](https://pi-hole.net/).
+
+We are at a point where the [basic unikernel (our MVP)](https://github.com/robur-coop/dnsvizor)
+- providing DNS and DHCP services - is ready, and we provide
+[reproducible binary builds](https://builds.robur.coop/job/dnsvizor). Phew. This
+means that the first step is done. The `--dhcp-range` from dnsmasq is already
+being parsed.
+
+We are now curious on concrete usages of dnsmasq and the configurations you use.
+If you're interested in dnsvizor, please [open an issue at our repository](https://github.com/robur-coop/dnsvizor/issues/new)
+with your dnsmasq configuration. This will help us to guide which parts of the configuration to prioritize.
+
+## Usages of DNSvizor
+
+We have several use cases for DNSvizor:
+- at your home router to provide DNS resolution and DHCP service, filtering ads,
+- in the datacenter auto-configuring your machine park,
+- when running your unikernel swarm to auto-configure them.
+
+The first one is where pi-hole as well fits into, and where dnsmasq is used quite
+a lot. The second one is also a domain where dnsmasq is used. The third one is
+from our experience that lots of people struggle with deploying MirageOS
+unikernels since they have to manually do IP configuration etc. We ourselves
+also pass additional information to the unikernels, such as syslog host,
+monitoring sink, X.509 certificates or host names, do some DNS provisioning, ...
+
+With DNSvizor we will leverage the common configuration options of all
+unikernels (reducing the need for boot arguments), and also go a bit further
+and make deployment seamless (including adding hostnames to DNS, forwarding
+from our reverse TLS proxy, etc.).
+
+## Conclusion
+
+[DNSvizor](https://github.com/robur-coop/dnsvizor) provides DNS resolution and
+DHCP service for your network, and [already exists](https://builds.robur.coop/job/dnsvizor) :).
+Please [report issues](https://github.com/robur-coop/dnsvizor/issues/) you
+encounter and questions you may have. Also, if you use dnsmasq, please
+[show us your configuration](https://github.com/robur-coop/dnsvizor/issues/new).
+
+If you're interested in MirageOS and using it in your domain, don't hesitate
+to reach out to us (via eMail: team@robur.coop) - we're keen to deploy MirageOS
+and find more domains where it is useful. If you can
+[spare a dime](https://robur.coop/Donate), we're a registered non-profit in
+Germany - and can provide tax-deductable receipts in Europe.