Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
certificate
primary-git
primary-with-zone
primary
resolver
secondary-git
secondary
stub
README.md

README.md

Unikernel examples

Installation

You first need to have µDNS installed (opam pin add udns https://github.com/roburio/udns).

In either of the directories, run mirage configure (see mirage help configure for options), followed by make depend and make (read more information Hello MirageOS world).

Depending on the target, the name and type of the resulting binary varies. In the default target, unix, its name is ./main.native, and which requires superuser privileges to listen on port 53 (e.g. doas ./main.native -l \*:debug).

Primary authoritative nameservers

The primary subdirectory contains an example unikernel with the hardcoded zone (in its unikernel.ml) named mirage, listening on 10.0.42.2/24, and some example resource records. It also configures several TSIG keys, one for the seconday, another for update, transfer, and key-management.

The primary-with-zone contains no hardcoded configuration, but serves data/zone instead.

The primary-git subdirectory contains a unikernel which get as boot parameter (--remote) a git repository where it expects at the top level zonefiles, parses and serves them via DNS.

Secondary authoritative nameserver

The secondary subdirectory contains an example unikernel which listens on 10.0.42.4/24 by default and accepts TSIG keys as command line arguments (--keys, can be provided multiple times).

The secondary-git subdirectory contains a secondary that at the moment only works with the unix target of mirage and dumps zonefiles in a configurable local git repository (whenever a notify is received / AXFR has succeeded).

An example setup how they play together could be:

# ./ukvm-bin --net=tap0 -- primary/primary.ukvm -l \*:debug
# ./ukvm-bin --net=tap1 -- secondary/secondary.ukvm -l \*:debug --keys 10.0.42.2.10.0.42.4._transfer.mirage:SHA256:E0A7MFr4kfcGIRngRVBcBdFPg43XIb2qbGswcn66q4Q=

Caching resolvers

The resolver subdirectory contains a recursive resolver listening on 10.0.42.5/24. A single key-management key is included, foo._key-management:SHA256:/NzgCgIc4yKa7nZvWmODrHMbU+xpMeGiDLkZJGD/Evo=.

The stub subdirectory contains a stub resolver, which forwards all requests to 141.1.1.1.