Revision [3005]
This is an old revision of Tier2ServerConfig made by JeffTaylor on 2013-06-07 12:54:52.
Configuring Your Tier 2 Server
A tier-2 server can be used for both public and private DNS lookups, including OpenNIC and ICANN domains.When considering if you wish to set up a public tier-2 server for the OpenNIC project, please keep the following points in mind:
- Your server and network equipment, including your internet connection, must be reliable.
- You will personally need to monitor your equipment and be willing to quickly resolve any failures. This includes having the knowledge to troubleshoot both hardware and software failures
- When your service becomes unavailable from the internet for more than two hours, you will receive an automated email warning. Please do not ignore these emails -- you will only receive them when there is a problem.
- Tier-2 servers will experience DDoS attacks. Please be sure to visit the Tier2Security page for information on how to mitigate these attacks. Other members will do what they can to provide assistance, however ultimately it is your responsibility to ensure that your own servers do not participate in man-in-the-middle or amplification attacks. You do not want to become part of an attack!
- Various attacks will use up a lot of bandwidth. If your provider places data caps on your monthly internet usage, you may want to reconsider having a public service. Every attack is different, so no predictions can be on what your data usage will be each month -- however as an example, attacks can continue for several months and have been known to blast up to 20Mb/s of queries to an individual server. If you wish to run a public service, be prepared for the worst!
Available Configuration Options
There are a number of configuration methods available, and the benefits of each method should be considered when setting up your own service.Consider using the BIND root-hints method if you want:
- Easy configuration
- No local maintenance required
Consider using the BIND slaved zone method if you want:
- Local redundancy of zone files
- Minimize the number of queries sent to other servers
- No reliance on other OpenNic servers for resolving OpenNic domains
- Have a special case where you want to resolve OpenNic domains but also need to resolve local network entries
Consider using the BIND automated method if you want:
- All the advantages of slaved zones
- No manual updates required
For those who prefer DJBDNS, please refer to the DJBDNS guide.
For those who prefer Unbound, please refer to the Unbound guide.
For Windows server users, please select from your version:
- Windows 2000 (Not recommended)
- Windows 2008
- Windows 2012
Operation
After you have finished configuring your new server, the following information may be helpful...- This guide will help you configure BIND logging.
- If you prefer anonymity for your users, this page will help you obfuscate your log files.
- Please be sure to visit the tier-2 security and the OpenNIC mailing lists for information on how you can protect your server from various forms of attack.
There is not much to running a OpenNIC Tier2 server. Once you have it configured, the AuditingWG will monitor it, and let you know via email if anything goes wrong along the way. You can also expect to use a few gig of bandwidth each month of DNS traffic; this varies on how much your DNS server is used.
CategoryHostmastering
