DNS
Responsibilities
Section titled “Responsibilities”- Provide reliable name resolution for internal zones and selected split-horizon public domains.
- Define the reachability model for services (what resolves where) without coupling readers to IPs.
Not in scope (where the facts live)
Section titled “Not in scope (where the facts live)”- Authoritative domain/zone definitions: see Domains.
- Server details (where DNS runs, how to log in): see
dns.core.lef. - Procedures (changes, troubleshooting): see DNS operations.
Related models
Section titled “Related models”- Reverse proxy routing model: Reverse proxy
DNS behavior (internal vs public)
Section titled “DNS behavior (internal vs public)”This page is a quick reference for DNS scope and behavior:
- Internal DNS zones: only resolvable inside LAN/VPN via
dns.core.lef(Technitium). - Public domains: resolvable on the public internet (authoritative provider depends on the domain).
- Split-horizon: selected public domains resolve to internal IPs for LAN/VPN clients (see DNS split horizon).
Canonical domain definitions (including which public domains have split-horizon documented) live under Domains. This page focuses on the conceptual model.
Split-horizon (concept)
Section titled “Split-horizon (concept)”Split-horizon DNS ensures internal users (LAN & VPN) resolve selected public hostnames to internal IPs, while external users keep resolving them normally. This avoids hairpin NAT and keeps internal access deterministic.
Scope (where it applies)
Section titled “Scope (where it applies)”- Split-horizon is applied per public root domain (and then per hostname inside the zone).
- Internal DNS zones (e.g.
*.core.lef,*.db.lef) are only resolvable inside LAN/VPN.