0

We had an issue where our DNS (who is hosted by 1 and 1) was down due to DDOS.

What would help alleviate this? Can we create an A record on another DNS like Godaddy?

Basically is it possible to have two separate DNS servers host the same A record?

Rob
  • 153
  • 6
  • 'our DNS' - do you mean you have a DNS dedicated server collocated at '1 and 1' farm or zonefile of your domain hosted at '1 and 1' DNS servers ? In other words - in whois db who is authority NS servers for your domain? – Yuri Aug 09 '16 at 18:37
  • Very closely related: http://serverfault.com/q/777094/152073 – Andrew B Aug 10 '16 at 13:30

2 Answers2

9

What would help alleviate this?

Move to a better DNS provider.

Can we create an A record on another DNS like Godaddy?

Well, you could, but it won't do you any good. Your registrar nameserver records are pointing to 1and1. Sure, you could update your registrar to point to the other DNS provider, but you will have to deal with not only propogation delay there, but also having to ensure that records are kept in sync between providers.

A much better plan would be to migrate from the rather feeble 1and1 provider to someone like Cloudflare or AWS Route 53 for DNS, either of which are going to have many orders of magnitude more resilience to DDoS attacks.

EEAA
  • 108,414
  • 18
  • 172
  • 242
0

Just to clarify something...

The only DNS records with a "backup" feature built in are MX records with their administrator-defined metrics. NS records, like A records, are generally served round-robin or randomly. So if you were considering sharing the load between a few providers, there is no mechanism for failover. You'd still have a certain percentage of failed requests.

As EEAA said, moving to a more robust DNS provider is about all you can do. Increasing the TTL on the records will help with cached entries if the site's not moving any time soon.

  • 1
    While the round-robin behavior is frequently cited, [current standards encourage `A` record failover](http://serverfault.com/a/774411/152073). Round robin behavior should still be *assumed* unless it is explicitly known that an application implements it, but it is not correct to generalize that it is the only way the records will be interpreted. – Andrew B Aug 10 '16 at 14:53
  • Well, it **is** generally the way it's handled, and the standard isn't doing much to change that landscape from a practical perspective. Very few services actually handle failover on A records, much less NS records which is the main point of the question. All authoritative nameservers returned in an NS query hold equal weight and it's left to the client to do anything resembling failover. – Daniel Tharp Aug 10 '16 at 14:58
  • 1
    You're correct on the topic of NS records, but the MX/A distinction is detracting from your point and in a way that I was uncomfortable with. I am content to leave it at that. – Andrew B Aug 10 '16 at 15:04