DNS and Registrar
Grant Taylor
cctalk at gtaylor.tnetconsulting.net
Thu Jun 27 14:19:13 CDT 2019
On 6/27/19 12:53 PM, jim stephens wrote:
> They don't have to be combined.
Agreed.
I've been running DNS servers for about 20 years. I /always/ prefer to
run my own DNS servers if I can.
I have never run across a situation where I was unable to do so for
/technical/ reasons. I have had clients that /chose/ to /not/ host
their own DNS for a /business/ reason.
> I have a friend running his and my DNS on a server at his house with two
> DSL feeds for good measure, one is primary DNS for our domains, second
> one is published as the secondary.
*nod*
I'd worry about DSL circuits and stability for DNS. But it will
probably work > 98% of the time. If you're comfortable with it, more
power to you.
I would likely do something more like I'm doing now, run the master name
server (MNAME field in the SOA record) on the DSL and have somebody else
with a more robust connection (DSL had issues where I'm from) do a slave
zone transfer and be the listed Name Servers (NS records) that the world
talks to.
I actually do that now with my VPS being the MNAME server and my VPS
provider doing slave zone transfers off of me.
Note how the registrar is not part of that mix. ;-)
> The biggest thing to watch for is the lax rules for transfering
> domains. There was a problem with that, but most registrars allow locks
> now that impede the movement of domains w/o a bit of work.
That sounds like you're talking about moving domains between registrars,
which is decidedly different than and independent of where DNS is hosted.
Admittedly the registrar has to point (delegate) to the DNS hosting
provider. But it's fairly easy to move domains between registrars
without even logging into a portal at the DNS host.
> Used to take a couple of emails to highjack a domain, as there wasn't
> even a notification to verify that the transfer process email was
> requested by the owner.
Ya. Registrars have had some deficiencies over the years. I think they
are getting better.
> You are strongly encouraged to use a third party "professional" DNS
> service, but it only really need to be up reliably.
~whistling~ … ~quiet~ … I'm sorry, did you say something? No. Never
mind. I'll go back to what I was doing. … ~whistling~
I mean that as a joke. I let a LOT of what companies that are trying to
sell to me go in one ear, sanity check it, and then go out the other ear.
I'm of the opinion that a static IP is the biggest requirement for
/most/ DNS service. I.e. somewhere to have the registrar delegate the
DNS to.
Beyond that, I'm happy to delegate sub-domains to people on dynamic IPs
if they want them.
It's possible to put DNS a LOT of places that don't qualify as "Best
Practice". Most of them will work most of the time.
> We have the dual providers for the node my friend runs, as we know from
> the phone companies and providers that though the DNS is over the same
> 12 pair wire into his house (another trick), the CO actually has the
> DNS switches on different racks and UPS's. Which isn't a bad precaution.
That's probably okay for most things. But it's still subject to Backhoe
Bob and the fade that he can induce.
That's why I have my master that I can do anything and everything I want
to, and outsource to slave secondaries. Linode, my VPS provider, has
five different DNS servers that (I belie) are geographically diverse.
It will be quite a bit harder to take out all five of their DNS servers.
Plus, I don't have to pay for connectivity in five different
locations. ;-)
I'm curious, you said DSL. But that could be anything from 1.5 Mbps
ADSL to SDSL to VDSL. Each of which have different capabilities and
SLAs. Other than the backhoe fade taking out both connections at the
same time, higher quality DSL with SLAs is probably okay to do.
I think the official recommendation for big (think root level) DNS
servers is to have each server in a different network, where network is
defined as /24 (or larger), preferably under different ASNs.
But that's not a /requirement/, especially for smaller DNS operators.
> thanks
You're welcome.
--
Grant. . . .
unix || die
More information about the cctalk
mailing list