hermes/README.md

# dmz-dns-vm

Provisions a VM using libvirt which acts as the DNS server on our DMZ network.

The VMs on our DMZ might like to contact eachother.
For example, one VM wants to clone a repository from the git server.
However, because our home network is NATed, a DNS lookup of these servers will result in our public IP address.
This will in general not work, because the public IP address is only assigned on the WAN port of the router.

One solution is to overwrite DNS requests from the DMZ to the router if they query these VMs.
However, then the router needs to operate on the DMZ vlan, which is not ideal in terms of security.

This solution creates a seperate VM on the DMZ that acts as the DNS server.
Dnsmasq checks whether a request is made for a DMZ server and forwards this to an NSD server.
This NSD server pretends to be authoritative for these requests and returns their DMZ internal IP addresses.
init 2023-03-11 16:10:21 +00:00			`# dmz-dns-vm`

			`Provisions a VM using libvirt which acts as the DNS server on our DMZ network.`

			`The VMs on our DMZ might like to contact eachother.`
			`For example, one VM wants to clone a repository from the git server.`
			`However, because our home network is NATed, a DNS lookup of these servers will result in our public IP address.`
			`This will in general not work, because the public IP address is only assigned on the WAN port of the router.`

			`One solution is to overwrite DNS requests from the DMZ to the router if they query these VMs.`
			`However, then the router needs to operate on the DMZ vlan, which is not ideal in terms of security.`

			`This solution creates a seperate VM on the DMZ that acts as the DNS server.`
			`Dnsmasq checks whether a request is made for a DMZ server and forwards this to an NSD server.`
			`This NSD server pretends to be authoritative for these requests and returns their DMZ internal IP addresses.`