Face of JoeHomeAS211224
Back

DIY DNS

2021 to Present https://github.com/jb3/dns

My DIY DNS project replaced the nameservers for jb3.dev with self-hosted BIND nameservers deployed using Ansible. It implements advanced DNS features like DNSSEC, including (fairly secure!) automatic key generation.

I'll eventually be writing a full blog post on how I set up this project, from having Ansible install BIND to generating DNSSEC keys and signing the zone.

largo.jb3.dev and zorin.jb3.dev (named after the Bond villains) are the two authorative nameservers for jb3.dev, you can try them for yourself using dig.

As an example, a DNS query for this domain, jb3.dev, will start at the DNS roots, progress to the dev. TLD nameservers and end up at one of the nameservers that serves the jb3.dev. zone. A nicer visualisation of the below dig command can be found here.

$ dig +trace +nodnssec jb3.dev

; <<>> DiG 9.16.23 <<>> +trace +nodnssec jb3.dev
;; global options: +cmd
.           7184    IN  NS  b.root-servers.net.
.           7184    IN  NS  k.root-servers.net.
.           7184    IN  NS  h.root-servers.net.
.           7184    IN  NS  f.root-servers.net.
.           7184    IN  NS  c.root-servers.net.
.           7184    IN  NS  i.root-servers.net.
.           7184    IN  NS  d.root-servers.net.
.           7184    IN  NS  a.root-servers.net.
.           7184    IN  NS  g.root-servers.net.
.           7184    IN  NS  j.root-servers.net.
.           7184    IN  NS  e.root-servers.net.
.           7184    IN  NS  l.root-servers.net.
.           7184    IN  NS  m.root-servers.net.
;; Received 239 bytes from 127.0.0.53#53(127.0.0.53) in 0 ms

dev.            172800  IN  NS  ns-tld1.charlestonroadregistry.com.
dev.            172800  IN  NS  ns-tld2.charlestonroadregistry.com.
dev.            172800  IN  NS  ns-tld3.charlestonroadregistry.com.
dev.            172800  IN  NS  ns-tld4.charlestonroadregistry.com.
dev.            172800  IN  NS  ns-tld5.charlestonroadregistry.com.
;; Received 392 bytes from 199.7.83.42#53(l.root-servers.net) in 30 ms

jb3.dev.        10800   IN  NS  largo.jb3.dev.
jb3.dev.        10800   IN  NS  zorin.jb3.dev.
;; Received 104 bytes from 216.239.38.105#53(ns-tld4.charlestonroadregistry.com) in 20 ms

jb3.dev.        3600    IN  A   76.76.21.21
jb3.dev.        3600    IN  NS  largo.jb3.dev.
jb3.dev.        3600    IN  NS  zorin.jb3.dev.
;; Received 148 bytes from 89.58.0.80#53(largo.jb3.dev) in 30 ms

Note: DNSSEC has been omitted here for brevity, but you can see a visualisation of the DNSSEC zones here.