website/content/blog/revisited-authoritative-dns-using-powerdns.md

40 lines
2.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: "Revisited: Authoritative DNS servers using PowerDNS"
date: 2023-10-15T20:28:55+02:00
draft: false
author: "Bluemedia (Oliver)"
tags:
- Cloud
- Docker
- Hosting
- DNS
- PowerDNS
image: "/images/general/server-rack.jpg"
description: ""
summary: "My DNS setup has changed quite a bit since I wrote about it two years ago. Time to take a look at how it evolved!"
socialShare: false
toc:
---
## Intro
About two years ago, I wrote an article about how I host my own authoritative DNS servers using PowerDNS. They are still running, but the setup has evolved quite a bit since then. So I think its time for a short update!
## From multi to single TLD
Originally, both servers resided in different TLDs (.dev and .re). Since the renewal price for the .re domain increased, I decided to ditch the multi-TLD setup and move both servers to the same TLD. After all, the chances that all DNS servers for the whole .dev TLD become unavailable are quite low.
I also used this opportunity to rename both servers to match my new naming concept. They now live on as ns1.dns.infra.bluemedia.dev and ns2.dns.infra.bluemedia.dev.
## More containers!
In the original design, PowerDNS as well as the database were installed directly on the host operating system. Additionally, the first server also hosted a dockerized management environment. This design proved to be quite clunky and hard to maintain. Because of this, I decided to move everything inside containers and also get rid of the second PowerDNS instance on the management host.
## Full high availability
Back when I started with the project, only the first server hosted the management environment. The second server was configured solely as a read-only replica. Since I wanted to take a closer look at MariaDB Galera anyways, I decided to move to full high availibility.
In the current setup, both servers form a multi-primary MariaDB Galera cluster. To maintain quorum, I additionally added Galera Arbitrator (garbd) running on a third server. This setup now allows me to run the management environment on both servers and perform load balancing between them. The load balancing uses DNS round-robin, enhanced with PowerDNS Lua records, so that the DNS records of an unavailable server get automatically dropped from the zone.
The new design looks like this:
![](/images/posts/revisited-authoritative-dns-using-powerdns/new-pdns-architecture.jpg)