• 0 Posts
  • 3 Comments
Joined 1 year ago
cake
Cake day: October 17th, 2023

help-circle
  • Dual unbound servers running unbound-adblock in recursive mode with DNSSEC on, with a stubzone for my internal domain (*.lan) pointed at the dnsmasq server that handles dhcp and local DNS.

    I wanted dns redundancy so at least “the Internet” would work if I was rebooting something, which the sub zone handles very well.

    Dnsmasq is set to no upstreams, and authoritative for the domain. This gives me ddns for clients as well.

    I did look into kea for DHCP and nsd for local DNS, but kea wasn’t really ready to handle dual stack clients with the ddns updates. It was neat that you can run kea in a proper redundant config. Not sure I’d have been able to get the ddns updates to dual nsd servers working without a hidden primary, leaving me with a single point failure.