New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Current provider is Cloudflare to take benefits of their WAF & other features with CNAME pointing to @Hybula's DNS for geo load balancing.
Thats why there is
Nameserver 1
Nameserver 2
Nameserver 3
If one fails the other will be a backup
Its not a good idea to find the best dns to make it the nameserver 1 and forget about everything else
Thanks, @Jorbox. I have a limited understanding of how DNS works. So, do I need to replicate each record on both DNS providers? Also, will the browser access the name servers in a round-robin manner?
Are you self-hosting DNS or using DNS providers? DNS is redundant by design, so it's relatively rare that someone uses multiple DNS providers for redundancy. And using multiple DNS providers could be tricky sometimes.
Even if you only use one DNS provider, even if they only have one master server, and unfortunately the lonely master server dies, there's still a good chance that you won't notice it. And soon it is fixed as if nothing happened. While it is definitely possible that your DNS provider might fail you, I do not recommend using multiple providers just for redundancy.
DNS providers. I think you are right.
You can set up a primary DNS and a secondary DNS for better reliability. For example, ns1 and cloudns.
Both will work but you need something so sync between them or you need to modify them manually
Yes if its possible would be better, the browser will check if one dns record didn’t return a value will communicate to the next one automatically and sometimes it sends a request to two of them and gets the first result for faster dns speed
Hi,
I am finalizing this setup. Let me know your thoughts.
Dual DNS Servers with Vanity:
ns1.mydomain.com
ns2.mydomain.com
ns3.mydomain.com
ns4.mydomain.com
The first provider is BunnyDNS, and the second provider is either Google Cloud DNS or GCore DNS.
BunnyDNS will cost me 0.3 USD per smart query, such as scriptable records or load balancer records, and 0.1 USD for normal queries.
Google Cloud DNS will cost me 0.2 USD per zone, 0.70 USD per geo query, and 0.4 USD for normal queries.
If I go with GCore DNS instead of Google Cloud DNS, the pricing will be 2.9 USD per month for 10 million queries, with an additional 0.2 USD for overages. Gcore will be cheaper than Google Cloud DNS no doubt. One problem with GCore is that it does not support TTLs longer than 1 hour for any record.
Please note that I will not be able to use DNSSec, as BunnyDNS and GCore do not support it, and there is no syncing feature for the keys.
Which two providers would you recommend out of these three? Thanks!
Best regards,
Any provider that does not charge per query (read my next book "how I DDoSed myself to poverty"), does not put inane restrictions (TTL), and neither opposes technical progress (DNSSEC) nor mails pipebombs, should do.
DNS "redundancy", hardiness, safety... is both built in the protocol and based on enduser architectural choice, more than on provider feats and capacity.
If you want my honest advice, and with the best of my intention: I feel like you’re overthinking this hugely
I wouldn’t ever (I think) pay for DNS. Cloudflare is one of the worlds best performing alternatives, and it’s free.
Prefer NS1? Nice, it’s free too (though Vercel, I think).
I’d spend the time making sure your services (whatever you host) are really fucking good. It’ll pay off more.
You can also try as Primary or Secondary DNS, Hetzner. Its free
https://www.hetzner.com/dns-console
^^ this
If you're already using someone like Cloudflare, that's already massively redundant and resistant to failure - and if their DNS goes over sufficiently hard and long to cause a problem then it doesn't matter if your website is affected because 40% of the rest of the web has also exploded.
Since you want to make things complicated, buy some cheap yearly VMs off LET, setup cluster using powerDNS.
Depends how paranoid you are.
I thought so too, when CF shit the fan, it wasn't anymore.
Plus, some people reselling CF DNS right, so that crap was down too, the stuff where thought you be safe.
Don't put all your eggs in one basket: for when it falls, SPOF! no more omelette.
(Poetry 2.0a)
where is the book?
There is always a risk of overpaying when the costs are per query in the case of a heavy DDoS attack. I have spoken to both providers that I plan to use, Bunny and Gcore. They have informed me that they have some DDoS protection in place, and in addition to that, there are billing limits for the account. Furthermore, I have created an account with another provider that offers unlimited queries for little money. Therefore, in the event of a DDoS attack, I will temporarily switch the glue records of my domain to that provider. I am planning to further test the Bunny and GCore APIs to determine if I can automate the entire process in case they notify me of approaching the billing or queries limit.
Both providers are working on DNSSEC; however, I am uncertain whether I will be able to use it since neither of them currently supports key syncing.
Cloudflare is widely regarded as the top DNS provider globally. However, considering the costs associated with each domain or their enterprise plan, it exceeds my budget. While a free option is appealing, I prefer not to use a service that offers poor support for free or lower-tier plans.
It's acquired by IBM. Free plan is no longer available.
To achieve a setup comparable to the available options, I will require a significant number of endpoints on an anycast network. Additionally, I will need to prioritize server security and maintenance. It is important to note that this approach will neither be cost-effective nor hassle-free.
I am happy with the results of Bunny (ns1&ns2) +GCore (ns3&ns4). Nice latency all across due to huge number of anycast endpoints + good geodns routing.
You'll note I said "resistant" to failure; not immune.
Sure, anything can fail but at least they're probably going be moving quite quickly to fix it. If you're super paranoid, add two of three secondary DNS providers into the mix (and pray that nothing you else you rely on is also under a CF umbrella).
( of course, none of this will save you if/when you screw up your own DNS entries...
)
They are not resistant to failure.
A single fuck up, with their network configuration globally, takes them down.
If they would be resistant, this would only lead to partial outages at worst.
For example, I run 2 nameservers for nanokvm.net right.
I accidentally wiped one of them, my brain was like, well I think this machine is idle.
Shortly after the monitoring went off, because one nameserver was offline.
However, the site did remain online and reachable, nobody did notice.
With cloudflare, everything is in one basket.
If they fuckup again, I am sure they will at some point, lights will go out again.
Actually they're extremely responsive.
I got a guy on Twitter that working as a CF dev, I just send him bugs regularely and he always make sure they get solved.
They're also responsive on Discord, in their group. Tons of staff there. If something was asctually broken, they'd 100 % help you. They've helped me.
"Through Vercel"
Still to be written.
TL;DR (too long, don't read): I got null-routed due to a typo in the configuration of a Master authoritative nameserver, which caused Slave authoritative nameservers to "aggressively query" (~DDoS) it with bazillions of DNS queries for several days; still, thanks to the resilient nature of the system (and sane TTLs, zone expiration, key rollover etc.), name resolution never actually ceased for these domains - which explains why it took me weeks to realize things were, hmmm, not as intended. Glad I did not have to pay for each bit of DNS traffic. The good folks at ITLDC were quite sweet, too
How many queries per month approx do you use?
20 million queries per month approx.
Are you referring to the cloudflare developers discord?
Yeah
https://discord.com/invite/cloudflaredev
Small question though, are you seeing DNS servers as CDN servers ?
My point is that DNS servers doesn't work and are not supposed to work that way where you need to have this much brainstorming.
Hetzner dns console does not support dnssec
No, I do have some/limited understanding how authoritative DNS work. I just want to aim for maximum uptime and willing to take more steps than required for it.
Hi, while I know you use the beta pilot of our DNS service; if you want the highest form of redundancy on a budget, I would get two VMs from two different providers (with both a different blend of upstream), then manage your records on both of them separately (do not replicate them automatically). Then you could apply changes on one of your nameservers and test/confirm before you push it to your second nameserver.
Anyway, we use our own nameservers in production for many years without any downtime so far. If you need more advice, feel free to submit a ticket about the project/application that you are hosting.