dlx-ansible/docs/LOCAL-DNS-CONFIGURATION.md

Local DNS Configuration for DirectLX Services

Problem

DirectLX services (incident.directlx.dev, hiveops.directlx.dev, etc.) resolve to public IP 45.16.76.42, which has unreliable connectivity:

• Connection timeouts (2+ minutes)
• Only ~33% success rate
• Intermittent failures

Solution

Configure local DNS resolution to use the internal NPM server (192.168.200.71) instead of going through the public IP.

Benefits

• ✅ Fast local network access (2-4ms vs 2+ minute timeouts)
• ✅ 100% reliability on local network
• ✅ No dependency on public IP routing
• ✅ Seamless HTTPS with valid certificates

Playbooks

1. configure-local-dns-localhost.yml

Configure DNS on your local workstation right now.

Usage:

cd /source/dlx-src/dlx-ansible
ansible-playbook playbooks/configure-local-dns-localhost.yml --ask-become-pass

What it does:

• Adds directlx.dev entries to /etc/hosts
• Points all domains to 192.168.200.71 (NPM server)
• Tests connectivity automatically
• Shows before/after results

Duration: ~5 seconds

---

2. configure-local-dns.yml

Deploy local DNS configuration across all infrastructure hosts.

Usage:

cd /source/dlx-src/dlx-ansible

# Apply to all hosts except NPM server
ansible-playbook -i inventory/hosts.yml playbooks/configure-local-dns.yml

# Apply to specific group
ansible-playbook -i inventory/hosts.yml playbooks/configure-local-dns.yml --limit application

# Apply to specific host
ansible-playbook -i inventory/hosts.yml playbooks/configure-local-dns.yml --limit hiveops

What it does:

• Configures all hosts to use local NPM server
• Creates backup of /etc/hosts before changes
• Uses blockinfile for idempotent updates
• Verifies DNS resolution after configuration
• Tests HTTPS connectivity (optional)

Target hosts: All hosts except NPM server itself

Duration: ~10-20 seconds per host

---

Manual Configuration

If you prefer to configure manually:

sudo tee -a /etc/hosts <<'EOF'
# DirectLX Local DNS Entries
192.168.200.71   incident.directlx.dev
192.168.200.71   hiveops.directlx.dev
192.168.200.71   mgmt.directlx.dev
192.168.200.71   release.directlx.dev
192.168.200.71   gitea.directlx.dev
192.168.200.71   smartjournal.directlx.dev
192.168.200.71   directlx.dev
192.168.200.71   www.directlx.dev
192.168.200.71   registry.directlx.dev
EOF

Verification

Test DNS Resolution

getent hosts incident.directlx.dev
# Expected: 192.168.200.71  incident.directlx.dev

Test HTTPS Connectivity

curl -I https://incident.directlx.dev
# Expected: HTTP/1.1 200 OK (within 1 second)

Test All Domains

for domain in incident.directlx.dev hiveops.directlx.dev mgmt.directlx.dev; do
  echo "Testing $domain..."
  time curl -I --max-time 5 https://$domain | head -1
done

Rollback

If you need to remove the configuration:

# Restore from backup
sudo cp /etc/hosts.backup-<timestamp> /etc/hosts

# Or remove the Ansible-managed block
sudo sed -i '/# DirectLX Local DNS/,/# END DirectLX Local DNS/d' /etc/hosts

Production Considerations

Option 1: /etc/hosts (Current Solution)

• ✅ Simple and immediate
• ✅ No additional dependencies
• ❌ Must be applied to each host
• ❌ Manual management required

Option 2: Pi-hole Split-Horizon DNS (Recommended Long-term)

Configure Pi-hole at 192.168.200.100 with local DNS records:

Benefits:

• ✅ Centralized management
• ✅ Automatic for all network clients
• ✅ No per-host configuration
• ✅ Easy to update

Implementation:

1. Log in to Pi-hole admin (http://192.168.200.100/admin)
2. Navigate to Local DNS → DNS Records
3. Add A records for each domain:
   • Domain: incident.directlx.dev → IP: 192.168.200.71
   • Domain: hiveops.directlx.dev → IP: 192.168.200.71
   • Domain: mgmt.directlx.dev → IP: 192.168.200.71
   • Domain: registry.directlx.dev → IP: 192.168.200.71
   • etc.

Option 3: Internal DNS Server (Enterprise)

Set up authoritative DNS for directlx.dev zone with split-horizon configuration.

How It Works

Before

Client → DNS Query → 45.16.76.42 (public IP)
Client → HTTPS Request → 45.16.76.42 → [timeout/unreliable]

After

Client → /etc/hosts → 192.168.200.71 (local NPM)
Client → HTTPS Request → 192.168.200.71 (NPM) → 192.168.200.112 (backend)

Network Architecture

┌─────────────────┐
│  Your Workstation│
│  10.10.10.119   │
└────────┬────────┘
         │
         │ Local Network Route
         │
    ┌────▼─────────────────┐
    │  NPM (Nginx Proxy)   │
    │  192.168.200.71      │
    │  Port 443 (HTTPS)    │
    └────┬─────────────────┘
         │
         │ Proxy Pass
         │
    ┌────▼──────────────────┐
    │  HiveOps Backend      │
    │  192.168.200.112:8080 │
    └───────────────────────┘

Troubleshooting

Issue: Still getting timeouts

Check DNS resolution:

getent hosts incident.directlx.dev

Should show 192.168.200.71, not 45.16.76.42.

Check /etc/hosts:

grep directlx /etc/hosts

Should show entries with 192.168.200.71.

Issue: DNS resolving to wrong IP

Check systemd-resolved cache:

sudo systemd-resolve --flush-caches
resolvectl flush-caches

Check NSS resolution order:

grep hosts /etc/nsswitch.conf

Should show files before dns: hosts: files dns

Issue: Certificate warnings

If you get SSL certificate warnings, it means you're connecting via IP instead of hostname.

Solution: Ensure you're using the domain name, not the IP:

# Wrong
curl https://192.168.200.71

# Correct
curl https://incident.directlx.dev

Related Documentation

• SSL Offloading Fix - Spring Boot SSL configuration
• Express Proxy Config - Express.js proxy settings
• NPM Configuration - Located in /data/nginx/proxy_host/ on 192.168.200.71

Author

• Created: 2026-02-06
• Purpose: Fix unreliable public IP connectivity to DirectLX services
• Repository: dlx-src/dlx-ansible