By Frank Habicht
This what I have done for a CENTOS:
create these config files to enable IPs 192.175.48.1, 192.175.48.6 and
192.175.48.42 on loopback
$ cat /etc/sysconfig/network-scripts/ifcfg-lo:0
# Loopback clone for AS112
DEVICE=lo:0
BOOTPROTO=static
BROADCAST=192.175.48.255
IPADDR=192.175.48.1
IPV6ADDR=
IPV6PREFIX=
NETMASK=255.255.255.0
NETWORK=192.175.48.0
ONBOOT=yes
$ cat /etc/sysconfig/network-scripts/ifcfg-lo:1
# Loopback clone for AS112
DEVICE=lo:1
BOOTPROTO=static
BROADCAST=192.175.48.255
IPADDR=192.175.48.6
IPV6ADDR=
IPV6PREFIX=
NETMASK=255.255.255.0
NETWORK=192.175.48.0
ONBOOT=yes
$ cat /etc/sysconfig/network-scripts/ifcfg-lo:2
# Loopback clone for AS112
DEVICE=lo:2
BOOTPROTO=static
BROADCAST=192.175.48.255
IPADDR=192.175.48.42
IPV6ADDR=
IPV6PREFIX=
NETMASK=255.255.255.0
NETWORK=192.175.48.0
ONBOOT=yes
then a
# /etc/init.d/network restart
should be in order to enable them
BIND (or other auth DNS server) has to be there:
$ rpm -q bind
bind-9.3.4-6.0.2.P1.el5_2
it is running chroot'ed in /var/named/chroot/
with a config file best taken from
http://tools.ietf.org/html/draft-ietf-dnsop-as112-ops-01#section-3.5
exmple:
# cat /var/named/chroot/etc/named.conf
options
{
query-source port 53;
query-source-v6 port 53;
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
recursion no;
listen-on {
127.0.0.1; // localhost
196.223.5.226; // local address (globally-unique, unicast)
192.175.48.1; // prisoner.iana.org (anycast)
192.175.48.6; // blackhole-1.iana.org (anycast)
192.175.48.42; // blackhole-2.iana.org (anycast)
};
};
logging
{
channel default_debug {
file "data/named.run";
severity dynamic;
};
category default { default_debug; };
};
zone "." IN {
type hint;
file "named.root";
};
// RFC 1918
zone "10.in-addr.arpa" { type master; file "db.empty"; };
zone "16.172.in-addr.arpa" { type master; file "db.empty"; };
zone "17.172.in-addr.arpa" { type master; file "db.empty"; };
zone "18.172.in-addr.arpa" { type master; file "db.empty"; };
zone "19.172.in-addr.arpa" { type master; file "db.empty"; };
zone "20.172.in-addr.arpa" { type master; file "db.empty"; };
zone "21.172.in-addr.arpa" { type master; file "db.empty"; };
zone "22.172.in-addr.arpa" { type master; file "db.empty"; };
zone "23.172.in-addr.arpa" { type master; file "db.empty"; };
zone "24.172.in-addr.arpa" { type master; file "db.empty"; };
zone "25.172.in-addr.arpa" { type master; file "db.empty"; };
zone "26.172.in-addr.arpa" { type master; file "db.empty"; };
zone "27.172.in-addr.arpa" { type master; file "db.empty"; };
zone "28.172.in-addr.arpa" { type master; file "db.empty"; };
zone "29.172.in-addr.arpa" { type master; file "db.empty"; };
zone "30.172.in-addr.arpa" { type master; file "db.empty"; };
zone "31.172.in-addr.arpa" { type master; file "db.empty"; };
zone "254.169.in-addr.arpa" { type master; file "db.empty"; };
zone "168.192.in-addr.arpa" { type master; file "db.empty"; };
// also answer authoritatively for the HOSTNAME.AS112.NET zone,
// which contains data of operational relevance
zone "hostname.as112.net" { type master;
file "db.hostname.as112.net"; };
That was the BIND config file.
zone files (see same section 3.5 of the ID / RFC)
# cat /var/named/chroot/var/named/db.empty
; db.empty
;
; Empty zone for AS112 server.
;
$TTL 1W
@ IN SOA prisoner.iana.org. hostmaster.root-servers.org. (
1 ; serial number
1W ; refresh
1M ; retry
1W ; expire
1W ) ; negative caching TTL
;
NS blackhole-1.iana.org.
NS blackhole-2.iana.org.
# cat /var/named/chroot/var/named/db.hostname.as112.net
; db.hostname.as112.net
;
$TTL 1W
@ SOA stats.tix.or.tz. geier.tix.or.tz. (
2 ; serial number
1W ; refresh
1M ; retry
1W ; expire
1W ) ; negative caching TTL
;
NS blackhole-2.iana.org.
NS blackhole-1.iana.org.
;
TXT "See http://as112.net/ for more information." #!!
put your local info here
TXT "AS112 at TIX, http://tix.or.tz/ , Dar es Salaam,
Tanzania" #!!! and here
;
LOC 6 48 48.000 S 39 17 19.000 E 80.00m 1m 10000m 10m
#!! and here
# rndc reload
server reload successful
if running already or
chkconfig --level 35 named on
/etc/init.d/named start
Now a short test
# dig @192.175.48.6 2.3.168.192.in-addr.arpa. PTR
; <<>> DiG 9.3.4-P1 <<>> @192.175.48.6 2.3.168.192.in-addr.arpa. PTR
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25991
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;2.3.168.192.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
168.192.in-addr.arpa. 604800 IN SOA prisoner.iana.org.
hostmaster.root-servers.org. 1 604800 60 604800 604800
;; Query time: 13 msec
;; SERVER: 192.175.48.6#53(192.175.48.6)
;; WHEN: Thu Jul 24 09:13:04 2008
;; MSG SIZE rcvd: 119
# dig @192.175.48.1 hostname.as112.net txt
; <<>> DiG 9.3.4-P1 <<>> @192.175.48.1 hostname.as112.net txt
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34267
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;hostname.as112.net. IN TXT
;; ANSWER SECTION:
hostname.as112.net. 604800 IN TXT "See http://as112.net/
for more information." #!! should show your info
hostname.as112.net. 604800 IN TXT "AS112 at TIX,
http://tix.or.tz/ , Dar es Salaam, Tanzania"
;; AUTHORITY SECTION:
hostname.as112.net. 604800 IN NS blackhole-1.iana.org.
hostname.as112.net. 604800 IN NS blackhole-2.iana.org.
;; Query time: 1 msec
;; SERVER: 192.175.48.1#53(192.175.48.1)
;; WHEN: Thu Jul 24 09:13:59 2008
;; MSG SIZE rcvd: 222
That should be all for the DNS.
Routing. Quagga:
# rpm -q quagga
quagga-0.98.6-5.el5
# cat /etc/quagga/bgpd.conf
!
! Zebra configuration saved from vty
! 2007/09/08 13:45:19
!
hostname your-name-here
password my-passwd
enable password wont-tell
log file /var/log/quagga/bgpd.log
!
router bgp 112
bgp router-id <...>
network 192.175.48.0/24
neighbor a.b.c.d remote-as xxxx
neighbor a.b.c.d prefix-list all in
neighbor a.b.c.d prefix-list as112-out out
neighbor a.b.c.e remote-as xxxx
neighbor a.b.c.e prefix-list all in
neighbor a.b.c.e prefix-list as112-out out
!
ip prefix-list all seq 5 permit any
ip prefix-list as112-out description allow as112
ip prefix-list as112-out seq 5 permit 192.175.48.0/24
ip prefix-list as112-out seq 100 deny any
!
line vty
!
since this machine has a default route that caters for all use, we don't need to
get the BGP rib into the fib. no zebra process. YMMV.
but activating bgp process (also for restarts):
chkconfig --level 35 bgpd on
/etc/init.d/bgpd start
Regards,
Frank