Docker and CoreDNS deployed for resiliency.

I’ve been wanting to migrate DNS servers I have in a DMZ from Windows Core to another DNS service for some time. With the Windows Core servers, zones were being transfered to the core servers to serve records to DMZ servers. I didn’t like this approach because it was transferring the whole zone and could allow a malicious actor to enumerate the whole domain. Our DNS doesn’t change that often, so the ‘manually’ updating of a file didn’t seem to big of a deal, but it is another set of records that must be kept, but in that it does provide flexibility without the dependence of Active Directory. Hopefully with good team notifications and documentation we can ensure that mismatch and errors will be an issue. I had a few goals with this project. ...

May 20, 2021 · 9 min · Chris