[Pdns-users] Please validate my PowerDNS Infrastucture proposal
jbarron at afsnetworks.com
Sun Oct 18 04:47:33 UTC 2009
Please validate my proposed PDNS based infrastucture:
Customers (and internal support technicians) will login to "PowerDNS on Rails" or "PowerAdmin" Frontend server. This server will host PDNS (not PDNS-Recursor) but will not respond to DNS queries from the Internet. Its only access from behind the firewall will be web-based for domain administration.
4 other servers, geographically distributed, will be used to run PDNS and PDNS-Recursor. I would like them configured in possibly a superslave configuration. Basically what I'm looking for is when the "Master" server described above creates a new domain or updates a domain, it sends notifies to the slaves to update or add the zone. I want the name servers that respond to DNS queries to be slave servers and precursors only to try to mitigate any possible poisoning.
What am I missing, if anything? Any feedback or suggestions, even criticism, is welcome. We are trying to create a geographically diverse, secure, and reliable DNS infrastructure for us and our customers. We are migrating from a dual server setup (West running Bind 9, East running Men&Mice).
More information about the Pdns-users