New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@geeklot - I wasn't using AXFR etc. was using their ns1&2
(We'd have to take if offline/PM if you want to discuss further. I may have misunderstood you; but I thought you meant using other DNS services as "backup"/secondaries and having them pull the DNS records from Rage4 --> i.e., Rage4 as primary, other (anycasted) service as additional nameservers for the domain.)
"When it's working" ? Could you elaborate on that? Are you referring to the underlaying VM's or BIND itself?
With a third-party DNS...
Risk: if THEY have an outage, attack, or company issues, everything (YOUR web, email, etc) can go down... and they basically won't give a FLYING F*CK about that, so you won't have a recourse other than file a ticket into some system, then sit around patiently until "one of our premium techs gets around to it".
With your own DNS at 3 different VPS or dedi providers, it's really unlikely that all 3 will have some sort of issues all at the same time. Whereas that one DNS provider (be it CloudFlare, Rage4, etc) is still one provider, and can very much go down as a whole.
@rm_: That is why you mitigate your risk by having plan (or provider) B, C, D, E, and F and not having ALL your eggs in a single basket.
(As well as low TTL to be able to make DNS changes that hopefully most of your users' providers will respect and propagate quickly)
So do you suggest keeping up parallel accounts at CF, Rage4, and perhaps also dns.he.net? That sounds like an order of magnitude more bothersome to set-up and keep in-sync than setting up and syncing 3 identical NSD3 instances on 3 LEBs. The latter I easily do with a shell-script with just rsync and ssh, but can you script a random DNS provider? Do they even support API? Some do, but even then, most likely it's a different API per provider, so 3x (4, 5, 6x) more work trying to automate.
@rm_: I just saw that you edited your previous comment with this:
Yes, that is basic risk mitigation and business continuity planning.
You do what suits you best: If you really want all your bases covered you either
Whichever floats your boat .. and your time, money, and technical talent.
What time, what money... I wonder if a technical example will illustrate it better, anyways here goes. To edit any of my DNS zones I currently:
Edit /local/dir/zones/domain.tld.txt
Run one script along the lines of:
And that's it.
Note how I didn't have to log in into five different web interfaces to peck new records into, or wrangle five different diverse provider-specific APIs.
Does not seem to be an "expensive" or "time-consuming" solution to implement either. And being the simplest it's also the most resilient one (for example nameserver hosts don't know about and don't depend on each other).
l> @rm_ said:
I think the point you are missing is that 99.9% of people in the world are not capable of things like this. You and I can come up with 10,000 reasons you or I might do something different.
This thread could go on for years.
They take ages to update records/zones.
^^^This
Again, you are mixing up "people in the world" and "people who manage web services and domains". And for the latter, I would contest that 99.9% figure.
Presumably the OP is capable of setting up simple script like that, considering he or she is already considering running a DNS server. Really though there's no answer to the question, the obvious advantage is that you have control over your DNS and the obvious disadvantage is that you have control over your DNS, honestly I'm tired of people asking silly questions relating to server administration without concrete answers, it always depends on your use case.
Also I'm always confused why people are so concerned about their DNS, the chance of all your DNS slaves failing is pretty small compared to the chance there'll be some issue on your webserver / other service.
Edit: at any rate, if you think you'll have fun setting up DNS (whether you're talking about a local recursive resolver or an authoritative nameserver as @rm_ mentioned), then you should go for it.
Edit2:
Does rage4 have a server PoP in India?
Edit-update: looks like they do have one :Pune.
Dns4.pro claims TWO servers in India.
This is the reason I continue to use dns4.pro(free with all prometeus.net accounts)
Not every location has enough LEBs to make self-hosted dns worthwhile for everyone .
I believe Rage4 has some arrangement with Prometeus for the PoPs so they should be having one
For the question of your own dns or third party, I am using Power DNS with 3 slaves with MySql replication. I am really happy with the performance and have much control on my records using MySql queries ..
I mean when the holy setup works and your DNS Server is resolving the domains nicely
Speaking as a client, having their own DNS server, both recursive and authoritative (for clients domains) - or not, is one major criterion to judge a provider as professional or as yet another "provider" with some nodes and a WHMCS subscription.
I agree with rm_. It's not magic. One should remark, though, that linux (at least Debian) still offers NSD3 only, which is a shame.
NSD4 is a very attractive step forward, with good (and urgently needed) rate limiting capabilities, a streamlined admin interface (no more nsdc rebuild but one (1) nsd-control), DB less on the fly operation option, and "patterns" making admins life easier).
On the other hand I also agree with those who say that better not doing it if one doesn't perfectly well know what one's doing. Staying away is certainly better for reputation than fucking up.
For the past 20 years I've spent my life interfacing with IT personnel and vendors of all types, from your mom and pop IT shop to hospitals with dedicated IT departments floating budgets in the millions of dollars.
The majority of "IT" people are not what you imagine. They know more than your typical end user, but as soon as you step out of the sphere in which they operate on a day-to-day basis, they are lost. I bet I could show 50 random IT people your script. 49 of them would give me a blank stare, at that's not even considering the setup and administration of the server, uptime monitoring or any knowledge of actual DNS records. A small number of people actually keep technology running, the rest are gophers and instruction readers.
Being someone who "manages web services and domains" does not in any, way, shape or form have any absolute relevance to your ability to manage DNS.
If you are someone who buys unmanaged VPSes, registers domains and "makes it all work together", i.e. basically the majority of us here on LET, you are indeed expected to know some basic GNU/Linux scripting -- or at least be open to learning something new, especially something that has the potential to make your workflow more efficient in much more ways than just this particular one.
I'm not suggesting your mom goes and manages her DNS. I'm encouraging the average LET'er to do so.
If you want to host your own authoritative DNS server you don't need to create a complicated cluster of servers. Just one master server on one VPS + he.net slave servers will do. The free he.net servers will provide the redundancy that you need.
You are only expected to have the cash to pay a provider. Running a VPS, registering or managing a domain does not imply you are qualified to do anything beyond the specific basic tasks you need to accomplish. Maybe you do, but that is far from a given.
Yeah, it's something new to learn and good to know, but at the same time, you have to consider opportunity cost.
That's with managed VPSes, I don't think those are particularly popular here.
Not that sure.
Don't forget that many DNS servers happily (and probably rightly) accept erroneus zone files (a trailing dot missing will be digested and it will create havoc).
Frankly, considering that DNS is at the core of the internet infrastructure I'd prefer "open to learning something new" people stay away (and rather use their home network as learning lab).
Besides: I'm amazed by the many (this or that, whatever) panel threads. Actually I happen to know people doing server/hosting stuff for a living and installing X incl. a desktop on VPSs/dedis to admin more "hardcore" than using the panel crap.
Sure, people should learn new things. But with some things they also should stay away until they have reached a certain level of professionality.
They will not break the "core internet infrastructure" with their server, at worst their own domain will not work. And that's also immediately noticeable and can be corrected.
So you believe every person who owns a non-managed VPS is a competent sys admin?
As far ask I know, there are no laws stating you need to have anything other than money to purchase a VPS. Do unmanaged VPS providers tell customers to look elsewhere because they "don't know Linux"? They'll happily let a paying customer stumble along.
Just because you own a car doesn't mean you'd make a good race car driver.
Maybe not, but they should strive to become one.
Else really, they might pose a danger to the society ("HALP PLZ my VPS compromised and sends spam and DDoS, how can this happen, I secured it with a proper password 12345 and use an up-to-date software package Wordpress 2.0").
Good solution may be BuyVM Anycast (3-VPS) plus AXFR to Linode or HE.net as a secondary. Best of both worlds for "running your own" and redundancy
NS 1 Anycast;
NS 2 / N3 Secondary IPs of your choice based on location preference of visitors (i.e. Linode NJ and Dallas)
NS 1 Anycast; NS 2 / N3 Secondary IPs of your choice based on location preference of visitors (i.e. Linode NJ and Dallas)
Pretty much useless (from a timing perspective) to use anycast + non-anycast, resolvers will just pick one at random.
@Yoda: +1 this!
Plus I fail to see the benefit of using another DNS provider like HE.net for ns2 as opposed to setting up your own ns2 and ns3 (for additional redundancy) on VM's hosted with different, reliable VPS hosts. From where I sit, running own DNS setup is all about control. A hybrid solution, running your own primary and subcontracting secondaries to third parties, seems very counterproductive here. See the thread "looking for mx backup reseller" for a good case in point. You have no control over what changes, patches or what not they make to their setup. Might as well just save yourself time and hassle and go with a third party solution for everything.
About anycast DNS: should you decide to go with your own and assuming a global audience and matching, distributed POP's infrastructure, 99% performance boost will come from a GeoDNS setup, rather than anycast DNS. GeoDNS (read: Control with a capital "C"!) is a very good reason for going with your own DNS setup, assuming you need this at all. See the other thread for more details if interested.