From 52d6ce6b6751bf55e1269765ce72d60b61307676 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Thu, 24 Oct 2024 12:52:28 +0200 Subject: [PATCH 1/5] dnsvizor, first article --- articles/dnsvizor01.md | 85 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 articles/dnsvizor01.md diff --git a/articles/dnsvizor01.md b/articles/dnsvizor01.md new file mode 100644 index 0000000..2b6f003 --- /dev/null +++ b/articles/dnsvizor01.md @@ -0,0 +1,85 @@ +--- +date: 2024-10-25 +title: Meet DNSvizor: run your DHCP and DNS MirageOS unikernel +description: + The NGI-funded DNSvizor provides core network services on your network; DNS resolution and DHCP. +tags: + - OCaml + - MirageOS + - DNSvizor +author: + name: Hannes Mehnert + email: hannes@mehnert.org + link: https://hannes.robur.coop +--- + +TL;DR: We got [NGI0 Entrust (via NLnet)](https://nlnet.nl/entrust/) funding for developing +[DNSvizor](https://nlnet.nl/project/DNSvizor/) - a DNS resolver and +DHCP server. Please help us by [showing us your dnsmasq +configuration](https://github.com/robur-coop/dnsvizor/issues/new), so we can +prioritize the configuration options to support. + +## Introduction + +The [dynamic host configuration protocol (DHCP)](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol) +is fundamental in today's Internet and local networks. It usually runs on your +router (or as a dedicated independent service) and automatically configures +computers that join your network (for example wireless laptops, smartphones) +with an IP address, routing information, a DNS resolver, etc. No manual +configuration is needed once your friends' smartphone got the password of your +wireless network \o/ + +The [domain name system (DNS)](https://en.wikipedia.org/wiki/Domain_Name_System) +is responsible for translating domain names (such as "robur.coop", "nlnet.nl") +to IP addresses (such as 193.30.40.138 or 2a0f:7cc7:7cc7:7c40::138) - used by +computers to talk to each other. Humans can remember domain names instead of +memorizing IP addresses. Computers than use DNS to translate these domain names +to IP addresses to communicate with. DNS is a hierarchic, distributed, +faul-tolerant service. + +These two protocols are fundamental to today's Internet: without them it would +be much harder for humans to use it. + +## DNSvizor + +We at [robur](https://robur.coop) got funding (from +[NGI0 Entrust via NLnet](https://nlnet.nl/project/DNSvizor/)) to continue our work on +[DNSvizor](https://github.com/robur-coop/dnsvizor) - a +[MirageOS unikernel](https://mirageos.org) that provides DNS resolution and +DHCP service for a network. This is fully implemented in +[OCaml](https://ocaml.org). + +Already at our [MirageOS retreats](https://retreat.mirageos.org) we deployed +such unikernel, to test our [DHCP implementation](https://github.com/mirage/charrua) +and our [DNS resolver](https://github.com/mirage/ocaml-dns) - and found and +fixed issues on-site. At the retreats we have a very limited Internet uplink, +thus caching DNS queries and answers is great for reducing the load on the +uplink. + +Thanks to the funding we received, we'll be able to work on improving the +performance, but also to finish our DNSSec implementation, provide DNS-over-TLS +and DNS-over-HTTPS services, and also a web interface. DNSvizor will use the +existing [dnsmasq](https://thekelleys.org.uk/dnsmasq/doc.html) configuration +syntax, and provide lots of features from dnsmasq, and also provide features +such as block lists from [pi-hole](https://pi-hole.net/). + +We are at a point where the [basic unikernel (our MVP)](https://github.com/robur-coop/dnsvizor) +- providing DNS and DHCP services - is ready, and we provide +[reproducible binary builds](https://builds.robur.coop/job/dnsvizor). Phew. This +means that the first step is done. + +We are now curious on concrete usages of dnsmasq and the configurations you use. +If you're interested in dnsvizor, please [open an issue at our repository](https://github.com/robur-coop/dnsvizor/issues/new) +with your dnsmasq configuration. This will help us to guide which parts of the configuration to prioritize. + +## Conclusion + +DNSvizor provides DNS resolution and DHCP service for your network, and already +exists :). Please report issues you encounter and questions you may have. Also, +if you use dnsmasq, please [show us your configuration](https://github.com/robur-coop/dnsvizor/issues/new). + +If you're interested in MirageOS and using it in your domain, don't hesitate +to reach out to us (via eMail: team@robur.coop) - we're keen to deploy MirageOS +and find more domains where it is useful. If you can spare a dime, we're a +registered non-profit in Germany - and can provide tax-deductable receipts for +donations ([more information](https://robur.coop/Donate)). From 6ee1282392ee3ea98445f5e9524de57a92331c72 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Thu, 24 Oct 2024 13:06:08 +0200 Subject: [PATCH 2/5] minor edits --- articles/dnsvizor01.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/articles/dnsvizor01.md b/articles/dnsvizor01.md index 2b6f003..c3ad1fb 100644 --- a/articles/dnsvizor01.md +++ b/articles/dnsvizor01.md @@ -74,12 +74,14 @@ with your dnsmasq configuration. This will help us to guide which parts of the c ## Conclusion -DNSvizor provides DNS resolution and DHCP service for your network, and already -exists :). Please report issues you encounter and questions you may have. Also, -if you use dnsmasq, please [show us your configuration](https://github.com/robur-coop/dnsvizor/issues/new). +[DNSvizor](https://github.com/robur-coop/dnsvizor) provides DNS resolution and +DHCP service for your network, and [already exists](https://builds.robur.coop/job/dnsvizor) :). +Please [report issues](https://github.com/robur-coop/dnsvizor/issues/) you +encounter and questions you may have. Also, if you use dnsmasq, please +[show us your configuration](https://github.com/robur-coop/dnsvizor/issues/new). If you're interested in MirageOS and using it in your domain, don't hesitate to reach out to us (via eMail: team@robur.coop) - we're keen to deploy MirageOS -and find more domains where it is useful. If you can spare a dime, we're a -registered non-profit in Germany - and can provide tax-deductable receipts for -donations ([more information](https://robur.coop/Donate)). +and find more domains where it is useful. If you can +[spare a dime](https://robur.coop/Donate), we're a registered non-profit in +Germany - and can provide tax-deductable receipts in Europe. From 46433477707184ffb594ff20a66a95ccf77bb024 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Thu, 24 Oct 2024 15:29:04 +0200 Subject: [PATCH 3/5] minor addition --- articles/dnsvizor01.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/articles/dnsvizor01.md b/articles/dnsvizor01.md index c3ad1fb..990b89f 100644 --- a/articles/dnsvizor01.md +++ b/articles/dnsvizor01.md @@ -66,7 +66,8 @@ such as block lists from [pi-hole](https://pi-hole.net/). We are at a point where the [basic unikernel (our MVP)](https://github.com/robur-coop/dnsvizor) - providing DNS and DHCP services - is ready, and we provide [reproducible binary builds](https://builds.robur.coop/job/dnsvizor). Phew. This -means that the first step is done. +means that the first step is done. The `--dhcp-range` from dnsmasq is already +being parsed. We are now curious on concrete usages of dnsmasq and the configurations you use. If you're interested in dnsvizor, please [open an issue at our repository](https://github.com/robur-coop/dnsvizor/issues/new) From c85b9ad712f1e78e4d51a65ea39bfbfa005be647 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= Date: Fri, 25 Oct 2024 10:58:27 +0200 Subject: [PATCH 4/5] dnsvizor01.md: minor changes --- articles/dnsvizor01.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/articles/dnsvizor01.md b/articles/dnsvizor01.md index 990b89f..c4074a1 100644 --- a/articles/dnsvizor01.md +++ b/articles/dnsvizor01.md @@ -1,6 +1,6 @@ --- date: 2024-10-25 -title: Meet DNSvizor: run your DHCP and DNS MirageOS unikernel +title: "Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel" description: The NGI-funded DNSvizor provides core network services on your network; DNS resolution and DHCP. tags: @@ -15,7 +15,7 @@ author: TL;DR: We got [NGI0 Entrust (via NLnet)](https://nlnet.nl/entrust/) funding for developing [DNSvizor](https://nlnet.nl/project/DNSvizor/) - a DNS resolver and -DHCP server. Please help us by [showing us your dnsmasq +DHCP server. Please help us by [sharing with us your dnsmasq configuration](https://github.com/robur-coop/dnsvizor/issues/new), so we can prioritize the configuration options to support. @@ -33,7 +33,7 @@ The [domain name system (DNS)](https://en.wikipedia.org/wiki/Domain_Name_System) is responsible for translating domain names (such as "robur.coop", "nlnet.nl") to IP addresses (such as 193.30.40.138 or 2a0f:7cc7:7cc7:7c40::138) - used by computers to talk to each other. Humans can remember domain names instead of -memorizing IP addresses. Computers than use DNS to translate these domain names +memorizing IP addresses. Computers then use DNS to translate these domain names to IP addresses to communicate with. DNS is a hierarchic, distributed, faul-tolerant service. From 6f77487c471d308411cea7cb5f34508b6a5bb823 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Fri, 25 Oct 2024 11:46:22 +0200 Subject: [PATCH 5/5] add a usages of dnsvizor, as suggested by @dinosaure --- articles/dnsvizor01.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/articles/dnsvizor01.md b/articles/dnsvizor01.md index c4074a1..6fe83b6 100644 --- a/articles/dnsvizor01.md +++ b/articles/dnsvizor01.md @@ -73,6 +73,25 @@ We are now curious on concrete usages of dnsmasq and the configurations you use. If you're interested in dnsvizor, please [open an issue at our repository](https://github.com/robur-coop/dnsvizor/issues/new) with your dnsmasq configuration. This will help us to guide which parts of the configuration to prioritize. +## Usages of DNSvizor + +We have several use cases for DNSvizor: +- at your home router to provide DNS resolution and DHCP service, filtering ads, +- in the datacenter auto-configuring your machine park, +- when running your unikernel swarm to auto-configure them. + +The first one is where pi-hole as well fits into, and where dnsmasq is used quite +a lot. The second one is also a domain where dnsmasq is used. The third one is +from our experience that lots of people struggle with deploying MirageOS +unikernels since they have to manually do IP configuration etc. We ourselves +also pass additional information to the unikernels, such as syslog host, +monitoring sink, X.509 certificates or host names, do some DNS provisioning, ... + +With DNSvizor we will leverage the common configuration options of all +unikernels (reducing the need for boot arguments), and also go a bit further +and make deployment seamless (including adding hostnames to DNS, forwarding +from our reverse TLS proxy, etc.). + ## Conclusion [DNSvizor](https://github.com/robur-coop/dnsvizor) provides DNS resolution and