Anycast DNS with KnotDNS

Deploy a production-grade anycast DNS service using KnotDNS across NetActuate's global PoP network. Based on a real deployment serving 30+ locations.

What You Will Have

KnotDNS authoritative servers in multiple PoPs, each advertising the same anycast prefix via BIRD2 BGP. DNS queries resolve at the nearest location automatically.

What Is AS112

AS112 is a globally distributed anycast service that answers DNS queries for private address space (RFC 1918) that should never leave a network. The reference playbook uses AS112 zone data as an example — substitute your own zones for other use cases.

Prerequisites

BGP-enabled account, ASN, prefix to announce. Same requirements as Anycast Global Deployment.

Playbook Repository

git clone https://github.com/netactuate/netactuate-ansible-anycast-dns
cd netactuate-ansible-anycast-dns

Deployment

Edit group_vars/all with your API key, BGP group, and prefix.

ansible-playbook createnode.yaml
ansible-playbook bgp.yaml
ansible-playbook knotinstall.yaml

Ubuntu 24.04 Note

The playbook stops systemd-resolved before installing KnotDNS. systemd-resolved holds port 53 by default on Ubuntu 24.04 and must be disabled before any DNS server can bind.

Substituting Your Own Zones

To use your own zone data instead of AS112, replace the zone files in the roles/knot/files/ directory with your own zone data and update the zone list in roles/knot/templates/knot.conf.j2.

Validation

dig @YOUR_ANYCAST_IP version.bind chaos txt

Expected response: KnotDNS version string.

On any node:

knotc status
knotc zone-status

Need Help?

If you need assistance, visit our support page.

What You Will Have​

What Is AS112​

Prerequisites​

Playbook Repository​

Deployment​

Ubuntu 24.04 Note​

Substituting Your Own Zones​

Validation​

Need Help?​