I’m 60/40 split between video producer and IT lady, and while I can ‘do networking’ enough to set up a couple subnets with basic routing, I’m out of my depth and need help. It’s a SOHO office but I’m doing a lot on the network and I need to set up a private domain to keep it all straight.
Here’s what we got:
One Ubiquity erPOE (and an AP attached to the main internal network).
A handful of business-type hosts who just need internet and printing, a few Macs that do Adobe Premiere things
our server is an R720XD with Debian serving as:
a container host (LXD/LXC)
Samba fileserver
OVPN/Wireguard (that’s just for me, so it’s just always running a couple VPNs)
my workstation has LXD/LXC set up on a bridged network as well
Ideally what I need is just a clean way to organize all these various container, VPN and office subnets into easy to use domains… without a penalty to maintainability.
Can anyone point me toward some good resources for reading up on this? I’ve heard powerDNS is a good platform but I can’t find much in the way of guidance so far…
I’ve never used powerdns, I have used bind and dnsmasq (kitchen sink with DHCP/DNS/TFTP that all the home routers and modems are using these days).
What do you need out of DNS?
If it’s just some static names in a private domain, you could spinup dnsmasq in Alpine Linux with a config file containing a list of A records and CNAMEs and tell your ubiquiti router to forward requests to your dnsmasq container for your zone. Documentation for dnsmasq fits onto a single page here.
I recommend using dnsmasq on the ER-POE if you just need some basic local hostname/fqdn => IP mapping. You can add static entries in addition to the dhcp reservation names. I personally do this (also on ER hardware), and am happy with it.
Pfsense has an unbound package which would be my second recommendation (run it in a vm or something).
FreeIPA’s DNS management is nice, but kind of overkill to deploy an entire DC just for DNS.
I recommend against rolling your own. DNS is complex and is a common attack surface, so I personally like to have it running in a well-maintained appliance.
PowerDNS is sweet, I love it. My DNS server and my email server share a database, and I wrote a tool to manage both through a single web interface for one of my school projects (check out some code here). The PowerDNS documentation is pretty good, I don’t think I needed to resort to random blogs for forum posts for anything.
That doesn’t really help with subnetting at all though. You’ll have to study and understand that separately.