--- title: "Revisited: Authoritative DNS servers using PowerDNS" date: 2023-10-15T20:28:55+02:00 draft: false author: "Bluemedia (Oliver)" tags: - Cloud - Docker - Hosting - DNS - PowerDNS image: "/images/general/server-rack.jpg" summary: "My DNS setup has changed quite a bit since I wrote about it two years ago. Time to take a look at how it evolved!" socialShare: false toc: --- ## Intro About two years ago, I wrote an article about how I host my own authoritative DNS servers using PowerDNS. They are still running, but the setup has evolved quite a bit since then. So I think it’s time for a short update! ## From multi to single TLD Originally, both servers resided in different TLDs (.dev and .re). Since the renewal price for the .re domain increased, I decided to ditch the multi-TLD setup and move both servers to the same TLD. After all, the chances that all DNS servers for the whole .dev TLD become unavailable are quite low. I also used this opportunity to rename both servers to match my new naming concept. They now live on as ns1.dns.infra.bluemedia.dev and ns2.dns.infra.bluemedia.dev. ## More containers! In the original design, PowerDNS as well as the database were installed directly on the host operating system. Additionally, the first server also hosted a dockerized management environment. This design proved to be quite clunky and hard to maintain. Because of this, I decided to move everything inside containers and also get rid of the second PowerDNS instance on the management host. ## Full high availability Back when I started with the project, only the first server hosted the management environment. The second server was configured solely as a read-only replica. Since I wanted to take a closer look at MariaDB Galera anyways, I decided to move to full high availibility. In the current setup, both servers form a multi-primary MariaDB Galera cluster. To maintain quorum, I additionally added Galera Arbitrator (garbd) running on a third server. This setup now allows me to run the management environment on both servers and perform load balancing between them. The load balancing uses DNS round-robin, enhanced with PowerDNS Lua records, so that the DNS records of an unavailable server get automatically dropped from the zone. The new design looks like this: ![](/images/posts/revisited-authoritative-dns-using-powerdns/new-pdns-architecture.jpg)