Should we host our own nameservers?

domain-name-system dns-hosting

This is a Canonical Question about whether to outsource DNS resolution for ones own domains

I currently have my ISP providing DNS for my domain, but they impose limitations on adding records. Therefore, I am thinking about running my own DNS.

Do you prefer to host your own DNS, or is it better to have your ISP do this?

Are there alternatives which I can look into?


Solution 1:

I wouldn't run my own DNS server - in my case, the hosting company that hosts my website provides free DNS service. There are also alternatives, companies that do nothing but DNS hosting (DNS Made Easy comes to mind, but there are many others) which are the kind of thing you should probably look into.

The reason I wouldn't do it myself is that DNS is supposed to be fairly reliable, and unless you have a geographically distributed network of servers of your own, you'd be putting all your eggs in one basket, so to speak. Also, there are plenty of dedicated DNS servers out there, enough that you wouldn't need to start up a new one.

Solution 2:

We always host our own DNS (preferrable reverse DNS also). This allows us to make emergency changes without relying on a third party. If you have more than one location, it is easy to setup an accetpable level of redundacy for your DNS servers.

If you don't have multiple sites, then I would consider someone that specifically does DNS hosting (NOT your ISP) with a web interface for changes. Also look for 24x7 support and decent SLAs.

Solution 3:

For a good, reliable DNS setup for your domain(s), you should have ...

  • A minimum of two authorative DNS servers for your domain;
  • The DNS servers should be connected to different physical networks and power supplies;
  • The DNS servers should be in different geographical areas.

Since it is unlikely you have access to the above network infrastructure, you're better off choosing a reputable DNS hosting provider (as others have recommended) which has the above network infrastructure.

Solution 4:

For many years I ran my own DNS servers using BIND (versions 8 & 9) without any major hassle. I stored my configurations within version control with post-commit checks which would validate the zone files and then had my DNS servers checkout the zone files at regular intervals. The problem was always ensuring the SOA serial number was updated with each commit that got pushed out otherwise caching servers would not update.

Years later I worked with djbdns as the format was ideal for having automated scripts to manage the zones and did not suffer from the same SOA serial number issue I had to deal with using BIND. It did however have it's own issues with having to format certain resource record sets to get them to be accepted.

As I found much of my traffic was DNS and having to maintain both a primary and secondary DNS server to please the registrars I have since moved to using EasyDNS for my DNS needs. Their web interface is easy to manage and gives me the flexibility I need to manage my RR sets. I also found it to be easy to work with than those provided by some hosting providers like 1 & 1 that limit the available RR sets you can enter, or even domain registrars like Network Solutions which only works if you use Windows to manage your DNS.

Related

ZFS SAS/SATA controller recommendations
Tips for Securing a LAMP Server
What is Active Directory Domain Services and how does it work?
Disk full, du tells different. How to further investigate?
Why not use a WAMP stack?
Prevent mail being marked as spam
Multiple SSL domains on the same IP address and same port?
How to use DNS/Hostnames or Other ways to resolve to a specific IP:Port
Why can't a CNAME record be used at the apex (aka root) of a domain?
Why is Linux reporting "free" memory strangely?
What is a glue record?
Loopback to forwarded Public IP address from local network - Hairpin NAT