DIY DNS
2021 to Present • https://github.com/jb3/dnsMy DIY DNS project replaced the nameservers for jb3.dev with self-hosted BIND nameservers deployed using Ansible. It implements advanced DNS features like DNSSEC, including (fairly secure!) automatic key generation.
I’ll eventually be writing a full blog post on how I set up this project, from having Ansible install BIND to generating DNSSEC keys and signing the zone.
core.host.jb3.dev and rt1.host.jb3.dev are the two authorative nameservers for jb3.dev, you can try them for yourself using dig.
As an example, a DNS query for this domain, jb3.dev, will start at the DNS roots, progress to the dev. TLD nameservers and end up at one of the nameservers that serves the jb3.dev. zone. A nicer visualisation of the below dig command can be found here.
$ dig +trace +nodnssec jb3.dev
; <<>> DiG 9.18.27 <<>> +trace +nodnssec jb3.dev;; global options: +cmd.                       87203   IN      NS      m.root-servers.net.12 collapsed lines
.                       87203   IN      NS      e.root-servers.net..                       87203   IN      NS      a.root-servers.net..                       87203   IN      NS      j.root-servers.net..                       87203   IN      NS      c.root-servers.net..                       87203   IN      NS      i.root-servers.net..                       87203   IN      NS      k.root-servers.net..                       87203   IN      NS      d.root-servers.net..                       87203   IN      NS      l.root-servers.net..                       87203   IN      NS      f.root-servers.net..                       87203   IN      NS      g.root-servers.net..                       87203   IN      NS      h.root-servers.net..                       87203   IN      NS      b.root-servers.net.;; Received 239 bytes from 8.8.8.8#53(8.8.8.8) in 26 ms
dev.                    172800  IN      NS      ns-tld1.charlestonroadregistry.com.4 collapsed lines
dev.                    172800  IN      NS      ns-tld2.charlestonroadregistry.com.dev.                    172800  IN      NS      ns-tld3.charlestonroadregistry.com.dev.                    172800  IN      NS      ns-tld4.charlestonroadregistry.com.dev.                    172800  IN      NS      ns-tld5.charlestonroadregistry.com.;; Received 392 bytes from 2001:503:c27::2:30#53(j.root-servers.net) in 23 ms
jb3.dev.                10800   IN      NS      rt1.host.jb3.dev.jb3.dev.                10800   IN      NS      core.host.jb3.dev.;; Received 143 bytes from 216.239.34.105#53(ns-tld2.charlestonroadregistry.com) in 30 ms
jb3.dev.                3600    IN      A       202.61.228.148jb3.dev.                3600    IN      NS      rt1.host.jb3.dev.jb3.dev.                3600    IN      NS      core.host.jb3.dev.;; Received 161 bytes from 66.245.193.219#53(rt1.host.jb3.dev) in 16 msNote: DNSSEC has been omitted here for brevity, but you can see a visualisation of the DNSSEC zones here.