So I’ve got a Consul cluster running for service discovery on a set of servers, some of which have public IP addresses. On some of these nodes I want to run Traefik (dynamically registered), which are registered on tfk.service.consul which holds a number of A and AAAA records. I want my address tfk.example.com to point at those A-records without revealing the consul address.

How would I do this?

Example:

Some application maps internal A-records to public A-records.

public             | internal               / xxx.xxx.xxx.xxx
tfk.example.com -- | -- tfk.service.consul -- yyy.yyy.yyy.yyy
                   |                        \ zzz.zzz.zzz.zzz
Expected result:

Public DNS resolvers never see the consul query.

public           / xxx.xxx.xxx.xxx
tfk.example.com -- yyy.yyy.yyy.yyy
                 \ zzz.zzz.zzz.zzz

I know I could use consul-template for this purpose by rendering config files to bind or similar, but I was wondering if there was some way to do this via DNS like some kind of bridge application.

  • IsoKieroEnglish
    3·
    1 month ago

    Apparently you can kind-of rewrite queries on the fly with PowerDNS scripting and answer accordingly. So maybe that’s what you’re looking for.