docs: complete DNS ADR

This commit is contained in:
vincent 2023-10-21 15:43:13 +02:00
parent 42cce82722
commit d5ad4a239c

View File

@ -1,10 +1,12 @@
# 004 DNS # DNS
## Status ## 001 Recursor out off NAS
In progress ### Status
## Context done
### Context
curently main local domain DNS is located on NAS. curently main local domain DNS is located on NAS.
@ -13,19 +15,62 @@ goal:
- avoid DNS outtage in case of NAS reboot (my synology have 10 years and is a litle long to reboot) morever during NAS reboot we lost the adblock DNS in the nomad cluster because nomad depend of the NFS share. - avoid DNS outtage in case of NAS reboot (my synology have 10 years and is a litle long to reboot) morever during NAS reboot we lost the adblock DNS in the nomad cluster because nomad depend of the NFS share.
- remove the direct redirection to service.consul DNS and the IPTABLE rule use to redirect port 53 on consul on gerard instead new DNS could be forward directly to an active consul node on port 8300 - remove the direct redirection to service.consul DNS and the IPTABLE rule use to redirect port 53 on consul on gerard instead new DNS could be forward directly to an active consul node on port 8300
### DNS software #### DNS software
need DHCP Dynamic update need DHCP Dynamic update
could redirect domain on other port than port 53 could redirect domain on other port than port 53
## Decision ### Decision
we will migrate Main Domain DNS from NAS to gerard (powerDNS) we will migrate Main Domain DNS from NAS to gerard (powerDNS)
powerDNS provide two disting binaries one for authority server one other for recursor powerDNS provide two disting binaries one for authority server one other for recursor
goal is to first migrate the recursice part from synology to a physical service goal is to first migrate the recursice part from synology to a physical service
and in second time migrate authority server in nmad cluster and in second time migrate authority server in nmad cluster
## Consequences ### Consequences
before to move authority server need to remove DB dns dependance (create db consul services) before to move authority server need to remove DB dns dependance (create db consul services)
need to delete the iptable rule on gerard before deploy need to delete the iptable rule on gerard before deploy
## 002 each node request self consul client for consul dns query
### Status
done
### Context
to avoid a cluster failled in case of the DNS recursor default.
I would like that each cluster client request their own consul client
first to resolve consul DNS query
### Decision
Implement sytemd-resolved on all cluster member and add a DNS redirection
### Consequences
need to modify annsible system role for systemd-resolved activation and consul role for configure redirection
## 003 migrate recurson in cluster
### Status
Study
### Context
now that cluster doesn't depend of recursor because request self consul agent for consul query need
need to study if we can migrate recursor in nomad wihout break dependance
advantage:
- recursor could change client in case of faillure
agains:
- this job need a keepalive IP like pihole
- loss recursor if lost nomad cluster
### Decision
### Consequences