DNS is one major focus to begin with as it lays the foundation for so many things. That’s a short notice about my thoughts and implementation.
First, domain name space seems quite important to decide:
1. Public TLD: .de Namespace as nearest control point
2. Internal TLD: registered <me>-intra.net domain
Public DNS runs on #PowerDNS as Hidden Primary. Secondary services are provided in a dual-provider setup from #INWX and #Hetzner.
I have decided to use #Poweradmin as my GUI of choice to install on each PowerDNS server to manage it. It is actively maintained and very easy to install when using NGINX + PHP-FPM (don’t waste your time trying lighttpd… ever! all Go-based reverse proxies will hate it’s bad TLS handshake).
Unfortunately using SQL database is still a requirement for this and blocks from using LMDB backend in PowerDNS which would have been nice to have stable internal multi-primary setup :-/
The general strategic decision: NO split brain (meaning the internal domain will not be used publicly, no exception!). But of course this is still a “split horizon”. for dual-homed services, also use two subdomains, very easy and clear to control!
Also: I will only use a single internal domain <me>-intra.net for all sites, no fiddling with subdomains etc!
However: Hosts must still include a side name to help distinguish similar services. I put them in the front, like <site>-pve01, <site>-dns01
Julian 