[dnsdist] what do you think of our dns concept?

Jochen Demmer jdemmer at relaix.net
Fri Mar 12 10:29:39 UTC 2021


we're a small local provider and we're trying to renew our DNS infrastructure. I humbly ask you to take a look at it and tell me what you think of it. 

Every black box is a VM. There are supposed to be three authoritative PowerDNS that use postgresql in the back, while there is a logical replication originating from siteA. SiteA and SiteB are within our own IP adress range, while site C ist a very different site outside of our AS. 
Every dnsdist instance is getting its own dedicated IP. There are dnsdist for recursive requests and dnsdists for authoritative queries. 
Recursive dnsdist balances over three pdns recursors. 
What's not in the graphic is an autoritative powerdns with no Domain configured. We plan to redirect requests from IPs that are not authorized querying some of our internal zones that we try to protect and also abusive requests for example when a customer is under DDoS. 

We also plan to offer our customers a slave mode so customers can send us our NOTIFY queries (black arrow). 
The green arrow represents Dynamic DNS update requests if a customer wants the possibility to update his records via rfc2136. 

Thank you very much in advance 
Jochen Demmer 
RelAix Networks GmbH 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20210312/ce8b8b75/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dns concept dnsdist powerdns postgresql.pdf
Type: application/pdf
Size: 20675 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20210312/ce8b8b75/attachment-0001.pdf>

More information about the dnsdist mailing list