Wiki source for Tier2ServerConfig
[[Tier2ServerConfigES EspaƱol]]
=====Configuring Your Tier 2 Server=====
A tier-2 server can be used for both public and private DNS lookups, including OpenNIC and ICANN domains.
Recommended minimum system:
~- Linux: Single cpu, 512MB of ram, 4GB HDD
When considering if you wish to set up a public tier-2 server for the OpenNIC project, please keep the following points in mind:
~- Your server and network equipment, including your internet connection, must be reliable.
~- Typical bandwidth usage may only be a few-hundred MB/month, but a ""DDoS"" attack can easily put you into hundreds of **gigabytes** in a few days!
~- You will personally need to monitor your equipment and be willing to quickly resolve any failures. This includes having the knowledge to troubleshoot both hardware and software failures
~- When your service becomes unavailable from the internet for more than two hours, you will receive an automated email warning. Please do not ignore these emails -- you will only receive them when there is a problem.
~- Tier-2 servers **will** experience ""DDoS"" attacks. Please be sure to visit the **Tier2Security** page for information on how to mitigate these attacks. Other members will do what they can to provide assistance, however ultimately it is your responsibility to ensure that your own servers do not participate in man-in-the-middle or amplification attacks. You do not want to become part of an attack!
~- Various attacks will use up a lot of bandwidth. If your provider places data caps on your monthly internet usage, you may want to reconsider having a public service. Every attack is different, so no predictions can be on what your data usage will be each month -- however as an example, attacks can continue for several months and have been known to blast up to 20Mb/s of queries to an individual server. **If you wish to run a public service, be prepared for the worst!**
----
=====Available Configuration Options=====
There are a number of configuration methods available, and the benefits of each method should be considered when setting up your own service.
Consider using the **[[Tier2ConfigBindHint|BIND root-hints method]]** if you want:
~- Easy configuration
~- No local maintenance required
Consider using the **[[Tier2ConfigBindSlave|BIND slaved zone method]]** if you want:
~- Local redundancy of zone files
~- Minimize the number of queries sent to other servers
~- No reliance on other OpenNic servers for resolving OpenNic domains
~- Have a special case where you want to resolve OpenNic domains but also need to resolve local network entries
Note that this method requires manual updates when new TLDs are created or dropped.
Consider using the **BIND automated method** if you want:
~- All the advantages of slaved zones
~- Minimal work required to keep up with current updates
[[srvzoneScript|srvzone script]] by [[JeffTaylor|Jeff Taylor]]
++[[Tier2Config-Script]] by [[AlejandroMarquez|Alejandro Marquez]]++ (//since 2015-10-09 the host needed for this method is down//)
++[[opennicZoneScript]] by [[JeffTaylor|Jeff Taylor]]++ (//This procedure and script no longer work//)
For those who prefer DJBDNS, please refer to the **[[Tier2ConfigDJBDNS|DJBDNS guide]]**.
For those who prefer Unbound, please refer to the **[[Tier2ConfigUnbound|Unbound guide]]**.
++For Debian OS users, AlejandroMarquez has contributed [[Tier2Config-Script|this set of scripts]].++ (//since 2015-10-09 the host needed for this method is down//)
For Windows server users, please select from your version:
~- **[[Tier2ConfigWindows2016|Windows 2016]]** (Recommended Setup! Slave Zone Method)
~- [[Tier2ConfigWindows2012|Windows 2012]] (Root-Hint Method)
~- [[Tier2ConfigWindows2008|Windows 2008]] (Root-Hint Method)
~- ++[[Tier2ConfigWindows2000|Windows 2000]]++ (Depreciated!)
----
=====Operation=====
After you have finished configuring your new server, the following information may be helpful...
~- This guide will help you configure **[[Tier2ConfigBindLogging|BIND logging]]**.
~- If you prefer anonymity for your users, this page will help you **[[Tier2ConfigObfuscatingLogs|obfuscate your log files]]**.
~- Please be sure to visit the **[[Tier2Security|tier-2 security]]** and the OpenNIC mailing lists for information on how you can protect your server from various forms of attack.
There is not much to running a OpenNIC Tier2 server. Once you have it configured, the AuditingWG will monitor it, and let you know via email if anything goes wrong along the way. You can also expect to use a few gig of bandwidth each month of DNS traffic; this varies on how much your DNS server is used.
----
CategoryHostmastering
CategorySupport
=====Configuring Your Tier 2 Server=====
A tier-2 server can be used for both public and private DNS lookups, including OpenNIC and ICANN domains.
Recommended minimum system:
~- Linux: Single cpu, 512MB of ram, 4GB HDD
When considering if you wish to set up a public tier-2 server for the OpenNIC project, please keep the following points in mind:
~- Your server and network equipment, including your internet connection, must be reliable.
~- Typical bandwidth usage may only be a few-hundred MB/month, but a ""DDoS"" attack can easily put you into hundreds of **gigabytes** in a few days!
~- You will personally need to monitor your equipment and be willing to quickly resolve any failures. This includes having the knowledge to troubleshoot both hardware and software failures
~- When your service becomes unavailable from the internet for more than two hours, you will receive an automated email warning. Please do not ignore these emails -- you will only receive them when there is a problem.
~- Tier-2 servers **will** experience ""DDoS"" attacks. Please be sure to visit the **Tier2Security** page for information on how to mitigate these attacks. Other members will do what they can to provide assistance, however ultimately it is your responsibility to ensure that your own servers do not participate in man-in-the-middle or amplification attacks. You do not want to become part of an attack!
~- Various attacks will use up a lot of bandwidth. If your provider places data caps on your monthly internet usage, you may want to reconsider having a public service. Every attack is different, so no predictions can be on what your data usage will be each month -- however as an example, attacks can continue for several months and have been known to blast up to 20Mb/s of queries to an individual server. **If you wish to run a public service, be prepared for the worst!**
----
=====Available Configuration Options=====
There are a number of configuration methods available, and the benefits of each method should be considered when setting up your own service.
Consider using the **[[Tier2ConfigBindHint|BIND root-hints method]]** if you want:
~- Easy configuration
~- No local maintenance required
Consider using the **[[Tier2ConfigBindSlave|BIND slaved zone method]]** if you want:
~- Local redundancy of zone files
~- Minimize the number of queries sent to other servers
~- No reliance on other OpenNic servers for resolving OpenNic domains
~- Have a special case where you want to resolve OpenNic domains but also need to resolve local network entries
Note that this method requires manual updates when new TLDs are created or dropped.
Consider using the **BIND automated method** if you want:
~- All the advantages of slaved zones
~- Minimal work required to keep up with current updates
[[srvzoneScript|srvzone script]] by [[JeffTaylor|Jeff Taylor]]
++[[Tier2Config-Script]] by [[AlejandroMarquez|Alejandro Marquez]]++ (//since 2015-10-09 the host needed for this method is down//)
++[[opennicZoneScript]] by [[JeffTaylor|Jeff Taylor]]++ (//This procedure and script no longer work//)
For those who prefer DJBDNS, please refer to the **[[Tier2ConfigDJBDNS|DJBDNS guide]]**.
For those who prefer Unbound, please refer to the **[[Tier2ConfigUnbound|Unbound guide]]**.
++For Debian OS users, AlejandroMarquez has contributed [[Tier2Config-Script|this set of scripts]].++ (//since 2015-10-09 the host needed for this method is down//)
For Windows server users, please select from your version:
~- **[[Tier2ConfigWindows2016|Windows 2016]]** (Recommended Setup! Slave Zone Method)
~- [[Tier2ConfigWindows2012|Windows 2012]] (Root-Hint Method)
~- [[Tier2ConfigWindows2008|Windows 2008]] (Root-Hint Method)
~- ++[[Tier2ConfigWindows2000|Windows 2000]]++ (Depreciated!)
----
=====Operation=====
After you have finished configuring your new server, the following information may be helpful...
~- This guide will help you configure **[[Tier2ConfigBindLogging|BIND logging]]**.
~- If you prefer anonymity for your users, this page will help you **[[Tier2ConfigObfuscatingLogs|obfuscate your log files]]**.
~- Please be sure to visit the **[[Tier2Security|tier-2 security]]** and the OpenNIC mailing lists for information on how you can protect your server from various forms of attack.
There is not much to running a OpenNIC Tier2 server. Once you have it configured, the AuditingWG will monitor it, and let you know via email if anything goes wrong along the way. You can also expect to use a few gig of bandwidth each month of DNS traffic; this varies on how much your DNS server is used.
----
CategoryHostmastering
CategorySupport
