Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Last revision Both sides next revision
opennic:tier2setup [2017-04-19T01:48:31Z]
jonaharagon created
opennic:tier2setup [2019-03-12T23:18:44Z]
userspace [Unbound]
Line 1: Line 1:
 ====== Setting up a Tier 2 Server ====== ====== Setting up a Tier 2 Server ======
  
-Tier 2 servers (DNS resolvers) can be used for public or private DNS lookups, on the OpenNIC and ICANN namespaces.+[[opennic:tier2|Tier 2]] servers (DNS resolvers) can be used for public or private DNS lookups, on the OpenNIC and ICANN namespaces.
  
 Recommended Minimum Server Specifications Recommended Minimum Server Specifications
Line 17: Line 17:
   * You will personally need to monitor your equipment and be willing to quickly resolve any failures. This includes having the knowledge to troubleshoot both hardware and software failures.   * You will personally need to monitor your equipment and be willing to quickly resolve any failures. This includes having the knowledge to troubleshoot both hardware and software failures.
   * When your service becomes unavailable from the internet for more than two hours, you will receive an automated email warning. Please do not ignore these emails -- you will only receive them when there is a problem.   * When your service becomes unavailable from the internet for more than two hours, you will receive an automated email warning. Please do not ignore these emails -- you will only receive them when there is a problem.
-  * Tier-2 servers **will** experience DDoS attacks. Please be sure to visit the [[opennic:tier2security|Tier 2 Security]] page for information on how to mitigate these attacks. Other members will do what they can to provide assistance, however ultimately it is your responsibility to ensure that your own servers do not participate in man-in-the-middle or amplification attacks. You do not want to become part of an attack!+  * Tier 2 servers **will** experience DDoS attacks. Please be sure to visit the [[opennic:tier2security|Tier 2 Security]] page for information on how to mitigate these attacks. Other members will do what they can to provide assistance, however ultimately it is your responsibility to ensure that your own servers do not participate in man-in-the-middle or amplification attacks. You do not want to become part of an attack!
   * Various attacks will use up a lot of bandwidth. If your provider places data caps on your monthly internet usage, you may want to reconsider having a public service. Every attack is different, so no predictions can be on what your data usage will be each month -- however as an example, attacks can continue for several months and have been known to blast up to 20Mb/s of queries to an individual server. If you wish to run a public service, be prepared for the worst!   * Various attacks will use up a lot of bandwidth. If your provider places data caps on your monthly internet usage, you may want to reconsider having a public service. Every attack is different, so no predictions can be on what your data usage will be each month -- however as an example, attacks can continue for several months and have been known to blast up to 20Mb/s of queries to an individual server. If you wish to run a public service, be prepared for the worst!
  
Line 33: Line 33:
   * A private-use Tier 2   * A private-use Tier 2
  
-The root-hints method is **strongly discouraged** when running a public server, because it creates unnecessary strain on our infrastructure. If you are going to run a publicly listed server, you must run one of the following two options.+The root-hints method is **strongly discouraged** when running a public server, because it creates unnecessary strain on our infrastructure. If you are going to run a publicly listed server, you must run one a slaved zone method.
  
 ==== Slave Zone Method (BIND) ==== ==== Slave Zone Method (BIND) ====
Line 51: Line 51:
  
   * [[opennic:srvzone|Srvzone method]]: Automated script for BIND9 by Jeff Taylor.   * [[opennic:srvzone|Srvzone method]]: Automated script for BIND9 by Jeff Taylor.
 +  * [[opennic:t2digitalocean|DigitalOcean User Data]]: Automated installation for DigitalOcean Droplets (modified Srvzone with DigitalOcean Metadata) by [[user:jonaharagon|Jonah Aragon]]
 +  * [[opennic:ansible-setup|Ansible Method]]: Automated using method setting up slave zones using Ansible by [[user:hack13|Timothy Rogers]]
  
 ==== DJBDNS ==== ==== DJBDNS ====
Line 58: Line 60:
 ==== Unbound ==== ==== Unbound ====
  
-For those of you who prefer Unbound, an updated guide will be posted soon. [[http://web.archive.org/web/20160904020628/http://wiki.opennicproject.org:80/Tier2ConfigUnbound|Archived guide]].+For those of you who prefer Unbound, this is a [[:tier_2_unbound|sample Unbound setup]]. [[http://web.archive.org/web/20160904020628/http://wiki.opennicproject.org:80/Tier2ConfigUnbound|Archived guide]].
  
 ==== Windows Server ==== ==== Windows Server ====
Line 64: Line 66:
 We highly discourage public Windows Tier 2 servers, but these guides exist if you require running it in a LAN, Corporate Network, etc. We highly discourage public Windows Tier 2 servers, but these guides exist if you require running it in a LAN, Corporate Network, etc.
  
-  * Windows 2016: //We lost this guide with the old wiki, we're working on remaking it!// +  * [[t2win16|Windows 2016]] 
-  * Windows 2012: Guide will be posted at [[opennic:t2win12|t2win12]] shortly. [[http://web.archive.org/web/20160628170446/http://wiki.opennicproject.org:80/Tier2ConfigWindows2012|Archived guide]].+  * [[t2win12|Windows 2012 (r2)]] shortly.
  
 ===== Post-Setup Configuration ===== ===== Post-Setup Configuration =====
Line 71: Line 73:
 Make sure you read the following guides to ensure your server is setup in the best way possible for the OpenNIC network. Make sure you read the following guides to ensure your server is setup in the best way possible for the OpenNIC network.
  
-  * [[opennic:bindlogconfig|BIND Logging Configuration]]. [[http://web.archive.org/web/20160913110735/http://wiki.opennicproject.org/Tier2ConfigBindLogging|Archived guide]]. +  * [[:bindlogconfig|BIND Logging Configuration]] 
-  * [[opennic:bindloganon|BIND Logging Obfuscation]]. [[http://web.archive.org/web/20160913110708/http://wiki.opennicproject.org/Tier2ConfigObfuscatingLogs|Archived guide]]. +  * [[:bindloganon|BIND Logging Obfuscation]] 
-  * [[opennic:tier2security|Tier 2 Security Measures]]. [[http://web.archive.org/web/20160905195029/http://wiki.opennicproject.org:80/Tier2Security|Archived guide]].+  * [[opennic:tier2security|Tier 2 Security Measures]]
  • /wiki/data/pages/opennic/tier2setup.txt
  • Last modified: 6 months ago
  • by megan