Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

ADR 0002: Split-Horizon DNS for Unified Naming

Status

Accepted

Context

The project requires a unified naming scheme (*.risu.tech) that functions seamlessly across both public and private services. Key requirements include maintaining strict isolation for private services and providing a frictionless remote access experience that mirrors local network connectivity.

Decision

We will implement a split-horizon DNS architecture:

  • Public DNS Authority: Resolves records exclusively for public-facing endpoints.
  • Private DNS Authority: Resolves records for internal services and serves as the primary authority for LAN and VPN clients.
  • Context-Aware Routing: Ingress controllers will enforce hostname-based routing determined by the traffic’s origin (public vs. private).

Consequences

  • Unified User Experience: Users utilize consistent service names regardless of their physical or network location.
  • Enhanced Security Profile: Internal service names and metadata are not exposed to public DNS.
  • Operational Complexity: Requires the management and synchronization of two distinct sets of DNS records.