feat: Add DNS redundancy - Annecy as secondary DNS

- dnsmasq on Annecy (Synology) as DNS slave - network_mode: host + bind-interfaces for Synology OVS - Document architecture in network.md - Config files in configs/annecy-dns/
2026-01-02 01:20:48 +01:00
parent 627a4c9d4e
commit 322c0bd668
1 changed files with 16 additions and 32 deletions
--- a/docs/infra/network.md
+++ b/docs/infra/network.md
@@ -117,41 +117,25 @@ curl -s ifconfig.me

 ### Architecture

-```
-┌─────────────────────┐     ┌─────────────────────┐
-│     Talloires       │     │      Annecy         │
-│  dnsmasq (primaire) │     │  dnsmasq (slave)    │
-│  100.116.198.105:53 │◄────│  10.171.171.50:53   │
-└─────────────────────┘     └─────────────────────┘
-         │                           │
-         └───────────┬───────────────┘
-                     ▼
-              Upstream DNS
-           (1.1.1.1, 8.8.8.8)
-```
+| Serveur | IP | Rôle | Upstream |
+|---------|-----|------|----------|
+| Talloires | 100.116.198.105 | Primaire | AdGuard DoH |
+| Annecy | 10.171.171.50 | Secondaire | Talloires → 1.1.1.1 |

-### Talloires (Primaire)
- **IP**: 100.116.198.105 (Tailscale)
- **Config**: `/etc/dnsmasq.d/tailscale.conf`
- **Upstream**: AdGuard DoH via cloudflared (127.0.0.1:5053)
+### Configuration

-### Annecy (Secondaire)
- **IP**: 10.171.171.50 (LAN)
- **Config**: `/volume1/docker/dnsmasq/dnsmasq.conf`
- **Container**: `andyshinn/dnsmasq` (Docker, network_mode: host)
- **Upstream**: Talloires, puis 1.1.1.1 / 8.8.8.8
+**Talloires** (`/etc/dnsmasq.d/tailscale.conf`):
+- Écoute: 127.0.0.1, 100.116.198.105
+- Forward: cloudflared (AdGuard DoH)
+
+**Annecy** (`/volume1/docker/dnsmasq/`):
+- Container: `andyshinn/dnsmasq` 
+- Mode: `network_mode: host` + `bind-interfaces`
+- Écoute: 10.171.171.50, 10.171.171.51
+- Forward: Talloires → 1.1.1.1 → 8.8.8.8

 ### Test
 ```bash
-# Depuis le LAN
-dig @10.171.171.50 talloires.local +short
-dig @10.171.171.50 go +short
-
-# Depuis Tailscale
-dig @100.116.198.105 talloires.local +short
+dig @10.171.171.50 talloires.local +short  # Annecy
+dig @100.116.198.105 go +short              # Talloires
 ```
-
-### Configuration client
-Pour utiliser les deux DNS en failover, configurer :
- DNS primaire: 10.171.171.50 (Annecy - LAN)
- DNS secondaire: 10.171.171.7 (Talloires - si LAN listen activé)