Who offers secondary-only domain name service?
June 6, 2006 8:26 AM Subscribe
I manage my own DNS for domain names (I'm a tecchie, I know what I'm doing and jumping through someone else's hoops for DNService has always ended in tears). I've only got the one machine at a co-loc, and registrars get cranky if you give only one authoritative DNS server, or two that are in the same net segment.
Where does a nerd get some reliable secondary DNS? The dozen places I've checked out so far insist that I move all my DNS to them, when all I want is for them to mirror my zones.
I have had good luck with easyDNS. They charge US $15/year I believe. more info.
posted by rajbot at 8:40 AM on June 6, 2006
posted by rajbot at 8:40 AM on June 6, 2006
Well, actually I have several different domains, and on one of my domains (through register.com) I have 'registered a name server'. Twice, one for nx1.picture-rate.com and another for nx2.picture-rate.com they both point to the same IP address
Then, on go daddy where it asks for me to set the name servers on all my other domains, I type in nx1.picture-rate.com and nx2.picture-rate.com
Now, primary and secondary domain servers are the same. This is a little strange, though, since the *.picture-rate.com domain is still served by register.com's name servers.
Another thing to think about: You don't *really* need that secondary server. You could do something like enter in your home PC's current address, and then take down the server later. It's not really a big deal.
Hope that wasn't too confusing. The point is, it's definitely not impossible to do it with just one server.
posted by delmoi at 8:40 AM on June 6, 2006
Then, on go daddy where it asks for me to set the name servers on all my other domains, I type in nx1.picture-rate.com and nx2.picture-rate.com
Now, primary and secondary domain servers are the same. This is a little strange, though, since the *.picture-rate.com domain is still served by register.com's name servers.
Another thing to think about: You don't *really* need that secondary server. You could do something like enter in your home PC's current address, and then take down the server later. It's not really a big deal.
Hope that wasn't too confusing. The point is, it's definitely not impossible to do it with just one server.
posted by delmoi at 8:40 AM on June 6, 2006
What you want is zoneedit.com. You can slave their DNS to yours.
posted by kindall at 8:41 AM on June 6, 2006
posted by kindall at 8:41 AM on June 6, 2006
If you've only got one server, having redundant DNS is truly pointless. I just list the first two IPs on my server. While some things might 'recommend' that I have them on different class Cs, I'm not aware of any that actually make you.
But if your server's down, it doesn't really matter if people can resolve your server name. (And, for that matter, if you have redundant DNS servers, why don't you have redundant servers for your other services?)
Personally, I'd just disregard the error messages.
posted by fogster at 8:44 AM on June 6, 2006
But if your server's down, it doesn't really matter if people can resolve your server name. (And, for that matter, if you have redundant DNS servers, why don't you have redundant servers for your other services?)
Personally, I'd just disregard the error messages.
posted by fogster at 8:44 AM on June 6, 2006
I'll add a caveat to my "truly pointless" phrase: if you have someone providing backup MX hosting, I suppose backup DNS is useful.
posted by fogster at 8:46 AM on June 6, 2006
posted by fogster at 8:46 AM on June 6, 2006
And, for that matter, if you have redundant DNS servers, why don't you have redundant servers for your other services?
Honestly, if I managed a network and only had the option to make one service redundant, it'd be DNS. Double-plus for having your secondary DNS off-site. If DNS goes down, you're pretty much dead in the water- everything that connects to the internet will start failing.
posted by mkultra at 8:47 AM on June 6, 2006
Honestly, if I managed a network and only had the option to make one service redundant, it'd be DNS. Double-plus for having your secondary DNS off-site. If DNS goes down, you're pretty much dead in the water- everything that connects to the internet will start failing.
posted by mkultra at 8:47 AM on June 6, 2006
Response by poster: fogster : You make a very good point, and if I didn't already know one machine == one point of failure, that would be valuable advice. However, I'm dealing with registrars* who think they know better than I do, and refuse me service "for my own good." Did I mention that I don't like jumping through other people's hoops?
(*: save the "well use another registar!" comments for yourself. If I could, I would.)
posted by Mozai at 8:52 AM on June 6, 2006
(*: save the "well use another registar!" comments for yourself. If I could, I would.)
posted by Mozai at 8:52 AM on June 6, 2006
Response by poster: Sorry, that /is/ valuable advice, even if I already know it. (marks as "best" to make sure other people see it)
posted by Mozai at 8:53 AM on June 6, 2006
posted by Mozai at 8:53 AM on June 6, 2006
If you've only got one server, having redundant DNS is truly pointless.
No, it's required by many registrars and TLDs. (Well, they don't care about the level of redundancy but they want to see at least two nameservers.)
Even then, there is a lot to be said for being able to present a user with a "I can't reach that server" error instead of an "I can't tell if that server even exists" error.
posted by mendel at 9:23 AM on June 6, 2006
No, it's required by many registrars and TLDs. (Well, they don't care about the level of redundancy but they want to see at least two nameservers.)
Even then, there is a lot to be said for being able to present a user with a "I can't reach that server" error instead of an "I can't tell if that server even exists" error.
posted by mendel at 9:23 AM on June 6, 2006
I have used soa.granitecanyon.com.
I have not used www.easydns.com, but they offer this for $15/year. And the following is a mailing list for voluntary swapping of secondary dns. I don't know how up-to-date that is.
posted by gearspring at 9:47 AM on June 6, 2006
I have not used www.easydns.com, but they offer this for $15/year. And the following is a mailing list for voluntary swapping of secondary dns. I don't know how up-to-date that is.
posted by gearspring at 9:47 AM on June 6, 2006
Another vote for EasyDNS. I used their service "back in the day" and was quite pleased, both with the price, their online control panel, and their service.
posted by kableh at 10:14 AM on June 6, 2006
posted by kableh at 10:14 AM on June 6, 2006
I used to use soa.granitecanyon.com as a slaved primary (I keep the master in-house, but it's relatively low bandwidth so I don't want it answering queries), but after several years I found the service pretty unreliable about responding to NOTIFY. ZoneEdit has been absolutely trouble-free for me in the same configuration, and is free.
posted by majick at 10:21 AM on June 6, 2006
posted by majick at 10:21 AM on June 6, 2006
Ignore everything that fogster said. And unmark it as 'best answer' because it's an AWFUL answer. Especially when you have crap like Windows that will occasionally cache bad DNS records.
If there's one service you want to make redundant, make DNS. Having a secondary MX is nice, but is mostly useless thanks to spammers. Modern MTAs will attempt to redeliver the mail when your server comes up but if they cannot resolve your domain *at all* then you will wind up with mail getting returned. And it'll keep happening until your DNS server comes back up AND the TTLs expire, causing s fresh lookup to happen.
It matters a LOT if your domain name fails to resolve.
And.. being a techie that knows what he's doing, have you considered asking an ISP to simply host a slave zone for you? got a friend on a T1 somewhere that does DNS? How about your colocation facility? Most of the ones I have ever dealt with will offer secondary DNS services for their customers.
If all of that fails, check the link in my profile. I'd be happy to slave a few domains for you. (I own a web hosting provider - no, not just a 1 box reseller gig either.)
posted by drstein at 10:29 AM on June 6, 2006
If there's one service you want to make redundant, make DNS. Having a secondary MX is nice, but is mostly useless thanks to spammers. Modern MTAs will attempt to redeliver the mail when your server comes up but if they cannot resolve your domain *at all* then you will wind up with mail getting returned. And it'll keep happening until your DNS server comes back up AND the TTLs expire, causing s fresh lookup to happen.
It matters a LOT if your domain name fails to resolve.
And.. being a techie that knows what he's doing, have you considered asking an ISP to simply host a slave zone for you? got a friend on a T1 somewhere that does DNS? How about your colocation facility? Most of the ones I have ever dealt with will offer secondary DNS services for their customers.
If all of that fails, check the link in my profile. I'd be happy to slave a few domains for you. (I own a web hosting provider - no, not just a 1 box reseller gig either.)
posted by drstein at 10:29 AM on June 6, 2006
I second zoneedit. Great and free (for a limited number of domains). Just set them to slave.
posted by dmd at 10:37 AM on June 6, 2006
posted by dmd at 10:37 AM on June 6, 2006
While the marked answer is, in fact, a way of coping with the problem you face, it's not what I would consider the Right Thing To Do.
"If you've only got one server, having redundant DNS is truly pointless."
Except that having a single DNS server on the same network as the zone it serves, without a secondary, is counter to BCP as described in RFC2182 (and probably in other RFCs as well). The DNS is a descriptive service; it's not intended to (nor should it) be tied to the reachability of hosts within the zone described. When you participate in the DNS, you're participating in a system larger than your one little box.
"But if your server's down, it doesn't really matter if people can resolve your server name."
Why is that? Perhaps the client needs only to resolve a host, it doesn't need to contact it. Making assumptions about the behavior of hosts not under your control is, in my strong opinion, a very poor method of designing your network.
posted by majick at 10:57 AM on June 6, 2006
"If you've only got one server, having redundant DNS is truly pointless."
Except that having a single DNS server on the same network as the zone it serves, without a secondary, is counter to BCP as described in RFC2182 (and probably in other RFCs as well). The DNS is a descriptive service; it's not intended to (nor should it) be tied to the reachability of hosts within the zone described. When you participate in the DNS, you're participating in a system larger than your one little box.
"But if your server's down, it doesn't really matter if people can resolve your server name."
Why is that? Perhaps the client needs only to resolve a host, it doesn't need to contact it. Making assumptions about the behavior of hosts not under your control is, in my strong opinion, a very poor method of designing your network.
posted by majick at 10:57 AM on June 6, 2006
I use DNSMadeEasy. They're brilliant, easy, and super-reliable.
posted by evariste at 12:02 PM on June 6, 2006
posted by evariste at 12:02 PM on June 6, 2006
And if your server's down, it matters VERY MUCH whether your DNS can resolve. What if your host goes titsup?
I've been able to move from bad host to better host with zero downtime (not 24-48 hours that we're trained to expect for DNS propagation times) because DNS Made Easy has such great DNS propagation times. I just notch down my TTL to a few seconds a little while before the switch, get my stuff over to the new server, switch IPs in DNSME, and everyone is getting the new IP address pretty quickly.
posted by evariste at 12:05 PM on June 6, 2006
I've been able to move from bad host to better host with zero downtime (not 24-48 hours that we're trained to expect for DNS propagation times) because DNS Made Easy has such great DNS propagation times. I just notch down my TTL to a few seconds a little while before the switch, get my stuff over to the new server, switch IPs in DNSME, and everyone is getting the new IP address pretty quickly.
posted by evariste at 12:05 PM on June 6, 2006
This thread is closed to new comments.
posted by delmoi at 8:30 AM on June 6, 2006