[Yeti DNS Discuss] Yeti DNS resolver on a Turris Omnia

Stephane Bortzmeyer bortzmeyer at nic.fr
Sun Mar 12 19:27:16 UTC 2017


I added one more DNS Yeti resolver, at home, where the CPE is a Turris
Omnia <https://omnia.turris.cz>. The Omnia uses by default Knot
resolver, so I use the config described on
<http://yeti-dns.org/join.html> for Knot.

The Omnia uses OpenWrt so you have to edit OpenWrt's
/etc/config/resolver:

config resolver 'common'
        ...
	option keyfile '/etc/kresd/yeti-root.keys'

config resolver 'kresd'
        ...
        option include_config '/etc/kresd/custom.conf'

And custom.conf contains:

hints.root({
	['bii.dns-lab.net.'] = '240c:f:1:22::6',
	['yeti-ns.tisf.net .'] = '2001:4f8:3:1006::1:4',	
	['yeti-ns.wide.ad.jp.'] = '2001:200:1d9::35',
	['yeti-ns.as59715.net.'] = '2a02:cdc5:9715:0:185:5:203:53',
	['dahu1.yeti.eu.org.'] = '2001:4b98:dc2:45:216:3eff:fe4b:8c5b',
	['ns-yeti.bondis.org.'] = '2a02:2810:0:405::250',
	['yeti-ns.ix.ru .'] = '2001:6d0:6d06::53',
	['yeti.bofh.priv.at.'] = '2a01:4f8:161:6106:1::10',
	['yeti.ipv6.ernet.in.'] = '2001:e30:1c1e:1::333',
	['yeti-dns01.dnsworkshop.org.'] = '2001:1608:10:167:32e::53',
	['yeti-ns.conit.co.'] = '2604:6600:2000:11::4854:a010',
	['dahu2.yeti.eu.org.'] = '2001:67c:217c:6::2',
	['yeti.aquaray.com.'] = '2a02:ec0:200::1',
	['yeti-ns.switch.ch.'] = '2001:620:0:ff::29',
	['yeti-ns.lab.nic.cl.'] = '2001:1398:1:21::8001',
	['yeti-ns1.dns-lab.net.'] = '2001:da8:a3:a027::6',
	['yeti-ns2.dns-lab.net.'] = '2001:da8:268:4200::6',
	['yeti-ns3.dns-lab.net.'] = '2400:a980:30ff::6',
	['ca978112ca1bbdcafac231b39a23dc.yeti-dns.net.'] = '2c0f:f530::6',
	['yeti-ns.datev.net.'] = '2a00:e50:f15c:1000::1:53',
	['3f79bb7b435b05321651daefd374cd.yeti-dns.net.'] = '2401:c900:1401:3b:c::6',
	['xn--r2bi1c.xn--h2bv6c0a.xn--h2brj9c.'] = '2001:e30:1c1e:10::333',
	['yeti1.ipv6.ernet.in.'] = '2001:e30:187d::333',
	['yeti-dns02.dnsworkshop.org.'] = '2001:19f0:0:1133::53',
	['yeti.mind-dns.nl.'] = '2a02:990:100:b01::53:0'
})

Now, it works.

%  dig AAAA yeti-dns.org

; <<>> DiG 9.11.0-P3 <<>> AAAA yeti-dns.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28021
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;yeti-dns.org.		IN AAAA

;; ANSWER SECTION:
yeti-dns.org.		168206 IN AAAA 240c:f:1:22::190
yeti-dns.org.		168206 IN RRSIG	AAAA 5 2 172800 (
				20170607030402 20170309030402 10800 yeti-dns.org.
				Jb0swYAk9I3IY1hxoJazPcdbNhlIqsrKJ0LH0OS3vYyE
				46IuFK5dcwLNQrP+PwvBcltVjD2maWIVI7bz8keTnRtg
				cpPKu3oKhpLcaAOwFVEFakexPZRlmo0TgMvbUlnJoc68
				78BoCOMC9H3taWMtL7zbH3uzaYf2xYl3d/OpQGE= )

;; Query time: 1 msec
;; SERVER: 192.168.2.254#53(192.168.2.254)
;; WHEN: Sun Mar 12 20:22:00 CET 2017
;; MSG SIZE  rcvd: 241



%  dig AAAA bii.dns-lab.net

; <<>> DiG 9.11.0-P3 <<>> AAAA bii.dns-lab.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35635
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bii.dns-lab.net.	IN AAAA

;; Query time: 491 msec
;; SERVER: 192.168.2.254#53(192.168.2.254)
;; WHEN: Sun Mar 12 20:22:35 CET 2017
;; MSG SIZE  rcvd: 33


%  dig +cd AAAA bii.dns-lab.net

; <<>> DiG 9.11.0-P3 <<>> +cd AAAA bii.dns-lab.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45343
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;bii.dns-lab.net.	IN AAAA

;; ANSWER SECTION:
bii.dns-lab.net.	600 IN AAAA 240c:f:1:22::6

;; Query time: 76 msec
;; SERVER: 192.168.2.254#53(192.168.2.254)
;; WHEN: Sun Mar 12 20:22:48 CET 2017
;; MSG SIZE  rcvd: 72

As a side effect, there is now one RIPE Atlas probe which uses a Yeti
resolver <https://atlas.ripe.net/probes/10645/>:

% atlas-resolve -u 10645 -d -t SOA .                                                                                    
Measurement #7867605 for ./SOA uses 1 probes
[www.yeti-dns.org. tisf.yeti-dns.org. 2017031201 1800 900 604800 86400] : 1 occurrences 
Test #7867605 done at 2017-03-12T19:15:37Z


It is always funny how many DNS requests a simple home network (four
persons) can do after a few minutes :-)

# socat - UNIX-CONNECT:/tmp/kresd/tty/$(pidof kresd)
> stats.list()
[answer.nxdomain] => 5741
[answer.100ms] => 1301
[answer.1500ms] => 417
[answer.slow] => 1667
[answer.servfail] => 2566
[answer.250ms] => 1275
[answer.cached] => 23317
[answer.nodata] => 1471
[query.dnssec] => 146
[answer.1ms] => 23298
[predict.epoch] => 39
[query.edns] => 177
[predict.queue] => 139
[answer.total] => 31550
[answer.10ms] => 187
[answer.noerror] => 21772
[answer.50ms] => 2747
[answer.500ms] => 367
[answer.1000ms] => 256
[predict.learned] => 226

> 


More information about the discuss mailing list