Background I am running my own authoritative DNS servers for the last few years. In earlier stages I just used registrar-provided DNS, later moved to “Cloud provider” provided DNS and ultimately settled for running my own auth DNS.
Two major requirements pushed me to self-host auth DNS:
Requirement of REST API for DNS needed by the web servers to resolve Letsencrypt certbot DNS-based challenge. This allows me to have internally hosted tools with Letsencrypt issues TLS certificates instead of self-signed ones.
Came across excellent tool called “bgpq3” from one of recent posts in NANOG mailing list. This tool can general filters for a given ASN for Cisco or Juniper based on RADB’s data.
E.g Juniper style config for AS54456 (1st ASN on which I worked on!) :)
anurag@server7 ~> bgpq3 -Jl Cloudaccess as54456 policy-options { replace: prefix-list Cloudaccess { 199.116.76.0/24; 199.116.77.0/24; 199.116.78.0/24; 199.116.79.0/24; } } anurag@server7 ~> Cisco style config:
> anurag@server7:~$ bgpq3 -l Cloudaccess as54456 no ip prefix-list Cloudaccess ip prefix-list Cloudaccess permit 199.
Whenever I see a new unknown IP range, it gets hard to find exact source of that IP within command shell. Recently, I found a very interesting source of that information from Team Cymru. Here’s the resource.
I figured out (with a friend’s help) that using their whois server - v4.whois.cymru.com one can actually grab limited information as required. E.g
anurag@laptop:~$ whois -h v4.whois.cymru.com " -v 8.8.8.8" AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 15169 | 8.