diff --git a/docs/Concepts/DNS.md b/docs/Concepts/DNS.md index 1269c4a..451c394 100644 --- a/docs/Concepts/DNS.md +++ b/docs/Concepts/DNS.md @@ -3,30 +3,34 @@ ```mermaid flowchart LR subgraph External - recursor - GandiDns[ Gandi ducamps.win] + externalRecursor[recursor] + GandiDns[ hetzner ducamps.win] end subgraph Internal - pihole[pihole]----ducamps.win-->NAS + pihole[pihole]--ducamps.win-->NAS pihole--service.consul-->consul[consul cluster] + pihole--->recursor + recursor--service.consul-->consul DHCP --dynamic update--> NAS - NAS--service.consul-->consul + NAS + recursor--ducamps.win-->NAS + consul--service.consul--->consul + clients--->pihole + clients--->recursor end - NAS --> recursor - pihole --> recursor - + pihole --> externalRecursor + recursor-->External ``` ## Detail -Pihole container in nomad cluster is set as primary DNS as add blocker secondary DNS is locate on NAS +Pihole container in nomad cluster is set as primary DNS as add blocker secondary DNS recursore is locate on gerard -DNS locate on NAS manage domain *ducamps.win* on local network pihole forward each request on *ducamps.win* to this DNS. +DNS locate on NAS manage domain *ducamps.win* on local network each recursor forward each request on *ducamps.win* to this DNS. -Each DNS forward *service.consul* request to the consul cluster. On Pihole a template configure each consul server. - -On diskstation every request as forward to one consul node this point is to improve we because we have a possibility of outtage. du to synology DNSServer limitation we only put a forward on port 53 so we need on the target consul node to redirect port 53 to 8300 by iptables rules. +Each DNS forward *service.consul* request to the consul cluster. +Each consul node have a consul redirection in systemd-resolved to theire own consul client a DHCP service is set to do dynamic update on NAS DNS on lease delivery -external recursor are on cloudflare and FDN +external recursor are set on pihole on cloudflare and FDN in case of recursors faillure