add DNS architecture doc
This commit is contained in:
parent
a87120ac1f
commit
91b23e0c0b
29
docs/DNS.md
Normal file
29
docs/DNS.md
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
# Architecture DNS
|
||||||
|
|
||||||
|
```mermaid
|
||||||
|
flowchart LR
|
||||||
|
subgraph External
|
||||||
|
recursor
|
||||||
|
GandiDns[ Gandi ducamps.win]
|
||||||
|
end
|
||||||
|
subgraph Internal
|
||||||
|
pihole[pihole]--ducamps.win-->NAS
|
||||||
|
pihole--service.consul-->consul[consul cluster]
|
||||||
|
NAS--service.consul-->consul
|
||||||
|
end
|
||||||
|
NAS --> recursor
|
||||||
|
pihole --> recursor
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
## Detail
|
||||||
|
|
||||||
|
Pihole container in nomad cluster is set as primary DNS as add blocker secondary DNS is locate on NAS
|
||||||
|
|
||||||
|
DNS locate on NAS manage domain *ducamps.win* on local network pihole forward each request on *ducamps.win* to this DNS.
|
||||||
|
|
||||||
|
Each DNS forward *service.consul* request to the consul cluster. On Pihole a template configure each consul server.
|
||||||
|
|
||||||
|
On diskstation every request as forward to one consul node this point is to improve we because we have a possibility of outtage. du to synology DNSServer limitation we only put a forward on port 53 so we need on the target consul node to redirect port 53 to 8300 by iptables rules.
|
||||||
|
|
||||||
|
external recursor are on cloudflare and FDN
|
Loading…
Reference in New Issue
Block a user