I'm currently working on a small homelab setup, mainly docker-based, and I've been putting off implementing my own DNS server because I'm concerned about any latency I may be introducing.
I am a developer, and not a sysadmin by trade, so my understandings on this subject are shallow, so please correct me if I'm wrong.
If I setup a DNS server on my homelab server, inside a docker, and point my routers DNS to this DNS all requests on my network would resolve through this DNS, and failing a local resolve (say my-service.my-local-domain) it would forward to whichever DNS forwarder I specify right? (say 8.8.8.8)
But if I'm trying to min-max all DNS resolutions except for my local ones, is there a better way I can do this? Is there a way I can have my router use 8.8.8.8 FIRST and only failing a resolution forward to my local DNS? Or should I in general not worry about a few extra ms of latency using my own DNS?
1 Answer
You would decrease DNS lookup latency significantly (by 2 orders of magnitude after first lookup) by running a local DNS server/cache on your LAN. Here's why:
If you use external DNS like 8.8.8.8 first, every time you look up a record it must traverse the internet. When you run a local DNS it queries its local cache first and only if it does not exist there does it query a public DNS serer.
So the answer is: definitely run a local DNS resolver/cache as the primary resolver for your LAN.
Unbound is a linux DNS resolver/cache that is modern, small, fast, supports DNSSEC and easy to configure. There are Docker containers available or I can put mine on github/dockerhub for you.
1