“Now if you’ll only attend, Kitty, and not talk so much, I’ll tell you all my ideas about Looking-glass House.”
You’ve now seen bits and pieces of the Movie U. DNS infrastructure: our first primary and slave nameservers in Chapter 4, more slaves in Chapter 8, a delegated subdomain and its associated authoritative nameservers in Chapter 9. In Chapter 11, we introduced external nameservers and forwarders, split namespaces, views, and more. It may be difficult to get a sense of how all these components work together because we introduced them over so many pages. In this chapter, we’ll put all of these components together into an overall design for a DNS infrastructure—what we call DNS architecture.
DNS architecture focuses on high-level aspects of your nameservers’ configuration rather than the contents of your zones. Which nameserver is primary and which is slave for which zones? How are Internet domain names resolved? Who forwards to whom? Which nameserver-based ACLs and firewall rules protect which nameservers?
It’s critical that you document your DNS architecture, just as you would your network topology. That documentation can help you identify single points of failure, performance bottlenecks, and security exposures. When name resolution goes awry, it’ll be much easier to track down the problem with a thorough understanding of your DNS architecture rather than trying to piece it together from named.conf files and dig output.
However, digesting a complete ...