How to Setup a New AS112 Server

To arrange to host anycast service for these zones, contact the AS112 Project. You should know how to configure both intra-AS routing, and inter-AS routing using BGP, and you should plan on running a stealth slave of the IANA.ORG zone so that your servers will return appropriate glue in their responses.

Here is a general overview written by Jim Brown at his old Chagreslabs website:

AS112 Setup and Configuration Help Page (last updated: 31-May-2003-JMB)

Click here for more information on the AS-112 Project.
  	

The purpose of this site is to help those that wish to configure a AS112 system. 
Configuring an AS-112 server and anycasting it within your local network or exchange 
point is a GoodThing(tm).  It will capture RFC-1918 DNS queries and updates within your 
network thus preventing that traffic from going towards the root-dns servers.

For those that would like to read more about this problem I have a internet-draft that 
I'm working on located here.  It has not been published on any IETF WG yet as I'm 
finishing it up.

Configuring an AS112 server is quite simple and easy to do

First you need a dedicated machine.  Depending on how you plan to use this server 
it could see upwards of 2000 queries (UDP and or TCP) per second. So plan as needed...
A basic beginning would be:

CPU 	600 Mhz or better
RAM 	128 MB
NIC 	10Mb or 100Mb
HD 	2G minimum
VIDEO 	something cheep

Next you need name server software.  I recommend BIND 8-latest, but BIND-9-latest 
will also work just fine.  You can find BIND-8 here   and  BIND-9 here  There is 
other DNS server software out there as well.  Some works better than others.  Another 
good choice would be NSD which you can learn more about here

You have two ways of dealing with routing. 

1.  You can assign the AS112 prefix to your server and setup a static route on your 
router.  This will prevent you from announcing the prefix with AS112 as the origin, 
not-recommended for transit providers or IX's, but it does work.  This method is the 
easy way for companies that what to inject this locally but not deal with BGP and such.

2. You can use ZEBRA or Quagga Routing Suite as a BGP speaker on your AS112 server.  
This will allow you to inject via BGP the DNS servers prefix with AS112 being the 
origin AS.  Much better solution for IX and service providers. (More info on using 
Quagga coming shortly)

Last choice is OS.  While I personally favor BSD, Linux, Solaris or any other flavor 
of UN*X will work just fine.  Please don't come to me if you use Windows.  I don't 
know windows DNS and thus have NO way to help you.

Next you build the machine, and software components.  Default config options worked 
just fine for us when building the software.

Once you have the machine built, OS loaded, a name server running, and Zebra installed 
its time to configure the software.  I'm assuming that the reader knows how to rumble 
around a UNIX machine.

OS Config:

Not much needed here.   I'd install some level of host based packet filters  
(ipfw, ipchains, etc) that limit the box to only port 53 (UDP and TCP) and 22 
(TCP) and any others that you might absolutely need.

Kill daemons that you aren't going to use like, inetd, sendmail, nfs goop (portmap, 
rpc.statd, mountd, etc), telnet, ftp, and such.  Ya don't need them

Your ethernet interface will have 4 IP addresses assigned (there might be a better 
way with zebra, need to research it abit more).

The first IP is the unicast IP for the machine, this will come from your local pool 
of IP addresses.

The next three are from the AS112 project:  192.175.48.1, 192.175.48.6, 192.175.48.42 

The last thing you will need to do is make sure your kernel is configured to handle 
the large number TCP connections you may receive, number of send and receive buffers 
and such.  Make sure you watch your memory requirements when making these changes.  
This depends on the size of the community that will have access to your box.  Since 
the choice of OS's is left to the reader, so is the details on how to tune your 
kernel.  Some reference sites are:

Rob Thomas ala CYMRU:  http://www.cymru.com/Documents/ip-stack-tuning.html

FreeBSD:  http://www.freebsd.org/cgi/man.cgi?query=tuning

 

Next  Configuring ZEBRA.

Setting up Zebra is pretty straight forward.  If you have done BGP configs 
before this will look a lot like a Cisco config.

Here is my ZEBRA config.  If you have comments or better ways to do things, 
feed back is appreciated

! -*- zebra -*-
!
!
hostname as112-rtr
password zebra
enable password zebra
!log file zebra.log
!
!bgp mulitple-instance
!
router bgp 112
bgp router-id 192.175.48.254
network 192.175.48.0
neighbor PEER_IP remote-as 10480
neighbor PEER_IP ebgp-multihop
neighbor PEER_IP next-hop-self
!
!log file bgpd.log

! -*- zebra -*-



Basically this config will announce the 192.175.48.0/24 prefix with an origin 
of AS112 into your BGP routing table.   Make sure you change   PEER_IP to match 
your BGP neighbor.  Make sure you practice good BGP config habits on your 
neighbor router.  For example you may want to make sure that this prefix is 
NOT announced to other peers until everything is tested.  If you announce it 
to your transit provider(s) you may find yourself receiving a large amount of 
traffic. 

 

Next is setting up your DNS server.  We will provide a code sample for BIND 8/9  
Others DNS server programs typically have some way of converting a BIND config 
to their format.

named.conf:

options {
directory "/etc/namedb";

dump-file "s/named_dump.db";
recursion no;
fetch-glue no;
};

zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};

zone "10.in-addr.arpa" { type master; file "m/db.RFC-1918"; };

zone "16.172.in-addr.arpa" { type master; file "m/db.RFC-1918"; };
zone "17.172.in-addr.arpa" { type master; file "m/db.RFC-1918"; };
zone "18.172.in-addr.arpa" { type master; file "m/db.RFC-1918"; };
zone "19.172.in-addr.arpa" { type master; file "m/db.RFC-1918"; };
zone "20.172.in-addr.arpa" { type master; file "m/db.RFC-1918"; };
zone "21.172.in-addr.arpa" { type master; file "m/db.RFC-1918"; };
zone "22.172.in-addr.arpa" { type master; file "m/db.RFC-1918"; };
zone "23.172.in-addr.arpa" { type master; file "m/db.RFC-1918"; };
zone "24.172.in-addr.arpa" { type master; file "m/db.RFC-1918"; };
zone "25.172.in-addr.arpa" { type master; file "m/db.RFC-1918"; };
zone "26.172.in-addr.arpa" { type master; file "m/db.RFC-1918"; };
zone "27.172.in-addr.arpa" { type master; file "m/db.RFC-1918"; };
zone "28.172.in-addr.arpa" { type master; file "m/db.RFC-1918"; };
zone "29.172.in-addr.arpa" { type master; file "m/db.RFC-1918"; };
zone "30.172.in-addr.arpa" { type master; file "m/db.RFC-1918"; };
zone "31.172.in-addr.arpa" { type master; file "m/db.RFC-1918"; };

zone "168.192.in-addr.arpa" { type master; file "m/db.RFC-1918"; };

zone "254.169.in-addr.arpa" { type master; file "m/db.RFC-1918"; };

zone "hostname.as112.net" { type master; file "m/db.hostname.as112.net"; };


logging {
channel update-log {
file "/dev/null" versions 5 size 1g;
print-category yes;
print-severity yes;
print-time yes;
severity info;
};
category update { update-log; };
category security { update-log; };
};

Next you need to create your RFC-1918 zone file

db.RFC-1918  zone file:

$TTL 300
@ IN SOA prisoner.iana.org. hostmaster.root-servers.org. (
                         2002040800 30m 15m 1w 1w )
     NS blackhole-1.iana.org.
     NS blackhole-2.iana.org.

The db.hostname.as112.net zone file:

$TTL 300
@ IN SOA as112.ixnm.net. info.ixnm.net. (
                         2003030100 ; serial
                         1H ; refresh
                         10M ; retry
                         4w2d ; expiry
                         15S ) ; minimum

     TXT "IXNM, Inc. New Mexico's only Neutral IX"
     TXT "Albuquerque, NM, USA"
     TXT "Unicast IP: 63.170.28.250"
     TXT "See http://as112.net/ for more information."
     TXT "See http://as112.ixnm.net/ for local information."
     NS blackhole-1.iana.org.
     NS blackhole-2.iana.org.

You should change the text in the TXT records above to reflect YOUR 
configuration.

 

All that's left is starting up your name server, and zebra and testing 
with some  dig commands.  You should make sure your start-up scripts, 
things like rc.d scripts, are configured to start your name server and 
zebra when the box is booted up.   I would recommend that you start your 
name server first.  Make sure its running (you can test for a PID) and 
then start zebra.   No need in having Zebra running and traffic flowing 
that you can't answer because your name server isn't running. :)

 

If you have any feed back, comments, or corrections, please email them to

   as112 AT chagreslabs D0T net


 
	 
  	

Legal Notice:

The contents of this page is Copyright 2003,2004,2005, Chagres Research, 
Inc.  All rights reserved.

You are allowed to link to or reproduce this page as long as proper 
credit is given.

The authors and Chagres Research, Inc. are NOT liable for any damages 
that may occur from the use or misuse of the information contained on 
this web page.  By using this web page and its information you agree to 
hold Chagres Research, Inc and the authors free from liability for your 
use or misuse of this information. 

This information is provided AS IS WITH NO WARANTY OF ANY KIND.