homelab/docs/ADR/004-DNS.md

118 lines
3.1 KiB
Markdown
Raw Permalink Normal View History

2023-10-21 13:43:13 +00:00
# DNS
2023-10-15 18:44:12 +00:00
2023-10-21 13:43:13 +00:00
## 001 Recursor out off NAS
2023-10-15 18:44:12 +00:00
2023-10-21 13:43:13 +00:00
### Status
2023-10-15 18:44:12 +00:00
2023-10-21 13:43:13 +00:00
done
### Context
2023-10-15 18:44:12 +00:00
curently main local domain DNS is located on NAS.
goal:
- avoid DNS outtage in case of NAS reboot (my synology have 10 years and is a litle long to reboot) morever during NAS reboot we lost the adblock DNS in the nomad cluster because nomad depend of the NFS share.
- remove the direct redirection to service.consul DNS and the IPTABLE rule use to redirect port 53 on consul on gerard instead new DNS could be forward directly to an active consul node on port 8300
2023-10-21 13:43:13 +00:00
#### DNS software
2023-10-15 18:44:12 +00:00
need DHCP Dynamic update
could redirect domain on other port than port 53
2023-10-21 13:43:13 +00:00
### Decision
2023-10-15 18:44:12 +00:00
we will migrate Main Domain DNS from NAS to gerard (powerDNS)
powerDNS provide two disting binaries one for authority server one other for recursor
goal is to first migrate the recursice part from synology to a physical service
and in second time migrate authority server in nmad cluster
2023-10-21 13:43:13 +00:00
### Consequences
2023-10-15 18:44:12 +00:00
before to move authority server need to remove DB dns dependance (create db consul services)
need to delete the iptable rule on gerard before deploy
2023-10-21 13:43:13 +00:00
## 002 each node request self consul client for consul dns query
### Status
done
### Context
to avoid a cluster failled in case of the DNS recursor default.
I would like that each cluster client request their own consul client
first to resolve consul DNS query
### Decision
Implement sytemd-resolved on all cluster member and add a DNS redirection
### Consequences
need to modify annsible system role for systemd-resolved activation and consul role for configure redirection
2023-10-22 14:10:22 +00:00
## 003 migrate authority DNS from NAS to cluster
### Status
2023-11-14 16:47:18 +00:00
done
2023-10-22 14:10:22 +00:00
### Context
we have curently three authority domain on NAS:
- ducamps.win
- ducamps.eu
- lan.ducamps.eu
we could migrate authority DNS in cluster
ducamps.win and ducamps.eu are only use for application access so no dependence with cluster build
2023-11-04 20:33:51 +00:00
need to study cluster build dependance for lan.ducamps.eu-> in every case in case of build from scratch need to use IP
2023-11-01 18:53:42 +00:00
need keepalive IP and check if no conflict if store on same machine than pihole->ok don't need to listen on 53 only request by recursor
2023-10-22 14:10:22 +00:00
DNS authority will dependant to storage (less problematic than recursor)
### Decision
### Consequences
## 004 migrate recurson in cluster
2023-10-21 13:43:13 +00:00
### Status
2023-11-14 16:47:18 +00:00
done
2023-10-21 13:43:13 +00:00
### Context
now that cluster doesn't depend of recursor because request self consul agent for consul query need
need to study if we can migrate recursor in nomad wihout break dependance
advantage:
- recursor could change client in case of faillure
agains:
- this job need a keepalive IP like pihole
2023-10-22 14:10:22 +00:00
- *loss recursor if lost nomad cluster*
2023-10-21 13:43:13 +00:00
### Decision
2023-11-14 16:47:18 +00:00
put one recursor on cluster over authority server and keep the recursor on gerard for better recundancy
2023-10-21 13:43:13 +00:00
### Consequences
2024-03-17 10:04:56 +00:00
## 005 physical Recursor location
### Status
done
### Context
following NAS migration physical DNS Recursor was install directly on NAS this bring a SPOF when NAS failed Recursor on Nomad cluster are stopped because of volume dependance
### Decision
Put physical Recursor on a cluster node like that to have a DNS issue we need to have NAS and this nomad down on same Time