HOWTO: Set Up PowerDNS with Split-Horizon Resolution

Purpose: Deploy PowerDNS with split-horizon zones for HybridOps services, with API integration for DR cutover automation.

Difficulty: Intermediate

Track: Networking Foundations

---

Overview

Use this guide when the platform needs one service name with different answers for internal and external callers. The objective is a DNS layer that keeps HybridOps names stable while allowing private routing, public access, and recovery cutover to remain distinct.

---

1. PowerDNS Architecture

• Authoritative server with zone-view support.
• Internal and external view definition.
• Recursor configuration for internal clients.

2. Deployment

• PowerDNS package installation and initial configuration.
• Database backend selection (SQLite for lab, PostgreSQL for production).
• Service startup and health check.

3. Zone View Configuration

• Defining the internal zone view: ACL for private subnets.
• Defining the external zone view: ACL for external resolvers.
• Record divergence: same name, different IP per view.

4. Populating Platform Service Records

• Core services: NetBox, Prometheus, Grafana, application endpoints.
• Internal records pointing to VLAN IPs.
• External/DR records pointing to Hetzner or GCP IPs.

5. Validation

• Resolution from internal client (management VLAN).
• Resolution from external client (simulated or real).
• DR record pre-staging and resolution test.

6. API Integration for DR Cutover

• PowerDNS API configuration and token.
• Record update API call pattern.
• Integration with the DNS cutover validation HOWTO.

---

References

• HOWTO: Validate DNS Cutover
• ADR-0101 – VLAN Allocation Strategy

---

License: MIT-0 for code, CC-BY-4.0 for documentation unless otherwise stated.