Web Hosting Talk : Web Hosting Main Forums : Colocation and Data Centers : How do you all handle DNS for your colo'd boxes?

[kushmit]

Hi Everyone-

I currently sublease colo space from a reseller for my 1U server, but I am considering establishing a direct relationship with a vendor.

Currently, my reseller has a DNS server, and handles all my DNS changes. I just send an email with new domain info, and they put it into DNS.

If I go direct, I may have to handle my own DNS. The problem is that I have heard bad things about the security of BIND, and would personally prefer not to run it on a production machine. I know that there are free services like EveryDNS.net out there, but I was wondering what the standard practices are and if anyone has any suggestions.

Can anyone offer any advice?

[racksense]

BIND, like any other application, is fine as long as you watch the announce list and apply patches or install the latest releases.

There are alternatives to BIND, such as djbdns (if you can stand djb software) and PowerDNS.

Or there are outsourced DNS management services such as WorldWideDNS and providers who will do secondary, etc.

[RSanders]

mydns.com provides a very good free service. Personally, I would run my own DNS or piggyback off an associate.

[RocketCowboy]

I run my own DNS servers. It helps that I have space in the rack for a couple extra servers, but I keep BIND on it's own servers, then do web hosting on their own boxes.

[paul-iwaynet]

We generally suggest the users provide their own primary DNS on their server, but are more than happy to do it for them, as we do for a few users. Just keep BIND up-to-date and you should be fine.

[kushmit]

Hey thanks for all the feedback everyone! Great info!

Regarding the free DNS services, is anyone aware of any downside to using them? (for example, problems or delays in propagation of DNS changes? Limitations with regard to virtual domains? Etc?)

[kushmit]

Quote:

Originally posted by rsanders
mydns.com provides a very good free service. Personally, I would run my own DNS or piggyback off an associate.

Thanks for the advice.

But can I ask why you would choose to run your own DNS rather than use mydns.com? What are the advantages?

[achost_ca]

We run our own DNS mainly so we can keep a tight reign on what we are doing. This also allows us to offer DNS service to other companies with greater ease then using a third party.

And monitoring the mail list is never a bad idea for any piece of open source software.

[lostpacket]

If you want to be really secure, just run BIND and SSH on a FreeBSD box, and have it pull records from your hosting servers. Put your DNS only box as PRI and your HOSTING as SEC and you should be fine.

We have had DNS boxes up for over 3 year no issues. Just don't run other crap on them that can get exploited!

[Kx-2]

If you have the resources, run DNS on multiple servers and that will ensure if any one of the DNS servers goes down, another will kick in fairly quickly.

[LinuxRigs]

If you're really worried about exploits...run it in some kind of chroot environment, or better yet in UML. Using UML will use some more resources, but if someone somehow exploited BIND they'd have access to a virtual server that only runs BIND, and not to your actual server.

That assumes you want to run DNS on a box that'll be doing other things such as hosting customers, mail, etc. If you already planned on having a separate server for DNS, then disregard.

[webworkz]

We provide an administrative software package for our customers to log into to make changes to our provided DNS/E-Mail services.

Or, the customer can run their own DNS/E-mail on their server(s).


If your DC offers server management, you could also look into them installing, configuring, and patching a copy of BIND on one of your servers. Then, you could use a tool like Webmin ( http://www.webmin.com ) to easily administer your zones.

[spiv]

FREE DNS services?

Well, DNS is the key to everything you do. If your DNS is down or misconfigured, all your other services won't be available.

Most hosts run their own primary and secondary to retain full control and be able to make changes quickly.

With a free service, one probably should be aware that "you get what you pay for".

Presumably you are in business offering some service with your box. Place yourself in the seat of your customer asking you the same question "Why should I buy hosting from you instead of using a free hosting service?"

To "do it right" you probably should consider having at least four different servers -- primary DNS, secondary DNS, email, and web.

Yes, you can combine services, but if you want maximum flexibility and reliability, they have to be isolated.

Think about it -- do you really want your web or mail server down while you are fiddling around with changes to your dns server that might require a reboot, a restart, or simply a mistake that takes it "off the air" inadvertantly?

We have placed our DNS servers in two different data centers - at some point, one has to think about an entire data center going down and whether you can live with that or not.

Think 911, earthquakes, hurricanes, floods, etc. it is not difficult to see situations where an entire data center will go down for hours or several days.

[racksense]

Free DNS? To run commercial services on?

I'm sure customers will be impressed with that.

Moreso when the person running it for free takes ages to respond to any problems, or one day it just disappears, and because you're not paying anything, you have no say or leverage in getting it restored.

Run your own DNS server, gives you more control over configuration, flushing zones, named restarts, etc.

If you can't afford it, see if there's a friendly competitor of a similiar size to you who you can do a DNS swap with. Either simply 2ary'ing zones or a dedicated server swap for full control.

[webworkz]

spiv: As for "getting what you pay for" with free DNS ... that is sorely incorrect. We run all of our dedicated server zones in those same DNS servers. If they go down, so do our dedicated customers [which we are responsible for].

These machines get the same amount of attention as any other machine in our facility.