Recursive DNS

Recursive DNS service running mostly for test purposes and my internal usage.

Service is available under IPv6 only: 2001:67c:21ec::53 and 2a0f:5707:ba00::53 via dnscache.e-utp.net DNS alias.

DoT on port 853 and DoH over port 443 are enabled.

  • DNSSEC enabled
  • Filtering enabled, using CERT Poland malicious domains list updated hourly
  • Logging disabled
  • If not in cache, forward to Quad9

Hardware

Fortigate 40F act as Load Balancer using Virtual Server feature. First Alive is used as load balancer algorithm.

Node #1 (primary):

ThinkCentre M625p AMD E2-9000e 8GB RAM

Node #2A (backup):

Raspberry Pi 4 ARMv7 Processor rev 3 (v7l) 4GB RAM

Node #2B (backup):

Raspberry Pi 4 ARMv7 Processor rev 3 (v7l) 2GB RAM

Software

PowerDNS Recursor running on openSUSE Tumbleweed behind dnsdist with some dymanic block rules and caching.

Statistics

dns_queries

dns_cache