So I’ve got a Consul cluster running for service discovery on a set of servers, some of which have public IP addresses. On some of these nodes I want to run Traefik (dynamically registered), which are registered on tfk.service.consul which holds a number of A and AAAA records. I want my address tfk.example.com to point at those A-records without revealing the consul address.

How would I do this?

Example:

Some application maps internal A-records to public A-records.

public             | internal               / xxx.xxx.xxx.xxx
tfk.example.com -- | -- tfk.service.consul -- yyy.yyy.yyy.yyy
                   |                        \ zzz.zzz.zzz.zzz
Expected result:

Public DNS resolvers never see the consul query.

public           / xxx.xxx.xxx.xxx
tfk.example.com -- yyy.yyy.yyy.yyy
                 \ zzz.zzz.zzz.zzz

I know I could use consul-template for this purpose by rendering config files to bind or similar, but I was wondering if there was some way to do this via DNS like some kind of bridge application.

  • wildbus8979@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    3 months ago

    What you want is bind views. You can configure bind to resolve different views for different segments allowing you to have the same (sub) domains to different ips