39 lines
2.4 KiB
Markdown
39 lines
2.4 KiB
Markdown
|
---
|
|||
|
|
title: "Revisited: Authoritative DNS servers using PowerDNS"
|
|||
|
|
date: 2023-10-15T20:28:55+02:00
|
|||
|
|
draft: false
|
|||
|
|
author: "Bluemedia (Oliver)"
|
|||
|
|
tags:
|
|||
|
|
- Cloud
|
|||
|
|
- Docker
|
|||
|
|
- Hosting
|
|||
|
|
- DNS
|
|||
|
|
- PowerDNS
|
|||
|
|
image: "/images/general/server-rack.jpg"
|
|||
|
|
summary: "My DNS setup has changed quite a bit since I wrote about it two years ago. Time to take a look at how it evolved!"
|
|||
|
|
socialShare: false
|
|||
|
|
toc:
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Intro
|
|||
|
|
|
|||
|
|
About two years ago, I wrote an article about how I host my own authoritative DNS servers using PowerDNS. They are still running, but the setup has evolved quite a bit since then. So I think it’s time for a short update!
|
|||
|
|
|
|||
|
|
## From multi to single TLD
|
|||
|
|
|
|||
|
|
Originally, both servers resided in different TLDs (.dev and .re). Since the renewal price for the .re domain increased, I decided to ditch the multi-TLD setup and move both servers to the same TLD. After all, the chances that all DNS servers for the whole .dev TLD become unavailable are quite low.
|
|||
|
|
|
|||
|
|
I also used this opportunity to rename both servers to match my new naming concept. They now live on as ns1.dns.infra.bluemedia.dev and ns2.dns.infra.bluemedia.dev.
|
|||
|
|
|
|||
|
|
## More containers!
|
|||
|
|
|
|||
|
|
In the original design, PowerDNS as well as the database were installed directly on the host operating system. Additionally, the first server also hosted a dockerized management environment. This design proved to be quite clunky and hard to maintain. Because of this, I decided to move everything inside containers and also get rid of the second PowerDNS instance on the management host.
|
|||
|
|
|
|||
|
|
## Full high availability
|
|||
|
|
|
|||
|
|
Back when I started with the project, only the first server hosted the management environment. The second server was configured solely as a read-only replica. Since I wanted to take a closer look at MariaDB Galera anyways, I decided to move to full high availibility.
|
|||
|
|
|
|||
|
|
In the current setup, both servers form a multi-primary MariaDB Galera cluster. To maintain quorum, I additionally added Galera Arbitrator (garbd) running on a third server. This setup now allows me to run the management environment on both servers and perform load balancing between them. The load balancing uses DNS round-robin, enhanced with PowerDNS Lua records, so that the DNS records of an unavailable server get automatically dropped from the zone.
|
|||
|
|
|
|||
|
|
The new design looks like this:
|
|||
|
|
|