DEPLOY-2026-02-14 BIND DNS HA Cluster

Executive Summary

Deployment Type: DNS Infrastructure

Problem Statement: FreeIPA DNS was tightly coupled to identity services. Need dedicated, authoritative DNS with zone transfer replication for HA.

Solution: Standalone BIND DNS cluster (bind-01 + bind-02) with zone transfers, serving inside.domusdigitalis.dev zone.

Environment

Production (Home Lab)

Runbooks

BIND DNS Deployment, bind-02 Secondary

Risk Level

Low (parallel deployment, non-destructive)

Deployment Information

Field Value

Deployment Date

2026-02-14 (bind-01), 2026-02-17 (bind-02)

Previous State

FreeIPA DNS (tightly coupled to identity)

Target State

Standalone BIND DNS with HA replication

Deployment Window

2 hours per node

Rollback Plan

Revert VyOS DNS forwarding to FreeIPA

Affected Systems

All DNS resolution (gradual migration)

Infrastructure Deployed

Component Primary Secondary

Hostname

bind-01.inside.domusdigitalis.dev

bind-02.inside.domusdigitalis.dev

IP Address

10.50.1.90

10.50.1.91

Hypervisor

kvm-01

kvm-02

Zone Role

Master (authoritative)

Slave (zone transfer)

Zone

inside.domusdigitalis.dev

Architecture

Table 1. BIND DNS HA Architecture
Component Configuration

Zone Type

Authoritative for internal domain

Replication

IXFR/AXFR zone transfers (notify)

Update Method

nsupdate (dynamic DNS)

Forwarding

External queries → upstream resolvers

Clients

VyOS DNS forwarding, DHCP clients