Hey everyone! I'm in the process of rebuilding a Kubernetes infrastructure for a customer and I need some advice on the best authoritative DNS server to use since everything will be on-prem. Here are the requirements I have in mind:
* High Availability (preferably multi-node, and multi-master would be great)
* Should be manageable with Infrastructure as Code tools like Ansible or Terraform
* Must have API support for external-dns
* (Optional) A Web UI for easy management and debugging would be a nice bonus.
So far, I've experimented with a few options:
* **PowerDNS + Galera**
* This offers multi-master HA and works well with PowerDNS Admin, but I've found the schema migrations to be quite painful to manage manually. Managing Galera via Ansible or Terraform can also be tricky.
* **PowerDNS + Lightning Stream**
* This provides multi-master functionality, but it requires S3 storage. My S3 runs on Minio within a Kubernetes cluster, causing some complications as I need DNS integration via external-dns, which is not ideal. I could possibly use static IPs to mitigate this, but I'm unsure if that's the best route.
* **CoreDNS + etcd**
* It's a straightforward and lightweight option, but managing etcd with Ansible is cumbersome, and querying records without tools can be inconvenient, though I may build something to address this.
I'd love to hear your suggestions for a solid, manageable solution!
4 Answers
Definitely lean towards CoreDNS if you want GitOps-friendly management! The Go-based structure fits perfectly into Kubernetes, making it easy to write custom plugins or contribute to existing ones.
You can't go wrong with CoreDNS. It’s super easy to configure, very powerful, and perfect for a Kubernetes-native environment. Plus, the plugin system is just great! If you're aware of the etcd requirements, I think it's really worth considering for your setup.
If you're looking for something simple, BIND9 is still a solid choice. But for the bells and whistles, PowerDNS with a proper setup can be fantastic too. If you go that route, I’d suggest setting up an internal Anycast DNS provider for resilience, as it worked well for me in a previous job.
Good point! BIND9 is reliable, but I do find that PowerDNS has more features for complex setups.
I've had good experiences with using PowerDNS in a hidden master configuration alongside an external Anycast provider. It balances simplicity on your side with high resilience. You just have to manage the hidden master carefully.
Yeah, CoreDNS is awesome! Just be cautious with etcd management, as it can be a bit of a hassle. But overall, it’s a strong contender.