ADR 0011: ExternalDNS + Technitium for Internal DNS Automation

Internal DNS needs to provide LAN/VPN-only resolution for service hostnames while remaining automatable from Kubernetes. The solution must avoid bootstrap dependency loops (DNS needing DNS) and keep public DNS management separate from internal records.

Decision

Adopt Technitium as the internal authoritative DNS service and use ExternalDNS to reconcile annotated Kubernetes resources into Technitium. Keep OpenWRT as the client-facing bootstrap resolver, providing public recursion and conditional forwarding to Technitium with minimal static overrides for recovery.

Consequences

Enables automated, authoritative internal DNS with clear ownership boundaries.
Avoids DNS dependency loops by using IP-based upstreams and keeping clients pointed at OpenWRT.
Increases operational complexity compared to static DNS; requires guardrails for split-horizon risu.tech and tight scoping of ExternalDNS domain filters.

Homelab Project

ADR 0011: ExternalDNS + Technitium for Internal DNS Automation

Status

Context

Decision

Consequences

Keyboard shortcuts

Homelab Project

ADR 0011: ExternalDNS + Technitium for Internal DNS Automation

Status

Context

Decision

Consequences