search

notional-labs / cosmosia

Cosmos Infrastructure Automation
59 stars 28 forks source link

GeoDNS #412

Closed baabeetaa closed 1 year ago

baabeetaa commented 1 year ago

https://geoip.site/

baabeetaa commented 1 year ago

before doing any gelocation. Need to test a name server first.

Delegating Subdomains Outside of Cloudflare

https://developers.cloudflare.com/dns/manage-dns-records/how-to/subdomains-outside-cloudflare/

we'll test the geodns.notionalapi.com subdomain

Type Name Content Proxy Status
NS geodns ns1.notional.ventures DNS only
NS geodns ns2.notional.ventures DNS only

DNS server

use bind9/named

note: need to expose port 53 both tcp and udp to work

docker run \
  -d \
  -it \
  --name test_bind9 \
  --publish mode=host,target=53,published=53,protocol=tcp \
  --publish mode=host,target=53,published=53,protocol=udp \
  --restart no \
  archlinux:latest \
  /bin/bash

add to /etc/named.conf

zone "geodns.notionalapi.com" IN {
        type master;
        file "geodns.notionalapi.com.zone";
        allow-update { none; };
};

create /var/named/geodns.notionalapi.com.zone

$ORIGIN geodns.notionalapi.com.
$TTL 1m

@               SOA     ns1 hostmaster (
                                2018111111 ; Serial
                                8h         ; Refresh
                                30m        ; Retry
                                1w         ; Expire
                                1h )       ; Negative Cache TTL
                NS      ns1
                NS      ns2

@               A       203.0.113.1
                AAAA    2001:db8:113::1
                MX      10 mail
                TXT     "v=spf1 mx"

www             A       203.0.113.1
                AAAA    2001:db8:113::1

ns1             A       203.0.113.4
                AAAA    2001:db8:113::4

ns2             A       198.51.100.5
                AAAA    2001:db8:5100::5

mail            A       198.51.100.6
                AAAA    2001:db8:5100::6
imap            CNAME   mail
smtp            CNAME   mail

test

from my desktop

~ dig geodns.notionalapi.com

; <<>> DiG 9.10.6 <<>> geodns.notionalapi.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20638
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;geodns.notionalapi.com.        IN  A

;; ANSWER SECTION:
geodns.notionalapi.com. 60  IN  A   203.0.113.1

;; Query time: 402 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Jul 02 11:09:02 +07 2023
;; MSG SIZE  rcvd: 67
baabeetaa commented 1 year ago

test with MaxMind.continent (https://geoip.site/download/MaxMind.continent/GeoIP.acl) there are 7 continents:

/etc/named.conf

Here we define simple rules for testing:

...
view "view_america" {
  match-clients { NA; SA; };
 //  recursion no;
  zone "geodns.notionalapi.com" IN {
    type master;
    file "geodns.notionalapi.com.zone.america";
  };
};

view "view_other" {
  match-clients { any; };
//  recursion no;
  zone "geodns.notionalapi.com" IN {
    type master;
    file "geodns.notionalapi.com.zone";
  };
};
 cat geodns.notionalapi.com.zone
$ORIGIN geodns.notionalapi.com.
$TTL 1m

@               SOA     ns1 hostmaster (
                                1688277496 ; Serial
                                8h         ; Refresh
                                30m        ; Retry
                                1w         ; Expire
                                1h )       ; Negative Cache TTL
                NS      ns1

@               A       203.0.113.1

ns1             A       65.109.115.119
[root@09b51b25606b named]# cat geodns.notionalapi.com.zone.america
$ORIGIN geodns.notionalapi.com.
$TTL 1m

@               SOA     ns1 hostmaster (
                                1688277496 ; Serial
                                8h         ; Refresh
                                30m        ; Retry
                                1w         ; Expire
                                1h )       ; Negative Cache TTL
                NS      ns1

@               A       11.22.33.44

ns1             A       65.109.115.119

Results:

https://dnschecker.org/#A/geodns.notionalapi.com

Screen Shot 2023-07-02 at 14 10 31

baabeetaa commented 1 year ago

wildcard DNS works as well added

*               A       203.0.113.1
 ~ ping aaa.geodns.notionalapi.com
PING aaa.geodns.notionalapi.com (203.0.113.1): 56 data bytes
baabeetaa commented 1 year ago

next, need to figure out how to setup master/slave for bind.

added 

ns2.notional.ventures
95.217.193.117

primary

// vim:set ts=4 sw=4 et:

options {
    directory "/var/named";
    pid-file "/run/named/named.pid";

    // Uncomment these to enable IPv6 connections support
    // IPv4 will still work:
    //  listen-on-v6 { any; };
    // Add this for no IPv4:
    //  listen-on { none; };

//    allow-recursion { 127.0.0.1; };
//    allow-transfer { none; };
    allow-update { none; };

    notify yes;
    also-notify { 95.217.193.117; };
    allow-transfer { 127.0.0.1; 95.217.193.117; };

    version none;
    hostname none;
    server-id none;
};

include "GeoIP.acl";

// zone "geodns.notionalapi.com" IN {
//   type master;
//   file "geodns.notionalapi.com.zone";
//   allow-update { none; };
// };

view "view_america" {
  match-clients { NA; SA; };
 //  recursion no;
  zone "geodns.notionalapi.com" IN {
    type master;
    file "geodns.notionalapi.com.zone.america";
  };
};

view "view_other" {
  match-clients { any; };
//  recursion no;
  zone "geodns.notionalapi.com" IN {
    type master;
    file "geodns.notionalapi.com.zone";
  };
};

secondary: no need to define zone files

// vim:set ts=4 sw=4 et:

options {
    directory "/var/named";
    pid-file "/run/named/named.pid";

    // Uncomment these to enable IPv6 connections support
    // IPv4 will still work:
    //  listen-on-v6 { any; };
    // Add this for no IPv4:
    //  listen-on { none; };

//    allow-recursion { 127.0.0.1; };
    allow-transfer { none; };
    allow-update { none; };

    version none;
    hostname none;
    server-id none;
};

include "GeoIP.acl";

// zone "geodns.notionalapi.com" IN {
//   type master;
//   file "geodns.notionalapi.com.zone";
//   allow-update { none; };
// };

view "view_america" {
  match-clients { NA; SA; };
 //  recursion no;
  zone "geodns.notionalapi.com" IN {
    type secondary;
    file "geodns.notionalapi.com.zone.america";
    primaries {65.109.115.119; };
  };
};

view "view_other" {
  match-clients { any; };
//  recursion no;
  zone "geodns.notionalapi.com" IN {
    type secondary;
    file "geodns.notionalapi.com.zone";
    primaries {65.109.115.119; };
  };
};

test

➜  ~
➜  ~ dig @ns1.notional.ventures geodns.notionalapi.com
2
; <<>> DiG 9.10.6 <<>> @ns1.notional.ventures geodns.notionalapi.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40698
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;geodns.notionalapi.com.        IN  A

;; ANSWER SECTION:
geodns.notionalapi.com. 60  IN  A   11.11.11.11

;; Query time: 242 msec
;; SERVER: 65.109.115.119#53(65.109.115.119)
;; WHEN: Mon Jul 03 01:24:11 +07 2023
;; MSG SIZE  rcvd: 67

➜  ~
➜  ~
➜  ~ dig @ns2.notional.ventures geodns.notionalapi.com

; <<>> DiG 9.10.6 <<>> @ns2.notional.ventures geodns.notionalapi.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26937
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;geodns.notionalapi.com.        IN  A

;; ANSWER SECTION:
geodns.notionalapi.com. 60  IN  A   11.11.11.11

;; Query time: 238 msec
;; SERVER: 95.217.193.117#53(95.217.193.117)
;; WHEN: Mon Jul 03 01:24:19 +07 2023
;; MSG SIZE  rcvd: 67