Takeaways, Critiques and Questions about NetYeti’s Split DNS Description to update his journal:
Takeaways:
Reason for Split DNS
- Segment LAN from public
- Want one external IP, but multiple services under individual domain addresses
Public DNS Steps:
- DNS Query with Public DNS
- HTTPS Query on 443 port
- HTTPS Response from Docker Overlay Network on Private LAN on a return port
Private DNS Steps:
- DHCP assigns internal DNS1
- DNS Query with Private DNS
- HTTPS Query to Docker Overlay Network
- CNAME is translated to three individual addresses which are the Docker nodes in the swarm
- Overlay Network routes traffic on port 80 and 443 to a Proxy Container/Service on node 2, but the Proxy can be on any node in the swarm
- Proxy holds a hash table of FQDN2 names with addresses with ports and SSL certifications available. More info: 2025-08-16
- Service names are only visible within the LAN and special ports are not available publicly
- HTTPS Response from Private LAN
Docker Overlay Network Pros
- Acts like a VLAN and firewall
- Can route and load balance
Critiques
When referencing an image, there can be an indicator (e.g. a number “Figure 1 shows…” or a direct reference “Left side of the image shows…”, or a footnote3)
Reword some paragraphs explaining how the DNS works internally. When talking about “it”, be more clarifying with what the subject is (sometimes mentioning the subject by name many times).
Questions
- What does return port mean on the image?
- Can you clarify
DHCP will handout the internal DNS automatically and all statically assigned systems will have it as well, they will all request the address internally and get a CNAME record that further translates to three individual addresses.- Where does the DHCP live?
- What is the specific address (or example) that ALL statically assigned systems request?