<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div><div><div><div style="font-family: 'arial', 'helvetica', sans-serif; font-size: 12pt; color: #000000;" data-mce-style="font-family: 'arial', 'helvetica', sans-serif; font-size: 12pt; color: #000000;"><div>Hi,<br></div><div><br></div><div>we're a small local provider and we're trying to renew our DNS infrastructure. I humbly ask you to take a look at it and tell me what you think of it.<br></div><div><br></div><div>Every black box is a VM. There are supposed to be three authoritative PowerDNS that use postgresql in the back, while there is a logical replication originating from siteA. SiteA and SiteB are within our own IP adress range, while site C ist a very different site outside of our AS.<br></div><div>Every dnsdist instance is getting its own dedicated IP. There are dnsdist for recursive requests and dnsdists for authoritative queries.<br></div><div>Recursive dnsdist balances over three pdns recursors.<br></div><div>What's not in the graphic is an autoritative powerdns with no Domain configured. We plan to redirect requests from IPs that are not authorized querying some of our internal zones that we try to protect and also abusive requests for example when a customer is under DDoS.<br></div><div><br></div><div>We also plan to offer our customers a slave mode so customers can send us our NOTIFY queries (black arrow).</div><div>The green arrow represents Dynamic DNS update requests if a customer wants the possibility to update his records via rfc2136.<br></div><div><br></div><div>Thank you very much in advance<br></div><div>Jochen Demmer<br></div><div>RelAix Networks GmbH</div></div></div></div></div></div></body></html>