View Poll Results: How is your DNS Setup?

Voters
55. You may not vote on this poll
  • Run all our own DNS Servers

    40 72.73%
  • Use an external third party solution

    4 7.27%
  • Use what is available from our server/hosting provider.

    6 10.91%
  • Use the registrars option on a per domain basis.

    5 9.09%
Results 1 to 28 of 28
  1. #1
    Join Date
    Jan 2004
    Location
    Boise, ID
    Posts
    2,449

    Lightbulb How do you handle your DNS?

    I'm curious how people handle there DNS.

    Do you do handle the DNS servers yourself?

    Use an external third party solution?

    Use what is available from the server company?

    Use Registrars options on a per domain basis?

  2. #2
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    If you run your own server, you should run your own dns as well. It's about a 5 second job to set them up properly, and you will benefit far more from doing so.

    Anyone with any control panel (seems the world can't live without 'em any more ) can easily handle dns. All of my servers (2 at the moment) come with at least 2 ip's specifically for this purpose.

    When you're dealing with control panels, it's more of a hassle to handle dns elsewhere. For example, if you want to add a domain to your server, you have to add it in the control panel AND add it elsewhere (if you have dns elsewhere). As well, if you have clients hosted on that server, all changes THEY make must be made on that remote server as well, if they're using your dns.

    Simplify things, use your own dns servers, it makes things a lot easier.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  3. #3
    Join Date
    Jan 2004
    Location
    Boise, ID
    Posts
    2,449
    I agree wholeheartedly.

    We ended up creating a system that uses the CP databases to grab and create our DNS zones on our servers.

    In the beginning we used the servers itself. I was loathe to leave this, but we had to centralize. Best method, we still use the CP.

  4. #4
    Join Date
    Nov 2002
    Location
    Toronto, Canada
    Posts
    111
    I think it largely depends on how many domains you plan to host. If you care about redundancy then DNS for a handfull of domains is better done through your hosting provider. I doubt anyone with just one or two domains would buy 2 extra servers just to host their own redundant DNS.

  5. #5
    Join Date
    Jan 2004
    Location
    Boise, ID
    Posts
    2,449
    They can also just have there hosting provider do Secondary.

  6. #6
    Join Date
    Nov 2002
    Location
    Toronto, Canada
    Posts
    111
    Originally posted by ddihosting
    They can also just have there hosting provider do Secondary.
    That still leaves you with the primary which should be on different server from the one you're hosting your domains on. If you only have one or two domains, having even one extra server for DNS doesn't make financial sense.

  7. #7
    Join Date
    Jan 2004
    Location
    Boise, ID
    Posts
    2,449
    Actually, give me one reason why Primary DNS should be on a different server?

    I would guess over 60%, and that is probably low, of your average hosting company out there has the primary DNS on the same server as they host.

    Especially with control panels that allow DNS editing.

  8. #8
    Join Date
    Jan 2004
    Location
    Boise, ID
    Posts
    2,449
    Also, I never said having an extra server for DNS. I said that most providers offer secondary DNS to the server if requested.

  9. #9
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    Originally posted by CyberBabe
    That still leaves you with the primary which should be on different server from the one you're hosting your domains on. If you only have one or two domains, having even one extra server for DNS doesn't make financial sense.
    Actually, you're wrong there.
    While some would say that dns should be on separate networks, it makes no sense to have it on such. Why? Short but sweet explaination:
    You have dns on server a and server b.
    server a is hosting your sites, email and the like.
    server a goes down for a bit (a bit being 5-10 hours, whatever)
    server b still points to server a
    all domains that are listed @ server b still have nothing at all for email, web, or anything else. In fact, server b is pointing everyone to a dead server.. Yipee!!!
    The down side to this is now all mail hosts point to server a which is nonexistant at the moment, due to whatever downfalls. Of course, mail will come through, and bam, it's not going to get to server A, so most just quit right there.

    reverse side:
    Server A holds all entries
    Server A goes down
    Mail continues to try to deliver (most will continue for up to five days), because it never reached the intended host (nor did it FIND the intended host as it was supposed to do in the first place).

    Now, IF (and only if) you're running larger sites (such as microsoft, google, etc), then the cost is warranted for multiple dns zones, servers and the like. Otherwise the end doesn't justify the means.

    The only exception to this would be a helpdesk solution so that you can keep your clients informed of what's going on, even if the server is down Of course that'd be something that you should have permamently offsite anyways.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  10. #10
    Join Date
    Jan 2004
    Location
    Boise, ID
    Posts
    2,449
    wolfstream,

    Thanks. Been working to hard and have given up on any such indepth explanations.

    Our seperate DNS also run secondary MX and tirtuary MX for this reason.

  11. #11
    Join Date
    Nov 2002
    Location
    Toronto, Canada
    Posts
    111
    Originally posted by ddihosting
    [B]Actually, give me one reason why Primary DNS should be on a different server?
    Redundancy. In fact, ideally I would like to have at least one of my DNS servers on a different network. I may consider running DNS locally as a backup to the primary and secondary though...

  12. #12
    Join Date
    Jan 2004
    Location
    Boise, ID
    Posts
    2,449
    You would be better to run Primary locally and secondary and tirtuary as backups.

    That way you aren't having to edit DNS all over the place.

  13. #13
    Join Date
    May 2004
    Location
    United States
    Posts
    3
    i handle all my dns by myself.

  14. #14
    Join Date
    Nov 2002
    Location
    Toronto, Canada
    Posts
    111
    Originally posted by ddihosting
    [B]You would be better to run Primary locally and secondary and tirtuary as backups.
    Personnally, I won't run it like that myself. I stil believe DNS should be on separate dedicated servers for redundancy. For the same reason I think email servers, database servers, web servers and DNS servers should all be on different servers. For practical cost savings reasons I can see why you would want to combine some, but I don't think it will win you any "network of the year" awards.

  15. #15
    Join Date
    Jan 2004
    Location
    Boise, ID
    Posts
    2,449
    We run Seperate DNS and Secondary MX Servers. We didn't originally and it comes down to a variety of reasons.

    1. People like to update there DNS. They can only do this if you get the DNS records from the box thier DNS is on where they edit it. I.E. most control panels edit dns on the box they are on.

    2. If the primary is on the box then there is no issue with having secondary on other machines. The machines running secondary don't just go down because the primary went down.

    3. For any hosting company to realistically do what you recommend every control panel out there would have to be rebuilt from the ground up.

    You are speaking of corporate level sites like MS or something, not your general hosted site pushing less than 50GB of transfer a month and using about 10MB fo space.

  16. #16
    Join Date
    Mar 2004
    Location
    Edmonton, Canada
    Posts
    339
    Im sorry, but that goes against everything I have ever been taught.

    The benefits of having your dns servers on seperate networks is so if server a goes down (which is doing dns and hosting) then requests will goto server b (which is doing secondary dns) which will send it to server a, even though it is down. Ok, the sites will still be down you say....

    Now what I was taught was that as long as one dns server is still up (even if it is sending requests to a dead server), when the main server comes back up, the sites will come back to life straight away.

    But, if all the dns is down (for more than a few hours) then it will take a while (days sometimes) for the DNS to propogate around the ISP's that its back up.

    Ok, so I haven't used the right terminology, but it involves TTL's
    Anyway, there is a very valid reason to have DNS servers on different servers.

    Anyone want to explain it properly?



    Originally posted by wolfstream
    Actually, you're wrong there.
    While some would say that dns should be on separate networks, it makes no sense to have it on such. Why? Short but sweet explaination:
    You have dns on server a and server b.
    server a is hosting your sites, email and the like.
    server a goes down for a bit (a bit being 5-10 hours, whatever)
    server b still points to server a
    all domains that are listed @ server b still have nothing at all for email, web, or anything else. In fact, server b is pointing everyone to a dead server.. Yipee!!!
    The down side to this is now all mail hosts point to server a which is nonexistant at the moment, due to whatever downfalls. Of course, mail will come through, and bam, it's not going to get to server A, so most just quit right there.

    reverse side:
    Server A holds all entries
    Server A goes down
    Mail continues to try to deliver (most will continue for up to five days), because it never reached the intended host (nor did it FIND the intended host as it was supposed to do in the first place).

    Now, IF (and only if) you're running larger sites (such as microsoft, google, etc), then the cost is warranted for multiple dns zones, servers and the like. Otherwise the end doesn't justify the means.

    The only exception to this would be a helpdesk solution so that you can keep your clients informed of what's going on, even if the server is down Of course that'd be something that you should have permamently offsite anyways.
    laslo.ca
    Quality Canadian Web Hosting

  17. #17
    Join Date
    Nov 2002
    Location
    Toronto, Canada
    Posts
    111
    Originally posted by ddihosting
    You are speaking of corporate level sites like MS or something, not your general hosted site pushing less than 50GB of transfer a month and using about 10MB fo space. [/B]
    That's whay I said "For practical cost savings reasons I can see why you would want to combine some". In fact, I currently run my mail server on the same server as my domains. It's hardly ideal, but it's the most practical option in my case since I don't have a lot of domains. Nonetheless, the mail server DO compete for resources on that server and thus affects the other services running on that server. For that reason, I will move the mail server off to it's own server in time. There are also security implications. I prefer to have as few ports open on a server as possible to reduce the attack surface. Running multiple services on the same server could potentially make it easier to compromise a server through one service, and disable ALL the services on that server, instead of just the one service that was compromised.

    The list is long but yes, I agree that there are practical limitations to how far you should go with redundancy. For me, not having that many domains, it is far better to use my service provider's DNS so I don't have to.
    Last edited by CyberBabe; 05-31-2004 at 09:48 PM.

  18. #18
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    The only time that anything will change as far as caching goes is when you physically change something on your network. For example, you change your nameservers, then yes, it can take days to peer through. If you change your nameserver ip's, it is a matter of hours, max 24 from what I've seen. It's all dependent on the individual ISP that handles the user's cache.

    Nothing's deleted from the cache unless the domain name actually no longer exists (ie: it's expired), and then, the domain name goes poof.

    An example of this, something that happened to me over the winter.
    I had to take my server down for a few hours, so that the staff @ fastservers could run a diagnostic on it (hardware problems DO happen). Turned out I had a bad fan, which was addressed as quickly as possible (took 'em quite a bit, but we're talking 3am here PST). When the server came back up, everything was fine. All in all I'd say 3-5 hours of downtime. This was before I picked up srv02 and started running my second set of nameservers. TTL? As soon as I fired up my browser everything was back.

    Example 2, something that happened to a customer:
    Client had a server hosted with HostAny, last year, before Atrivo took it over, back when Eric was still managing things and it took DAYS to get issues addressed. Hard drive went crap, and the server was down for days (needless to say we lost damn near all the clients on that server). Well, as soon as the server came back online (they mirrored the drive), everything was up and running at 100%. NOT because he had secondary nameservers (although in his case I recommended it to keep a little traffic out of his servers), but because everything was back up.

    I could go on and on with examples, but I won't. I've seen this theory disproved many times. Realistically, the only time that anything changes with your dns is when you tell it to do so, not when your site's been down or server's been down.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  19. #19
    Join Date
    Mar 2004
    Location
    Edmonton, Canada
    Posts
    339
    ok, so what I said is probably what I was told, but is wrong?
    (Im think thats what I was told)
    laslo.ca
    Quality Canadian Web Hosting

  20. #20
    Join Date
    Jan 2004
    Location
    Boise, ID
    Posts
    2,449
    It's almost backwards. More or less a server has to be down dayes, even weeks, before the cache becomes fully flushed and you lose it.

    And if it isn't cached then the system will try to hit the DNS server everytime there is a request until it gets a response.

  21. #21
    Join Date
    Nov 2002
    Location
    Toronto, Canada
    Posts
    111
    Rob, you'll get some answers to your questions from the guy who actually invented DNS here :

    http://www.computerworld.com/network...,82018,00.html

    Some of the advice given :

    "Eliminate common physical and network dependencies."

    "Use name servers in separate locations, connected to the Internet via separate routers and leased lines. Ideally, they won't even be in the same network or autonomous system."

    "Host DNS and DHCP on dedicated machines with other ports disabled. Firewalls and routers can isolate the servers from nonrelevant traffic and possible exploits. "

    "If you have multiple versions of the DNS namespace (such as an internal and external "view" of DNS data), use separate servers for internal and external DNS data. If total separation is too expensive, use servers that differentiate between internal and external requests. "

    "Also, use separate machines for serving an organization's DNS data (authoritative servers) and fetching data from outside sources (caching or recursive servers). "

    Now, if only we all had the money to set up that kind of infrastructure ....

  22. #22
    Join Date
    Mar 2004
    Location
    Edmonton, Canada
    Posts
    339
    Well, we have a Raq4 hosted by Host Europe in Nottingham, England, that just does secondary DNS and then one of our Web Servers with wholesaleinternet that does primary DNS
    laslo.ca
    Quality Canadian Web Hosting

  23. #23
    Join Date
    Jul 2003
    Location
    Satyr, Chrisalya, Canada
    Posts
    1,901
    We use our own DNS servers.
    --

  24. #24
    Join Date
    Nov 2003
    Posts
    384
    whatever u do, don't forget to benchmark it with e.g. "dig +trace domain.com" - expensive register.com takes here 100ms+ for DNS replies, dyndns.org 45ms and "cheap" directnic.com 31ms, ns1.google.com = 37ms - your results may vary

  25. #25
    Join Date
    Jul 2002
    Location
    Kuwait
    Posts
    10,573
    we used to use enom dns till we got our own webbased CP for our own dns servers
    Bashar Al-Abdulhadi - KuwaitNET Internet Services Serving customers since 1997
    Kuwait's First Webhosting and Domain Registration provider - an ICANN Accredited Registrar

    Twitter: Bashar Al-Abdulhadi

  26. #26
    We developed our client DNS system in-house using a free DNS backend. Clients can add and delete zones and RRs on the fly. These nameservers are separate from our normal nameservers that do recursive name resolution.
    ::. www.diginode.net : Dedicated Servers : Virtual Machine Servers .::
    ::. Industry-Leading Remote Server Management .::
    ::. Automatic OS Re-image : Instant Server Reboot : Remote Serial Console .::
    ::. Over 20 OSes to choose from : Install a new OS every day .::

  27. #27
    Join Date
    Sep 2002
    Location
    Behind your monitor.
    Posts
    516
    Originally posted by robdavy
    Im sorry, but that goes against everything I have ever been taught.

    The benefits of having your dns servers on seperate networks is so if server a goes down (which is doing dns and hosting) then requests will goto server b (which is doing secondary dns) which will send it to server a, even though it is down. Ok, the sites will still be down you say....

    Now what I was taught was that as long as one dns server is still up (even if it is sending requests to a dead server), when the main server comes back up, the sites will come back to life straight away.

    But, if all the dns is down (for more than a few hours) then it will take a while (days sometimes) for the DNS to propogate around the ISP's that its back up.

    Ok, so I haven't used the right terminology, but it involves TTL's
    Anyway, there is a very valid reason to have DNS servers on different servers.

    Anyone want to explain it properly?
    I am going to have to go with you. Reason being that my ISP does not cache their DNS, the other reason is I messed up over 1000 clients on accident. Yes I admit it.

    It started with a big mistake of transfering my domain which contained the zone file for the nameservers that host these ~1000 sites. I did this beacause I wanted my .net as a backup in another DC, in case there was a potential disaster in an upcoming DC switch. (read NAC/Pweb/DN + httpme/voxtreame + NDA read HERE

    (the latter 2 comapny, sorry for the reference, but at the time if I saw others in the industry who "knew" something I did not, my thought were to prepare for the worst)

    I have 10 servers soley in one DC, and 2 dedicated clients in another. I did not want to ask my dedicated clients to virtually host my .net, so I asked another providor who does an excelent job of fixing things when I break them. Sure enough, I had my .net hosted.

    24 hours went by, a few trouble tickets, the standard "must be your ISP having a bad DNS cache reply."

    48 hours now....

    Q: "I cannot see my site or your hosting site."

    A: ''Well try this web based proxy server."

    That worked. (for many)

    36 hours now go by...

    4 times as many tickets. Now myself cannot even use a web based proxy to resolve certain sites, however from where I sit, every site works completely fine, from my browser, but not from web-based proxies. (starting to wonder now)

    I am 1000's miles away from the datacenter. (must be the users fault)

    Not really. After 48 hours I was more than suspicicious and was having bad dreams.

    Awakened to more tickets than ever.

    As robdavy says,, had I had secondary DNS in my major screw up, things would have fixed themselves faster,

    Turns out, when I transfered the domain via cPanel, the zones were not transferred (yes a CP!)

    Then AFTER I found the issue (almost by a stroke of good luck) you still have to wait for everything to re-propagate.

    We have secondary DNS now by request, and it will soon be standard. Next in line is dynamic DNS, as a standard.
    Last edited by myusername; 06-01-2004 at 08:11 AM.
    GlowHost → Affordable Managed Web Hosting Since 2002.
    Cloud Servers- Hot Failover + Clustered Storage
    Managed Dedicated Servers - Semi-Dedicated Servers
    Shared & Reseller packages - 20 Min Ticket Response 24/7/365

  28. #28
    Join Date
    Sep 2002
    Location
    Behind your monitor.
    Posts
    516
    Well I tried to edit my grammar and spelling errors, but my 15 minute limit has expired...

    suspicicious should read: suspicious

    I was not rying to quote robodavy. But what I was trying to convey, was that "IF" secondary DNS was in fact, in place, my little mixup would have corrected itself sooner.

    CP's are nice, and I have no desire to do the other method of seperate servers for mail, DNS, SQL and the like. I am used to this many sites + this load + this usage = new server.

    What I have learned here is that secondary DNS is needed if you are like me (which most are not).

    Trying to remember everyone's name, do the books, market, and keep the site maintained is a lot of work. (yes many of you know this)

    It is easy to make a dumb mistake and have it cost you dearly.

    I think I skated by on this one after 2.5 years of 99.8 uptime. Funny thing is no external reporting sites even recorded it. I guess that was my get out of jail free card.

    Lets not repeat it in the future.
    GlowHost → Affordable Managed Web Hosting Since 2002.
    Cloud Servers- Hot Failover + Clustered Storage
    Managed Dedicated Servers - Semi-Dedicated Servers
    Shared & Reseller packages - 20 Min Ticket Response 24/7/365

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •