Changes in ba6dd3a: Updated New DNS (markdown)

				services/New-DNS.md
			
          @@ -22,6 +22,16 @@ These are simple authoritative servers for the dn42 zone, rDNS and a few DNS inf

           ## *.master.delegation-servers.dn42

           These instances do not serve any clients. They poll the registry regularly and rebuild and resign (DNSSEC) the zones as needed. If any zone changes, all *.delegation-servers.dn42 instances are notified ([RFC1996](https://tools.ietf.org/html/rfc1996)) which then load the new zone data over AXFR ([RFC5936](https://tools.ietf.org/html/rfc5936)). The pool of masters is intentionally kept very small because of its much higher coordination needs and also the lacking support of a multi-master mode in many authoritative server implementations. The masters are only reachable over dedicated IPv6 assignments which are set up in a way that any master operator can hijack the address of a problematic master without having to wait for its operator to fix something.

          +# Running your own instances

          +* If you want to run your own instances, make sure you are subscribed to the [[mailinglist|contact]]. It is also strongly recommended to join #dn42-dns@hackint. All changes are announced to the mailinglist but IRC makes debugging sessions much easier.

          +* Choose the implementation(s) you want to use. It should support at least AXFR+NOTIFY (*.delegation-servers.dn42) or DNSSEC (*.recursive-servers.dn42).

          +* Check if [[TODO|TODO]] already has configuration snippets for your implementation.

          +  * If yes, download it from there and include it in the main configuration.

          +  * If not, then join us in #dn42-dns@hackint so we can add it together.

          +* Verify that everything works:

          +  * For *.delegation-servers.dn42: Do an AXFR against all zones and compare with the result of an existing instance. The result should be identical.

          +  * For *.recursive-servers.dn42: Query clearnet, dn42 and ICVPN domains including rDNS. Make sure that both signed and unsigned domains work properly.

          +

           # [Monitoring](https://grafana.burble.com/d/DjGj6GiWk/dn42-dns-status?orgId=3&refresh=1m)

           burble is providing monitoring for the new DNS system. It does simple checks on all instances every minute and also logs all changes into #dn42-dns@hackint.

...	...	@@ -22,6 +22,16 @@ These are simple authoritative servers for the dn42 zone, rDNS and a few DNS inf
22	22	## *.master.delegation-servers.dn42
23	23	These instances do not serve any clients. They poll the registry regularly and rebuild and resign (DNSSEC) the zones as needed. If any zone changes, all *.delegation-servers.dn42 instances are notified ([RFC1996](https://tools.ietf.org/html/rfc1996)) which then load the new zone data over AXFR ([RFC5936](https://tools.ietf.org/html/rfc5936)). The pool of masters is intentionally kept very small because of its much higher coordination needs and also the lacking support of a multi-master mode in many authoritative server implementations. The masters are only reachable over dedicated IPv6 assignments which are set up in a way that any master operator can hijack the address of a problematic master without having to wait for its operator to fix something.
24	24
	25	+# Running your own instances
	26	+* If you want to run your own instances, make sure you are subscribed to the [[mailinglist\|contact]]. It is also strongly recommended to join #dn42-dns@hackint. All changes are announced to the mailinglist but IRC makes debugging sessions much easier.
	27	+* Choose the implementation(s) you want to use. It should support at least AXFR+NOTIFY (.delegation-servers.dn42) or DNSSEC (.recursive-servers.dn42).
	28	+* Check if [[TODO\|TODO]] already has configuration snippets for your implementation.
	29	+ * If yes, download it from there and include it in the main configuration.
	30	+ * If not, then join us in #dn42-dns@hackint so we can add it together.
	31	+* Verify that everything works:
	32	+ * For *.delegation-servers.dn42: Do an AXFR against all zones and compare with the result of an existing instance. The result should be identical.
	33	+ * For *.recursive-servers.dn42: Query clearnet, dn42 and ICVPN domains including rDNS. Make sure that both signed and unsigned domains work properly.
	34	+
25	35	# [Monitoring](https://grafana.burble.com/d/DjGj6GiWk/dn42-dns-status?orgId=3&refresh=1m)
26	36	burble is providing monitoring for the new DNS system. It does simple checks on all instances every minute and also logs all changes into #dn42-dns@hackint.
27	37