Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver to Consul service discovery

    Scheduled Pinned Locked Moved
    DHCP and DNS
    1
    1
    40
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mtk
      last edited by

      Hey,

      What we have:

      • pfSense provide DNS to clients via DNS Resolver
      • Consul cluster in the same network, were services get registered to - 3 servers, answering (for DNS queries) on a designated port.
      • Traefik, as an ingress controller, for the (non-real) domain home.lab - single server, known IP address

      How it works

      Consul/Traefik, are configured to "expose" the services to the network with a domain with the format of: <service-name>.home.lab (always a subdomain of home.lab).
      For inter-service communication, we have dnsmasq on the servers/hosts, forwarding the requests to the consul agent (installed on the same host), which in turns "ask" the consul servers for the service address.
      This results in services to inter-communicating with each other by using : (i,e) postgres.home.lab or website.home.lab

      What we want

      We would like to be able to communicate with some of the services registered by consul and exposed by traefik in a similar matter but from outside of the "consul cluster", though still in the same network.
      i,e from a personal computer, be able to browse to website.home.lab.

      Bonus

      it'd be great if we could remove the domain (home.lab) and be able to contact services by their nameL i,e unifi (yes, we know, option 43 exists, this is an example).

      What we've tried

      • domain overrides, for the specific services
        it kinda works, but new services come and go dynamically
      • Wildcard DNS
        this seems to work fine for the first attempt to connect to services, but not if the client disconnects from the network and reconnects (sometimes not even after a second attempt, without disconnecting from the network).
        Also, every subdomain responds, even if it doesn't exists: i,e nonexist.home.lab

      HELP ;)

      • Is this even possible to set up?
        can we forward DNS queries to consul, before going to upstream to (the external DNS) so we can leverage the power of service discovery?
      • If so, we'd appreciate the help setting it up... 🤘

      Thank you!
      M.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post