The NS1 Enterprise DDI deployment consists of several different services (i.e., containers) — each playing a unique function within the overall solution. These services can be logically grouped into two categories, control or edge, describing their relationship to typical network topology.
In a typical deployment, one or more instances of the control services are deployed in a single location (the control node or data center) while multiple edge nodes serve DNS and DHCP to local clients. While control services are physically separate from edge services, the architecture allows edge services to operate independently.
Control services include DATA, CORE, and XFR. The DATA service hosts resource records in the system’s main database. The CORE service runs the REST API, application web interface server (i.e., the NS1 DDI portal), and the notification subsystems. The XFR service provides zone transfer services that enable importing/exporting zone data with other DNS systems via AXFR or IXFR.
Edge services include the DNS, DIST, DHCP, and MONITOR services. The DNS service runs NS1's next-generation authoritative DNS server, high-speed caching daemon, and (if applicable) a server for recursive resolution. The DIST (distribution) service keeps a local copy of the main database at the edge of a distributed network. The DHCP service runs NS1's DHCP daemon and DHCP server. The MONITOR service runs NS1’s monitoring probe daemon and makes observations to endpoints for the purpose of DNS traffic steering and notifications.
Additionally, users implementing third-party cloud service integrations, such as AWS Route 53 or Google Cloud Platform, must deploy the cloudsync service to access the NS1 Cloud Sync integration web configuration portal. Note that this is only required for NS1 DDI deployments using these third-party cloud integrations.
|Control services||DATA||Hosts record in the system's main database|
|CORE||Runs the REST API, application web interface server (i.e., the NS1 DDI portal), and the notification subsystems|
|XFR||Provides zone transfer services that enable importing/exporting zone data with other DNS systems via AXFR or IXFR|
|Edge services||DNS||Runs NS1's next-generation authoritative DNS server, high-speed caching daemon, and (if applicable) a server for recursive resolution|
|DIST||(i.e., Distribution service) Keeps a local copy of the main database at the edge of a distributed network|
|DHCP||NS1's DHCP daemon and DHCP server|
|MONITOR||Runs NS1’s monitoring probe daemon and makes observations to endpoints for the purpose of DNS traffic steering and notifications|
|Other services||cloudsync||Runs the configuration platform required for implementing third-party cloud-based integrations like AWS Route 53 and Google Cloud Platform.|
The diagram below exemplifies an NS1 DDI deployment across multiple data centers and hosts — including examples of possible inter-container communication paths. Note that configuration details and infrastructure will vary for each deployment.
Below are general notes to keep in mind when deploying an NS1 DDI solution. Note that specific recommendations are likely to vary depending on your deployment and requirements.
- Deploy all DATA services (containers) within the same data center to minimize replication delay.
- Deploy the CORE services proximate to DATA services reduces latency for writes to the main database.
- Deploy DIST services proximate to the DNS, DHCP, and MONITOR services at the edge node to provide local survivability. If the edge services need to be restarted or redeployed, they can use the local copy of the main database stored in the DIST container to repopulate DHCP configurations, monitoring jobs and feeds, and DNS resource (i.e., zone and record) information.
For examples of how to deploy core and edge services to hosts, refer to the usage information for control-compose.yml and edge-compose.yml found here: https://github.com/ns1/ns1-privatedns/tree/master/docker-compose.