2

I am trying to setup a completely failsafe DNS system. Our web application serving infrastructure is sound with multiple failover servers but DNS is a weak-point for us. We currently tell our domain registrar to use our hosting providers name-servers. From there I utilise a virtual DNS server to forward to the relevant web-server/load-balancer.

However, my problem is that if the domain registrars domain servers were to go down then surely we would lose our site as well? Am I correct on this assumption? If so how would we make this fail-safe. I have researched the use of managed DNS providers which provide multiple fail-over DNS servers but even if we use this does this still not make the domain name registrar the weak point in the chain?

Thanks for any assistance.

user35204
  • 199
  • 1
  • 6

6 Answers6

1

I'm very much as "do it yourself" guy when it comes to almost all tech, including hosting. But I don't host my own DNS because it's so critically important and commercial providers are extremely cheap.

All my zones are hosted at ZoneEdit. Each of my zones has at least two US-based DNS servers (the min. required), but a couple of my more important zones also have a third server located in a separate network in Germany. I could add additional servers if I felt it was necessary. Total cost for this? About $20/year/zone.

Edit: The concern about a registrar's servers going down is understandable but unwarranted. The hierarchical nature of DNS means that your site will continue to work even if they go offline. The root servers are at the top of the hierarchy and are the only part of DNS that must remain operational for everything to work.

jamieb
  • 3,387
  • 4
  • 24
  • 36
  • 1
    Conversely, our DNS hosts screwed up our zone file and left all of our subdomains offline for an entire day. We were able to raise a fully redundant system of DNS resolvers across 4 disparate locations before they managed to fix it for us, and took over handling DNS ourselves. This was a service we paid good money for. – Chris Thorpe Feb 18 '10 at 04:29
0

Probably not. The tasks of registrar and DNS server are unrelated. Often they are run by the same organization, but this is in no way a requirement.

The registrar is needed when registering a domain, or changing the registered DNS servers for it. These DNS servers could be run by any third party.

Your domain will only become completely unreachable when all DNS servers configured for your domain are down. If you make sure you have enough DNS servers, which are also reliable enough, you should be quite safe for DNS. You can get (secondary) DNS service from many different suppliers. Always make sure your different DNS servers are hosted in different locations, with different providers.

A theoretical weak spot are the TLD's DNS server - but outages in those are extremely extremely rare.

So, basically there are two different roles: the DNS servers, which could be anywhere, and are continuously vital; and the registrar, whose outages do not affect your reachability.

0

The Top Level Domain (TLD i.e. the .com .org.net .edu .mail and most of the country code ) DNS servers are numerous, and geographically seperated, so you probably don't really need to worry about those. In an case yhere is not much you can do about those, beause they are beyond your control.

I'd worry more about your own DNS infrastructure, as that is where most DNS problem occur. You should have multiple DNS servers for your domain, ideally in separate countries as well as the country that you expect most of your traffic to come from.

If you want to use a hosted DNS provider I'd choose a couple, as that will offer some protection against non technical issues (e.g. hey go bankrupt an d the sherriff ceases all their servers without notice).

Personally I'd prefer to provide my own master server and have all third party hosts slave frm them, that way you don't get crippled by whatever tools (e.g. admn web gui)they give you to maanfe your domain, but you do get the other benefits of a hosted domain.

Jason Tan
  • 2,742
  • 2
  • 17
  • 24
0

Agreed - the registrar is not a weak link, all you need is the DNS. And similarly to jamieb, though we do about everything else ourselves, we outsource DNS - it's just so cheap and easy (and secure, and high performance) when you farm it out. We use dnsmadeeasy.com.

Ernest Mueller
  • 1,189
  • 2
  • 12
  • 25
0

I am with jamieb with this one. Though I have access to dozens of servers in 4 different data centers across the US. I outsource our DNS to DNS Made Easy. www.dnsmadeeasy.com

I like having our DNS completely isolated from our own operations. If we have a critical failure within our networks, I can still get to our DNS to make changes.

There is also UltraDNS, who is a premium provider in this space.

But for my $60/year. DNS Made Easy has served me for years with no downtime.

In terms of the registrar, make sure you are at a top-level registrar not some reseller operaton. Godaddy, Netsol, OpenSRS, Enom, etc. I've seen problems with some sites where resellers fail to submit the data to the parent company. As a result, the root servers do not get your updates quickly. If the root servers go down, we are all going to have more issues than DNS to worry about.

jeffatrackaid
  • 4,112
  • 18
  • 22
0

I use dyndns.org "Secondary DNS" service because I like hosting my own master server, but having the resiliency of 4 slaves (all geographically diverse) for just $40/year/zone. I get complete control of the zones, and the world can always access at least one of the 5 NS listed for my zones.

If I wanted to go the "Custom DNS" route, they host it all. It's $30/year/zone with a limit of 90 records per zone and 2.6M queries/month.

Chris S
  • 77,337
  • 11
  • 120
  • 212