From 91b23e0c0b3649f4cfe59418a2d4bcaf3582d540 Mon Sep 17 00:00:00 2001
From: vincent <vincent@ducamps.win>
Date: Sun, 16 Oct 2022 10:03:28 +0200
Subject: [PATCH] add DNS architecture doc

---
 docs/DNS.md | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 docs/DNS.md

diff --git a/docs/DNS.md b/docs/DNS.md
new file mode 100644
index 0000000..e718d42
--- /dev/null
+++ b/docs/DNS.md
@@ -0,0 +1,29 @@
+# Architecture DNS
+
+```mermaid
+flowchart LR
+  subgraph External
+  recursor
+  GandiDns[ Gandi ducamps.win]
+  end
+  subgraph Internal
+  pihole[pihole]--ducamps.win-->NAS
+  pihole--service.consul-->consul[consul cluster]
+  NAS--service.consul-->consul
+  end
+  NAS --> recursor
+  pihole --> recursor
+
+```
+
+## Detail
+
+Pihole container in nomad cluster is set as primary DNS as add blocker secondary DNS is locate on NAS
+
+DNS locate on NAS manage domain *ducamps.win* on local network pihole forward each request on *ducamps.win* to this DNS.
+
+Each DNS forward *service.consul* request to the consul cluster. On Pihole a template configure each consul server. 
+
+On diskstation every request as forward to one consul node this point is to improve we because we have a possibility of outtage. du to synology DNSServer limitation we only put a forward on port 53 so we need on the target consul node to redirect port 53 to 8300 by iptables rules.
+
+external recursor are on cloudflare and FDN