Servers

Participation in OSPF

Pre-requisites / Starting conditions

Ubuntu LTS 20.04.6 server – Base load no extras
Quagga ver: ___ as installed via apt-get

Procedure

Install Quagga
```
sudo apt-get install quagga rename
```
Create configuration files

Enable daemons

Edit /etc/quagga/daemons and enable zebra and ospfd.

sudo nano /etc/quagga/daemons

zebra=yes
bgpd=no
ospfd=yes
ospf6d=no
ripd=no
ripngd=no
isisd=no
babeld=no

Note1: The (connect password=””), (enable password=””), and (ospf password=””) are the same; they correspond with what Mikrotik calls the OSPF Interface’s Authentication Key)(/ospf /enable /connect) – REWORK THIS

Note2: Your anycast network’s bitmask is almost certainly 23

Note3: This doc will only address IPv4 as IPv6 is not being addressed at this time.)

Create configuration files

Copy sample files first, edit/update below:
a) sudo cp /usr/share/doc/quagga-core/examples/*.sample /etc/quagga/

b) cd /etc/quagga
c) sudo rename 's/\.sample$//' *.sample
Note: To avoid version syntax problems, copy SAMPLE config files and modify to suite. Most 'net resources for configuration are incorrect. Example/sample files as of 
Quagga version above are located in /usr/share/doc/quagga-core/examples, NOT /usr/share/doc/quagga/examples!

Edit configuration files

Zebra.conf
sudo nano /etc/quagga/zebra.conf

Note: PUT TEXT OF ZEBRA.CONF HERE
```
sudo nano /etc/quagga/ospd.conf
```
Note: PUT TEXT OF OSPFD.CONF HERE

Create log files

sudo touch /var/log/quagga/zebra.log /var/log/quagga/ospfd.log

Change Owner & Permissions on config files

sudo chown quagga:quagga /etc/quagga/*.conf

sudo chmod 640 /etc/quagga/*.conf

Change Owner & Permissions on log files

sudo chown quagga:quagga /var/log/quagga/*.log

sudo chmod 640 /var/log/quagga/*.log

Start Quagga
```
sudo service zebra start
```
(previously this was “sudo service quagga start”)

Verify OSPF is working

telnet localhost zebra

ip r | wc -l # Should show a large number of routes, > 300 at present.

Remove previous static default route

sudo ip r | grep default # If it contains the word "zebra", do not remove itsudo ip r del default # Be sure you have OOB control first since this can disconnect yousudo ip r | grep default # Should now have a default route from zebrasudo vim /etc/network/interfaces # Remove any gateway statement if this was a static config

OPTIONAL: Verify everything will work from a cold boot

ifdown eth0 ; ifup eth0 # Be sure you have OOB control first since this can disconnect you

OPTIONAL: Verify you can control zebra + ospfd

telnet localhost 2601 # For zebratelnet localhost 2604 # For ospfdtelnet 1 2606 # For ospf6d

Recursive DNS Anycast Service

Install unbound
```
sudo apt-get install unbound
```

Stop and disable unbound

sudo service unbound stopsudo update-rc.d unbound disable

Configure unbound

sudo cat >> /etc/unbound/unbound.conf    interface: <ANYCAST IP 1>    interface: <ANYCAST IP 2>    do-ip6: yes    interface: <IPv6 ANYCAST IP 1>    interface: <IPv6 ANYCAST IP 2>    access-control: 44.0.0.0/8 allow    access-control: <IPv6 ALLOCATION> allow    outgoing-interface: <PRIMARY SERVER IP>    rrset-roundrobin: yes<CTRL-D>

Configure recursive DNS IPv4 anycast interface

sudo cat >> /etc/network/interfacesauto any-dns-rriface any-dns-rr inet manual        pre-up ip tuntap add dev any-dns-rr mode tap        post-up ip a add <ANYCAST IP 1>/32 dev any-dns-rr        post-up ip a add <ANYCAST IP 2>/32 dev any-dns-rr        post-up ip l set dev any-dns-rr up        post-up service unbound start        post-down service unbound stop        post-down ip tuntap del dev any-dns-rr mode tap<CTRL-D>

OPTIONALLY: Configure recursive DNS IPv6 anycast interface

auto loiface lo inet loopback\\t\\tpost-up ip -6 a add <IPv6 ANYCAST IP 1>/128 dev lo\\t\\tpost-up ip -6 a add <IPv6 ANYCAST IP 2>/128 dev lo

Start the recursive DNS resolver service
```
sudo ifup losudo ifup any-dns-rr
```

Verify functionality

ip a # Should see the any-dns-rr interface with the two anycast IPs as well as the IPv6 IPs on the lo interfacedig @<ANYCAST IP 1> google.com. A # Should return google's IPsdig @<IPv6 ANYCAST IP 1> google.com. A # Should return google's IPs

Verify the service is being advertised to OSPF

ssh <NEAREST OSPF ROUTER>/ip route check <ANYCAST IP 1> # Should display nearest server's primary IP as nexthop/ipv6 route check <IPv6 ANYCAST IP 1> # Should display Link Local address of nearest server's ethernet interface as nexthop

Authoritative DNS Anycast Service

THIS NEEDS TO BE VERIFIED STILL – currently under rewrite using Ubuntu 20.04.03 and pgadmin4

Misc notes: need to create super user id to allow pgadmin4 full access to DB

Code statements to create powerdns user and ID need to be ; terminated

wcsqladmin / pw

Authoritative DNS is used to place names for the hostnames and the necessary PTR records for reverse-dns. It is comprised of a PowerDNS install utilizing PostgreSQL. You will amostly certainly want to install the HamWAN Management Portal alongside this. NOTE TO SELF: Evaluate Knot DNS an alternative to PowerDNS.

Install necessary software

sudo apt-get install postgresql postgresql-contrib postgresql-client pdns-server pdns-backend-pgsql

Setup the anycast IPs

sudo cat >> /etc/network/interfacesauto any-adnsiface any-adns inet manual        pre-up ip tuntap add dev any-adns mode tap        pre-up ip l set dev any-adns mtu 1418        post-up ip a add <ANYCAST IP 1>/32 dev any-adns        post-up ip a add <ANYCAST IP 2>/32 dev any-adns        post-up ip l set dev any-adns up        post-up service pdns restart        post-down ip tuntap del dev any-adns mode tap<CTRL-D>

Make sure postgres can handle our connection properly (v9.3 below is replaced with 12 or current as installed)

sudo vi /etc/postgresql/9.3/main/pg_hba.conf# in this file, make sure that the following line is present (most likely you'll change auth from "peer" to "md5")local   all             all                                     md5

Update the pdns config to point to the postgres db; make sure the following are set in /etc/powerdns/pdns.d/pdns.local.gpgsql

launch=gpgsqlgpgsql-host=gpgsql-port=gpgsql-user=powerdnsgpgsql-password=<DB PW>gpgsql-dbname=powerdnslocal-address=<YOUR ANYCAST AUTHORITATIVE NS IPS SEPARATED BY COMMA># make sure there aren't any include-dir statements!!

Setup the DB

sudo su postgres ; change to the postgres userpsql ; enter the postgres promptCREATE USER powerdns WITH PASSWORD '<DB PW>'CREATE DATABASE powerdns\\\\q

Create the PDNS DB Schema (insert info to install pgadmin4 and do via gui. Current cmdline errors on TEXT constraint statements)

psql -d powerdnsCREATE TABLE domains (  id                    SERIAL PRIMARY KEY,  name                  VARCHAR(255) NOT NULL,  master                VARCHAR(128) DEFAULT NULL,  last_check            INT DEFAULT NULL,  type                  VARCHAR(6) NOT NULL,  notified_serial       INT DEFAULT NULL,  account               VARCHAR(40) DEFAULT NULL,  CONSTRAINT c_lowercase_name CHECK (((name)TEXT = LOWER((name)TEXT))));CREATE UNIQUE INDEX name_index ON domains(name);CREATE TABLE records (  id                    SERIAL PRIMARY KEY,  domain_id             INT DEFAULT NULL,  name                  VARCHAR(255) DEFAULT NULL,  type                  VARCHAR(10) DEFAULT NULL,  content               VARCHAR(65535) DEFAULT NULL,  ttl                   INT DEFAULT NULL,  prio                  INT DEFAULT NULL,  change_date           INT DEFAULT NULL,  disabled              BOOL DEFAULT 'f',  ordername             VARCHAR(255),  auth                  BOOL DEFAULT 't',  CONSTRAINT domain_exists  FOREIGN KEY(domain_id) REFERENCES domains(id)  ON DELETE CASCADE,  CONSTRAINT c_lowercase_name CHECK (((name)TEXT = LOWER((name)TEXT))));CREATE INDEX rec_name_index ON records(name);CREATE INDEX nametype_index ON records(name,type);CREATE INDEX domain_id ON records(domain_id);CREATE INDEX recordorder ON records (domain_id, ordername text_pattern_ops);CREATE TABLE supermasters (  ip                    INET NOT NULL,  nameserver            VARCHAR(255) NOT NULL,  account               VARCHAR(40) DEFAULT NULL,  PRIMARY KEY(ip, nameserver));CREATE TABLE comments (  id                    SERIAL PRIMARY KEY,  domain_id             INT NOT NULL,  name                  VARCHAR(255) NOT NULL,  type                  VARCHAR(10) NOT NULL,  modified_at           INT NOT NULL,  account               VARCHAR(40) DEFAULT NULL,  comment               VARCHAR(65535) NOT NULL,  CONSTRAINT domain_exists  FOREIGN KEY(domain_id) REFERENCES domains(id)  ON DELETE CASCADE,  CONSTRAINT c_lowercase_name CHECK (((name)TEXT = LOWER((name)TEXT))));CREATE INDEX comments_domain_id_idx ON comments (domain_id);CREATE INDEX comments_name_type_idx ON comments (name, type);CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);CREATE TABLE domainmetadata (  id                    SERIAL PRIMARY KEY,  domain_id             INT REFERENCES domains(id) ON DELETE CASCADE,  kind                  VARCHAR(32),  content               TEXT);CREATE INDEX domainidmetaindex ON domainmetadata(domain_id);CREATE TABLE cryptokeys (  id                    SERIAL PRIMARY KEY,  domain_id             INT REFERENCES domains(id) ON DELETE CASCADE,  flags                 INT NOT NULL,  active                BOOL,  content               TEXT);CREATE INDEX domainidindex ON cryptokeys(domain_id);CREATE TABLE tsigkeys (  id                    SERIAL PRIMARY KEY,  name                  VARCHAR(255),  algorithm             VARCHAR(50),  secret                VARCHAR(255),  CONSTRAINT c_lowercase_name CHECK (((name)TEXT = LOWER((name)TEXT))));CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);GRANT SELECT ON supermasters TO powerdns;GRANT ALL ON tsigkeys TO powerdns;GRANT ALL ON cryptokeys TO powerdns;GRANT ALL ON domainmetadata TO powerdns;GRANT ALL ON comments TO powerdns;GRANT ALL ON records TO powerdns;GRANT ALL ON domains TO powerdns;GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO powerdns;\\\\q

Restart the deamons