DNS Servers: Difference between revisions

From AllStarLink Wiki
Jump to navigation Jump to search
No edit summary
 
(16 intermediate revisions by 3 users not shown)
Line 1: Line 1:
[[Category: Infrastructure]]
[[Category: Infrastructure]]
 
ASL utilizes DNS servers based on Knot DNS with an HTTP backend as a way to retrieve node information, such as IAX ports, or IP address.
ASL utilizes DNS servers based on PowerDNS with an HTTP backend


These DNS servers support the following:
These DNS servers support the following:
Line 13: Line 12:


DNSSEC is enabled on all domains and trust is expanded to all sub servers.
DNSSEC is enabled on all domains and trust is expanded to all sub servers.
= regsvcs.allstarlink.org =
This Zone is served by the registration servers, and is pulled directly from the database.  There is no secondary on these zones, just the three primary servers on the registration servers. 
The redundancy of registration is handled by a TTL of 120 seconds on all the records.  We've added another field in the 'records' table 'UnixSeconds' which is NULL by default, but updated by the heartbeat health check scripts on the servers.  If the heartbeat script detects the DB or connectivity down at a site, it will shut down that server and stop updating the DNS UnixSeconds. 
On the DNS server we have modified the default query for a lookup to:
gmysql-basic-query=SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 AND (UnixSeconds is NULL OR UnixSeconds > (UNIX_TIMESTAMP() - 120)) and type=? and name=?
This will only return a record if UnixSeconds is Null or has been updated in the last 120 seconds. 
If the node loses connectivity, it will be timed out of DNS due to this in 120 seconds.  This is a "dead-man switch" function which will enable losing any one node in the cluster.
'''register.allstarlink.org''' is a CNAME to '''register.regscvs.allstarlink.org''' under this.  The node list servers are under this as well as '''node[1-4].allstarllink.org'''  CNAME '''nodes.regsvcs.allstarlink.org
'''
== recovery of a down server ==
Need to fill this out, right now it's a manual verification, db edit and reset.


= DNS node lookup =  
= DNS node lookup =  


nodes.allstarlink.org is delegated to a DNS running on the db servers.  The users_Nodes table has a trigger which is run and creates entries/edits them on the records table in the 'allstar' database.  This populates a SRV, TXT and A record for every node in the system when it's updated.  The trigger has been optimized and has little to no preformance impact on the registration process.   
nodes.allstarlink.org is delegated to a DNS running in AWS.  The users_Nodes table has a trigger which is run and creates entries/edits them on the records table in the 'allstar' database.  This populates a SRV, TXT and A record for every node in the system when it's updated.  The trigger has been optimized and has little to no preformance impact on the registration process.   


Note that servers not in nodes list can appear in DNS, there is no ageing out of entries in DNS.  It's up to the server to know it's registered.  
Note that servers not in nodes list can appear in DNS, there is no ageing out of entries in DNS.  It's up to the server to know it's registered.  


== SRV record ==
== SRV record ==
_iax._srv.<nodenumber>.allstarlink.org. will return for a node as follows:
dig SRV _iax._udp.<nodenumber>.nodes.allstarlink.org
 
will return for a node as follows:


   _iax._udp.50000.nodes.allstarlink.org. 30 IN SRV 10 10 4569 50000.nodes.allstarlink.org.
   _iax._udp.50000.nodes.allstarlink.org. 30 IN SRV 10 10 4569 50000.nodes.allstarlink.org.


where 4569 is the IAX port and then it will do a A lookup on 50000.nodes.allstarlink.org. for the IP.
where 4569 is the IAX port.


A remote base will be returned like:
A remote base will be returned like:


_iax._udp.50000.nodes.allstarlink.org. 30 IN SRV 10 10 4569 50000.remotebase.nodes.allstarlink.org.
_iax._udp.50000.nodes.allstarlink.org. 30 IN SRV 10 10 4569 50000.remotebase.nodes.allstarlink.org.


== A record ==
== A record ==


<nodenumber>.nodes.allstarlink.org. and <nodenumber>.remotebase.nodes.allstarlink.org. will return the IP address of the IAX server or the proxy IP if defined.  
dig <nodenumber>.nodes.allstarlink.org
and
dig <nodenumber>.remotebase.nodes.allstarlink.org
 
will return the IP address of the IAX server or the proxy IP if defined.
2000.nodes.allstarlink.org. 60 IN A 162.248.93.134


== TXT Record ==  
== TXT Record ==  
Line 59: Line 45:
The TXT record is used for debugging purposes with a query below:
The TXT record is used for debugging purposes with a query below:


  TXT <nodenumber>.nodes.allstarlink.org.
  dig TXT <nodenumber>.nodes.allstarlink.org


This will return:
This will return:
  "NN=50000" "RT=2019-02-28 18:41:29" "RB=0" "IP=44.98.248.144" "PIP=" "PT=4569" "RH=register-fnt"
  "NN=50000" "RT=2019-02-28 18:41:29" "RB=0" "IP=44.98.248.144" "PIP=" "PT=4569" "RH=register-west"
NN is node number
 
RT is the last update registration time
Where
RB is 0 for node is not a remote base, RB is 1 if it is a remote base
* NN is node number
IP is the IP address of the node
* RT is the last update registration time
PIP is the proxy IP of the node if set
* RB is 0 for node is not a remote base, RB is 1 if it is a remote base
PT is the port
* IP is the IP address of the node
RH is the registration server the node last registered to.
* PIP is the proxy IP of the node if set
* PT is the port
* RH is the registration server the node last registered to.

Latest revision as of 23:09, 23 October 2024

ASL utilizes DNS servers based on Knot DNS with an HTTP backend as a way to retrieve node information, such as IAX ports, or IP address.

These DNS servers support the following:

  • AllStarlink.org DNS authoritative
  • Registration server redundancy
  • DNS lookup for nodes information

Authoritative DNS servers

The authoritative DNS servers run on register-west.allstarlink.org and register-east.allstarlink.org.

DNSSEC is enabled on all domains and trust is expanded to all sub servers.

DNS node lookup

nodes.allstarlink.org is delegated to a DNS running in AWS. The users_Nodes table has a trigger which is run and creates entries/edits them on the records table in the 'allstar' database. This populates a SRV, TXT and A record for every node in the system when it's updated. The trigger has been optimized and has little to no preformance impact on the registration process.

Note that servers not in nodes list can appear in DNS, there is no ageing out of entries in DNS. It's up to the server to know it's registered.

SRV record

dig SRV _iax._udp.<nodenumber>.nodes.allstarlink.org

will return for a node as follows:

 _iax._udp.50000.nodes.allstarlink.org. 30 IN SRV 10 10 4569 50000.nodes.allstarlink.org.

where 4569 is the IAX port.

A remote base will be returned like:

_iax._udp.50000.nodes.allstarlink.org. 30 IN SRV 10 10 4569 50000.remotebase.nodes.allstarlink.org.

A record

dig <nodenumber>.nodes.allstarlink.org

and

dig <nodenumber>.remotebase.nodes.allstarlink.org

will return the IP address of the IAX server or the proxy IP if defined.

2000.nodes.allstarlink.org. 60	IN	A	162.248.93.134

TXT Record

The TXT record is used for debugging purposes with a query below:

dig TXT <nodenumber>.nodes.allstarlink.org

This will return:

"NN=50000" "RT=2019-02-28 18:41:29" "RB=0" "IP=44.98.248.144" "PIP=" "PT=4569" "RH=register-west"

Where

  • NN is node number
  • RT is the last update registration time
  • RB is 0 for node is not a remote base, RB is 1 if it is a remote base
  • IP is the IP address of the node
  • PIP is the proxy IP of the node if set
  • PT is the port
  • RH is the registration server the node last registered to.