Do you guys setup your own nameserver boxes in the DC you colocate or rent from?

Or do ytou use the DC's set of nameservers.

We have found our DC's nameserver boxen to not be realiable at all so we have been using other provider's nameservers for a long time. Well that worked until last night the other provider decided to blocked access on their nameserver boxen from us using it since we are no longer a customer of their's.

So what do you guys use?

Thanks!

Rob

Current nameservers (both of them, different sets) are set up on the boxes themselves, which at ;east gives you control (with the obvious tradeoffs). Before that, I used Tera-byte's name servers (which I really liked, as they have a very nice setup and nice software to control everything).

Why did you change from using tera-bytes?

Hmmm, well... I colo'd a RaQ there at first, then errrrm... (was a few years ago) ... I leased a RaQ3 and a RaQ4, but wanted to try something else and I think David MacLaren let me check out one of his Plesk servers and I eventually got used to that and moved the sites of the Cobalts to Plesk. From what I can recall (too much partying in college), it was just to consolidate things onto the Plesk machine, nothing wrong at Tera-Byte (they were great!)

My server does primary DNS and EveryDNS does secondary. EveryDNS has been great, the only thing that bums me out is that they use djbdns, which is not fully standards compliant, so I can't play with some of the advanced DNS protocols :(.

Allan, you have a seperate server for DNS? Doesn't that run slower at times because it doesn't cache many websites. I need to use my provider's DNS servers because they would be faster because more servers query the nameservers so the nameservers would cache more DNS info. Am I correct here?

hi allan,

in what ways is djbdns not standards compliant? i read a similar argument awhile back but the explanation was that it was possible, just not intuitively built in (ie, it other record types could easily be added, however, "quick and easy" support for them was not added)

anyhow, not being a DNS specialist, djbdns took awhile getting used to, but i believe i prefer it to the mess that can be bind :)

Originally posted by soapsud:
in what ways is djbdns not standards compliant? i read a similar argument awhile back but the explanation was that it was possible, just not intuitively built in (ie, it other record types could easily be added, however, "quick and easy" support for them was not added)


I am not a djbdns expert, so if I am wrong here I apologize, but there are at least two areas that are important to me:

1. It doesn't support TCP requests, it only uses UDP, which means it will have trouble AXFR'ing large zone files (of course djbdns doen't use AXFR by default to transfer zone information, that support has to be added in).

2. djbdns does not support the NOTIFY command. In cases where I make a mistake with my zone file, using NOTIFY to initiate a zone transfer makes life a lot easier when I don't control the secondary name server.

i'm no DNS expert period :) but i was under the impression that UDP was preferable anyhow (as in, if the zone file was large enough to require a TCP connection it was not well constructed - or at least that is so according to the djbdns propaganda :) )

here's some info on setting up a djbdns TCP service if you're interested:

http://cr.yp.to/djbdns/tcp.html

i think the thing that most had me woried was the concept that the services (ie, TCP, UDP, and caching) could be separated (or should be)

now that i use djbdns (although i still play around with BIND at work) i find it's a lot more intuitive, and easier to manage (ie, zone transfer, etc.. don't need to wait for notify, they get automatically updated, which seems a lot better?)

i like that the cache and the nameservers themselves are forcibly separated, allows for better security, and less arbitrary exploit by unwanted leechers :)

Originally posted by soapsud:

i'm no DNS expert period :) but i was under the impression that UDP was preferable anyhow (as in, if the zone file was large enough to require a TCP connection it was not well constructed - or at least that is so according to the djbdns propaganda :) )


That may be true when you are talking about recursive DNS (though AOL would ceretainly argue with that statement -- you can't do a UDP query for AOL's MX records because they have a great deal of mail redundancy for obvious reasons).

However, in a master slave relationship, which is what I am talking about, that is most definitely not the case. Even medium size corporations can have relatively large zone files, certainly larger than 512. Of course djbdns gets around it by using a proprietary method of zone transfer (rsync), but in a mixed environment rsync is not an option, and a mixed DNS environment is much better from a security perspective.

Originally posted by soapsud:
i like that the cache and the nameservers themselves are forcibly separated, allows for better security, and less arbitrary exploit by unwanted leechers :)

I agree that his design makes sense, but keep in mind that placing:


recursion no;


In your named.conf file has the same effect, and doesn't require two daemons ;).

I have been spending a lot of time with djbdns as part of the book I am writing and I think the program really does have a lot of good points. That being said, I wouldn't use it in a large scale production environment for the same reason I won't use most Microsoft products: If you are going to develop software intended to run a critical service it should be as RFC-compliant as possible.

Like Microsoft, I think Dan picks and chooses the standards he wants to support, and I don't feel administrators should have to worry about what standards are supported and what aren't.

Not everyone feels that way, and I certainly wouldn't expect everyone to, but to me standards compliance is of utmost importance.

Originally posted by Roberto:

Allan, you have a seperate server for DNS? Doesn't that run slower at times because it doesn't cache many websites. I need to use my provider's DNS servers because they would be faster because more servers query the nameservers so the nameservers would cache more DNS info. Am I correct here?

?????? :)

Originally posted by Roberto:

Allan, you have a seperate server for DNS? Doesn't that run slower at times because it doesn't cache many websites. I need to use my provider's DNS servers because they would be faster because more servers query the nameservers so the nameservers would cache more DNS info. Am I correct here?

I don't fully understand what you are asking, so forgive me if I answer the wrong question. I actually do not have a separate DNS server, but I would eventually like one (my wife would kill me if I tried to sneak in a second VDS ;)). However, the answer to your question is just because you run authoritative DNS on a separate server that does not mean you cannot still run caching DNS on your current server.

The second part of your question is what I don't understand. Can you clarify?

I think that your own DNS servers is the best option. It allows you lot of customizations (if you know to manage bind).

We have 6 DNS servers placed throughout our colocation space at the Data Center and then 3 external servers (1 east coast, 1 west coast and 1 midwest)

I think that your own DNS servers is the best option. It allows you lot of customizations (if you know to manage bind).

I agree with you ..its alway good to have private name server.