I apologize for the off and on interruptions in name server services today. I have been working away at figuring out why DoH has not be working right and why portions of dns2.marbledfennec.net have not been working right.
Turns out that some of my tooling/scripts which I use to make configuring things easier also allow me to forget to go back and edit those config files once they are in place. For dns2, this meant that the config called for IP addresses that were not present on that system, meaning the name server couldn’t bind port 443, 5353 or 9001. Due to me working on the servers in tandem usually, I did not catch the error for about a week of trying to figure out what was going on. It finally stuck out to me when I did a netstat and saw missing entries. This has been fixed and dns2 should be full service now.
The other issue that was at hand was that our DoH, or DNS over HTTPS, setup was not done correctly and the certs were invalid for these servers. The certs have been updated and also include support for “multi.dns.marbledfennec.net” for allowing clients to hop between servers to spread the load a little bit. DoH appears to be working properly now.
We won’t be doing away with the dns or dns2 names because they are used for telling which server is which, but we do prefer that our end users start using “multi.dns.marbledfennec.net” in their networks to help make use of both of our name servers.