services:
  dns:
    image: technitium/dns-server:latest
    container_name: dns-${DNS_NODE_ID}  # Becomes dns-1 or dns-2
    restart: unless-stopped
    ports:
      - "53:53/udp"
      - "53:53/tcp"
      - "5381:5380/tcp" 
    environment:
      - TZ=America/Edmonton
      - DNS_SERVER_DOMAIN=dns${DNS_NODE_ID}.${TRAEFIK_DNS_SUFFIX} # dns1... or dns2...
      - DNS_SERVER_ADMIN_PASSWORD=${DNS_ADMIN_PASSWORD}
    volumes:
      # Updated path to match your new 'infrastructure' folder structure
      - /docker/core/dns/config:/etc/dns
    networks:
      - dns_external
      - dns_internal
    labels:
      - "traefik.enable=${DNS_TRAEFIK_ENABLED}"
      - "traefik.docker.network=dns_external"
      # --- SHARED HA ROUTER ---
      # The router NAME must be unique, so we add the ID here too
      - "traefik.http.routers.dns-shared-${DNS_NODE_ID}.rule=Host(`dns.${TRAEFIK_DNS_SUFFIX}`)"
      - "traefik.http.routers.dns-shared-${DNS_NODE_ID}.entrypoints=${TRAEFIK_ENTRY_POINTS}"
      - "traefik.http.routers.dns-shared-${DNS_NODE_ID}.tls.certresolver=${TRAEFIK_RESOLVER}"
      # Both point to the SAME service name to enable load balancing
      - "traefik.http.routers.dns-shared-${DNS_NODE_ID}.service=dns-common-service"
      # --- NODE-SPECIFIC ADMIN ROUTER ---
      # Unique router name and unique Host rule
      - "traefik.http.routers.dns-admin-${DNS_NODE_ID}.rule=Host(`dns${DNS_NODE_ID}.${TRAEFIK_DNS_SUFFIX}`)"
      - "traefik.http.routers.dns-admin-${DNS_NODE_ID}.entrypoints=${TRAEFIK_ENTRY_POINTS}"
      - "traefik.http.routers.dns-admin-${DNS_NODE_ID}.tls.certresolver=${TRAEFIK_RESOLVER}"
      - "traefik.http.routers.dns-admin-${DNS_NODE_ID}.service=dns-common-service"
      # --- THE SHARED SERVICE ---
      # This name MUST be identical on Node 1 and Node 2
      - "traefik.http.services.dns-common-service.loadbalancer.server.port=${DNS_TRAEFIK_PORT}"
networks:
  dns_external:
    driver: bridge
  dns_internal:
    external: true