Librehosters DNS-service

Wiox · March 5, 2019, 11:03am

What would you guys think about having a DNS environment that is provided by librehosters?
I spend some thoughts on it and personally I would really think it would be pretty cool to do, so people can use a free DNS-service that offers transparency and also using libre and ethical software.

I can imagine that such service would attract people that is a part of the Librehosters network and people that want a free DNS-service without having to turn to big providers like Cloudflare.

A DNS service would need:

Somekind of webUI (afraid.org do have a simple bu fully usable UI, inspiration?)
Servers located on several places
Hostnames that is not under the same domainname and even tld.
Example: ns.libreho.st
ns.weho.st
ns.linux.pizza
ns.allmende.io
DNSSEC support - this can be “solved” by OpenDNSSEC. But that alone would not make it to work out of the box. If we would automate it - we need to write an EPP compatible software that takes care of that.

A DNS service would not need:

Anycast - even if it would be nice, but it is not important
A fancy UI

A DNS service would be cool if it had:

An API or support for dynamic DNS

What is your thoughts about this? Is this a good idea or a bad idea?
Would it even make sense to have such service when there is already plenty of providers out there?

realitygaps · March 5, 2019, 11:20am

I think some of the groups in librehosters already host DNS . We dont really want to provide much infrastructure as librehosters i think as thats just more stuff to maintain and we all have stacks to maintain already. But its likely that some groups already offer this. At weho.st we host our own dns with powerdns but we are not allowing free access to the DNS servers, its just used for internal and for our contributors.

chrisc · March 5, 2019, 11:54am

We provide a service like this, members of our co-op can use GitLab to manage Bind 9 zonefiles and when they update then they are checked and our DNS servers update, there is some more detail about this in this thread:

And on this wiki page.

The things that we need to add, when we find the time and resources are:

The ability to provide the data in JSON and / or YAML format
API access to allow Let’s Encrypt to use DNS verification and for dynamic DNS
DNSSEC

If anybody would like to join our co-op and help with the development of this service that would be most welcome.

how · March 5, 2019, 1:26pm

Totally agreed with all three

As @realitygaps reminded, libreho.st has no vocation to provide services to third parties.
But nothing prevents some librehosters to pool resources and decide to provide a common DNS service or reciprocate cross-AS DNS servers. On the contrary, this kind of attitude is encouraged.

Aleks · March 5, 2019, 1:50pm

I dunno if that’s relevant, but here are my two cents :

At ARN / Sans-Nuage, we maintain the service netlib.re which is quite close to this. The software behind this is DNSmanager : https://github.com/KaneRoot/dnsmanager . There are a few quacks and it is written in perl but it seem to work pretty well
In YunoHost, we use a software called Dynette and the use case if much different (there’s no graphical UI, there are constrains on what fields you can use exactly, and the goal is automatic configuration from the client being the yunohost instance)

how · March 5, 2019, 2:08pm

Since we’re gathering DNS resources, here’s an old one for managing BIND zones with Git, including dynamic DNS support and user-controlled zones: https://www.dyne.org/software/gitzone/

Wiox · March 6, 2019, 12:56pm

We dont really want to provide much infrastructure as librehosters i think as thats just more stuff to maintain

Well, if you are concerned about stuff to maintain - why have weho.st or even librehosters then?
Joke aside, I get your point.

Personally, I would love to see a project like this between different hosters. Would be nice if we could pull something off.

how · March 8, 2019, 9:01am

Best way to do so is to start collaborating with one other librehoster who shares your concern and grow from there.

Wiox · March 9, 2019, 9:18am

Agree,

So if anyone in this community want’s to do something like this - please let me know

chrisc · March 9, 2019, 9:38am

As I said above we are doing something like this…

Wiox · March 9, 2019, 10:01am

But you did not say that you was open to collaboration between hosters, only people in your co-op. Or did I misunderstand you?

chrisc · March 9, 2019, 10:30am

That is right, if you are interested in working with us on this you could join our co-op for £1 — we are a multi-stakeholder co-operative made up of investors, partners, client and workers.

Wiox · May 6, 2019, 6:16pm

I have launched a FreeDNS-service at https://freedns.linux.pizza
At the moment, signups is made by sending an email to the address on the website.

It is currently beta, but if you want to use it one of the servers as slave-dns - hook me up

I am currently using it for cirka 10 domains, and a couple of more is using it as slave only, some examples:

╭─jonathan@trisquel ~  
╰─➤  dig linux.monster +short NS
dns.operationtulip.com.
dns.linux.pizza.
dns.selea.se.

╭─jonathan@trisquel ~
╰─➤ dig selea.se +short NS
dns04.ports.net.
dns.linux.pizza.
ns1.1984hosting.com.
ns2.afraid.org.
dns01.dipcon.com.
dns03.ports.se.

It is also possible to use them as a slave DNS only, for those who wants it - completely for free.

jean · May 29, 2019, 8:39pm

I usually use dns.watch servers when I need to use a public DNS. I haven’t tried digging under the surface, but they seem legit and decent.

Wiox · May 30, 2019, 7:38am

@jean

I am not talking about resolvers, rather authoritative DNS servers that you for example use for domain (nomagic.uk).
You currently use
ns1.nomagic.fr.
ns6.gandi.net

jean · May 30, 2019, 7:50am

oh, ok. I didn’t read as thoroughly as I should have through your last post.
The DNS slave option is an interesting option for hosters indeed, I’ll give it a go once my current projects settle.

Wiox · May 30, 2019, 5:31pm

Yeah, for some reason when I talk about it - everyone assumes it is somekind of “pi-hole as a service” or something

lelux · July 11, 2019, 2:10am

There’s PDNS Manager that could be used as UI.

Self-registration is missing though, but could be implemented relatively easily.

Some services using that GUI:

freedns.linux.pizza (I assume @wiox is linux.pizza admin)
lelux.fi/dns (mine, not officially librehoster yet)

lelux · July 11, 2019, 2:20am

@Wiox, what do you use to deply domains added to master to the slave servers?

what software do you use?

My setup’s currently the following:
PowerDNS as master (freedns) + 2 knot as slaves (ns1, ns2)

Wiox · July 11, 2019, 7:40am

Blockquote what do you use to deply domains added to master to the slave servers?

I assume you mean AXFR/IXFR, “replicate”?
I use PowerDNS on the master and the secondary DNS servers. The master is configured as a “supermaster” - every AXFR that is made from the master to the secondarys is automatically accepted into the secondary DNS-server - so called supermaster/superslave.