107 lines
5.3 KiB
Markdown
107 lines
5.3 KiB
Markdown
---
|
|
date: 2024-10-25
|
|
title: "Meet DNSvizor: run your own DHCP and DNS MirageOS unikernel"
|
|
description:
|
|
The NGI-funded DNSvizor provides core network services on your network; DNS resolution and DHCP.
|
|
tags:
|
|
- OCaml
|
|
- MirageOS
|
|
- DNSvizor
|
|
author:
|
|
name: Hannes Mehnert
|
|
email: hannes@mehnert.org
|
|
link: https://hannes.robur.coop
|
|
---
|
|
|
|
TL;DR: We got [NGI0 Entrust (via NLnet)](https://nlnet.nl/entrust/) funding for developing
|
|
[DNSvizor](https://nlnet.nl/project/DNSvizor/) - a DNS resolver and
|
|
DHCP server. Please help us by [sharing with us your dnsmasq
|
|
configuration](https://github.com/robur-coop/dnsvizor/issues/new), so we can
|
|
prioritize the configuration options to support.
|
|
|
|
## Introduction
|
|
|
|
The [dynamic host configuration protocol (DHCP)](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol)
|
|
is fundamental in today's Internet and local networks. It usually runs on your
|
|
router (or as a dedicated independent service) and automatically configures
|
|
computers that join your network (for example wireless laptops, smartphones)
|
|
with an IP address, routing information, a DNS resolver, etc. No manual
|
|
configuration is needed once your friends' smartphone got the password of your
|
|
wireless network \o/
|
|
|
|
The [domain name system (DNS)](https://en.wikipedia.org/wiki/Domain_Name_System)
|
|
is responsible for translating domain names (such as "robur.coop", "nlnet.nl")
|
|
to IP addresses (such as 193.30.40.138 or 2a0f:7cc7:7cc7:7c40::138) - used by
|
|
computers to talk to each other. Humans can remember domain names instead of
|
|
memorizing IP addresses. Computers then use DNS to translate these domain names
|
|
to IP addresses to communicate with. DNS is a hierarchic, distributed,
|
|
faul-tolerant service.
|
|
|
|
These two protocols are fundamental to today's Internet: without them it would
|
|
be much harder for humans to use it.
|
|
|
|
## DNSvizor
|
|
|
|
We at [robur](https://robur.coop) got funding (from
|
|
[NGI0 Entrust via NLnet](https://nlnet.nl/project/DNSvizor/)) to continue our work on
|
|
[DNSvizor](https://github.com/robur-coop/dnsvizor) - a
|
|
[MirageOS unikernel](https://mirageos.org) that provides DNS resolution and
|
|
DHCP service for a network. This is fully implemented in
|
|
[OCaml](https://ocaml.org).
|
|
|
|
Already at our [MirageOS retreats](https://retreat.mirageos.org) we deployed
|
|
such unikernel, to test our [DHCP implementation](https://github.com/mirage/charrua)
|
|
and our [DNS resolver](https://github.com/mirage/ocaml-dns) - and found and
|
|
fixed issues on-site. At the retreats we have a very limited Internet uplink,
|
|
thus caching DNS queries and answers is great for reducing the load on the
|
|
uplink.
|
|
|
|
Thanks to the funding we received, we'll be able to work on improving the
|
|
performance, but also to finish our DNSSec implementation, provide DNS-over-TLS
|
|
and DNS-over-HTTPS services, and also a web interface. DNSvizor will use the
|
|
existing [dnsmasq](https://thekelleys.org.uk/dnsmasq/doc.html) configuration
|
|
syntax, and provide lots of features from dnsmasq, and also provide features
|
|
such as block lists from [pi-hole](https://pi-hole.net/).
|
|
|
|
We are at a point where the [basic unikernel (our MVP)](https://github.com/robur-coop/dnsvizor)
|
|
- providing DNS and DHCP services - is ready, and we provide
|
|
[reproducible binary builds](https://builds.robur.coop/job/dnsvizor). Phew. This
|
|
means that the first step is done. The `--dhcp-range` from dnsmasq is already
|
|
being parsed.
|
|
|
|
We are now curious on concrete usages of dnsmasq and the configurations you use.
|
|
If you're interested in dnsvizor, please [open an issue at our repository](https://github.com/robur-coop/dnsvizor/issues/new)
|
|
with your dnsmasq configuration. This will help us to guide which parts of the configuration to prioritize.
|
|
|
|
## Usages of DNSvizor
|
|
|
|
We have several use cases for DNSvizor:
|
|
- at your home router to provide DNS resolution and DHCP service, filtering ads,
|
|
- in the datacenter auto-configuring your machine park,
|
|
- when running your unikernel swarm to auto-configure them.
|
|
|
|
The first one is where pi-hole as well fits into, and where dnsmasq is used quite
|
|
a lot. The second one is also a domain where dnsmasq is used. The third one is
|
|
from our experience that lots of people struggle with deploying MirageOS
|
|
unikernels since they have to manually do IP configuration etc. We ourselves
|
|
also pass additional information to the unikernels, such as syslog host,
|
|
monitoring sink, X.509 certificates or host names, do some DNS provisioning, ...
|
|
|
|
With DNSvizor we will leverage the common configuration options of all
|
|
unikernels (reducing the need for boot arguments), and also go a bit further
|
|
and make deployment seamless (including adding hostnames to DNS, forwarding
|
|
from our reverse TLS proxy, etc.).
|
|
|
|
## Conclusion
|
|
|
|
[DNSvizor](https://github.com/robur-coop/dnsvizor) provides DNS resolution and
|
|
DHCP service for your network, and [already exists](https://builds.robur.coop/job/dnsvizor) :).
|
|
Please [report issues](https://github.com/robur-coop/dnsvizor/issues/) you
|
|
encounter and questions you may have. Also, if you use dnsmasq, please
|
|
[show us your configuration](https://github.com/robur-coop/dnsvizor/issues/new).
|
|
|
|
If you're interested in MirageOS and using it in your domain, don't hesitate
|
|
to reach out to us (via eMail: team@robur.coop) - we're keen to deploy MirageOS
|
|
and find more domains where it is useful. If you can
|
|
[spare a dime](https://robur.coop/Donate), we're a registered non-profit in
|
|
Germany - and can provide tax-deductable receipts in Europe.
|