Anyone with 123-Reg hosted domains will probably be aware that their DNS died over the weekend. This ought not be possible, given the redundancy, but for about 24hrs nobody with domains hosted with 123-Reg (well nobody who uses their DNS anyway) will have had web/email. That includes me and several of my clients :-(
Therefore I want to set up a DNS server on my own hosted server to act as (probably) a tertiary server (maybe secondary, not sure it matters for the sake of this question).
In an ideal world I'd have a server which was fully (automatically) synced with 123-Reg's servers for all the domains I'm interested in. Given that I don't have any control over 123-Reg's servers I'm not sure how close I can get to that. I've also never set up DNS from scratch before (I've used various hosted DNS options which don't require me to think), but I think this would be a good time to learn more about DNS configuration. Not least because as a tertiary server it won't normally matter if I get it wrong :-)
First question is pretty basic therefore: where do I start?
On Mon, Nov 19, 2007 at 11:48:15AM +0000, Mark Rogers wrote:
configuration. Not least because as a tertiary server it won't normally matter if I get it wrong :-)
Yes, it will matter. With DNS the secondary doesn't mean "if you can't get to the first use this instead" it is just bad terminology as you (generally) have a "master" where all the changes are made and the "slaves" grab this information (usually using AXFR queries) to transfer the changes made to the zones to themselves. With DNS there are a few factors (depending on the dns software involved) that depend on which dns server will get spoken to.
You could run another server for the domain that doesn't pull the zone from the "master" but this could lead to changes getting out of sync and as you can never tell which server the clients are going to speak to this will eventually cause problems. Your other option is to ask 123 if you can setup another server that you control and see if they will let you sync the dns from their machines to it.
Adam
Adam Bower wrote:
On Mon, Nov 19, 2007 at 11:48:15AM +0000, Mark Rogers wrote:
configuration. Not least because as a tertiary server it won't normally matter if I get it wrong :-)
Yes, it will matter. With DNS the secondary doesn't mean "if you can't get to the first use this instead"
I was thinking more about the "I've completely broken it" scenario where it isn't available at all, but I take your point.
it is just bad terminology as you (generally) have a "master" where all the changes are made and the "slaves" grab this information (usually using AXFR queries) to transfer the changes made to the zones to themselves.
As far as I can tell, AXFR isn't an option with 123-reg.
You could run another server for the domain that doesn't pull the zone from the "master" but this could lead to changes getting out of sync and as you can never tell which server the clients are going to speak to this will eventually cause problems.
I have considered running MyDNS and writing a script to periodically (at least once per TTL) pull information from the 123-Reg DNS to keep it up to date. The lack of AXFR means that I will have to know which hosts to request, however, and since as you point out this won;t in reality be just an emergency DNS, but will be used routinely, it does need to cover everything.
I wondered about running a standard DNS caching proxy; hopefully it would get enough hits in normal use to maintain a reasonably up-to-date cache, with any requests it didn't know getting thrown at 123-Reg. I'm not sure whether this one is possible though (in particular I need TTLs to be ignored if the primary DNS is unavailable). This one seems the best bet due to the problem of keeping the server up to date in normal use, if I can make it work at all.
Another option is to move all my DNS somewhere else which does support AXFR, or move it all to my own servers so AXFR isn't an issue. However whilst I don't mind providing a backup I don't really want to take primary responsibility (as mentioned before I don't know enough yet to be doing that).
Your other option is to ask 123 if you can setup another server that you control and see if they will let you sync the dns from their machines to it.
I will ask them but I think I know the answer!
Mark Rogers mark@quarella.co.uk wrote: [...]
I wondered about running a standard DNS caching proxy; hopefully it would get enough hits in normal use to maintain a reasonably up-to-date cache, with any requests it didn't know getting thrown at 123-Reg. I'm not sure whether this one is possible though (in particular I need TTLs to be ignored if the primary DNS is unavailable). [...]
It's possible, but I didn't have particularly good results with this as a failure cover. What seems to happen is that when the distant server fails, the caching proxy can't detect that for a while (because DNS is usually over UDP which is usually stateless, IIRC) and you end up with many caching proxy requests hanging. Depending on how the caching proxy is implemented, that means it is either wasting time and some memory checking for answers that will never come, or wasting processes and lots of memory on children that spend most of their time waiting for an answer that will never come. Also, if the proxy doesn't answer "fast enough" (for some value of "fast enough"), some requestors will resend their request and amplify the problem.
If the caching proxy has a way that you can flip a switch so it will serve everything from cache when the primary DNS goes unavailable, then it might work, but I've not found one that offers that.
As ever, I'd love to learn that there is a good solution out there. For now, I restructured those DNS servers to use a mydns/AXFR secondary after negotiating with the primary nameserver operators.
Another option is to move all my DNS somewhere else which does support AXFR, or move it all to my own servers so AXFR isn't an issue. [...]
Moving things away from 123-reg is a very good idea! I've had trouble with them and I think they were in Martyn Drake's Feckwits category for quite a while (or was that fasthosts? Both pretty bad IMO.)
Hope that helps,
MJ Ray wrote:
It's possible, but I didn't have particularly good results with this as a failure cover. What seems to happen is that when the distant server fails, the caching proxy can't detect that for a while (because DNS is usually over UDP which is usually stateless, IIRC) and you end up with many caching proxy requests hanging.
I'd be interested to know more about this, as presumably DNS over TCP instead of UDP would solve this, but I suspect that the problem might turn out to go deeper (the sort of thing you find out when it's least easy to do something about it...)
If the caching proxy has a way that you can flip a switch so it will serve everything from cache when the primary DNS goes unavailable, then it might work, but I've not found one that offers that.
The DNS proxies I looked at seemed very inflexible, to be honest; presumably they weren't aimed at this "market". That's why I dened up asking here about ways to go.
Moving things away from 123-reg is a very good idea! I've had trouble with them and I think they were in Martyn Drake's Feckwits category for quite a while (or was that fasthosts? Both pretty bad IMO.)
I've generally had good results from 123-Reg for domain registration and DNS, so this one has surprised me. What I have liked about them in the past is that generally I can do everything I need to easily and cheaply (including just letting them register the domain then use them to change the DNS settings to something under my control). I don't have the knowledge or resources to set up and manage multiple DNS away from 123-Reg, although managing one which I only really need to worry about in rare circumstances isn't so bad (if I have to take it down for a couple of days to move it to another server its no big deal unless it coincides with another outage).
Most 3rd party DNS providers I've looked at charge on a per-domain basis which would make migrating all the domains we currently manage a big expense for little paypack; a lot of our customers like to have a few dozen domains all pointing to the same place and with pretty much just "www" in the DNS (often not even MX records).
Maybe I'll look at a couple of cheap hosting companies in different locations and use them just for this on the basis that losing them all together is pretty unlikely!
On 19/11/2007, Mark Rogers mark@quarella.co.uk wrote:
I've generally had good results from 123-Reg for domain registration and DNS, so this one has surprised me.
Hasn't surprised me. Pipex/Webfusion have been reliably unreliable for a good number of months. Had enormous problems with 123-reg taking THREE months to answer a query over applying credits to a domain registration. Webfusion's VPS offerings and sales department are about as much good as a dog turd on toast.
What I have liked about them in the past is that generally I can do everything I need to easily and cheaply (including just letting them register the domain then use them to change the DNS settings to something under my control). I don't have the knowledge or resources to set up and manage multiple DNS away from 123-Reg, although managing one which I only really need to worry about in rare circumstances isn't so bad (if I have to take it down for a couple of days to move it to another server its no big deal unless it coincides with another outage).
I used to use a service called DNS Made Easy which for £18 per year allowed me to host up to 50 domains on four redundant, globally hosted, DNS servers. It also provided vanity nameservers, zone templates and everything else you could want. However, they began to get cocky during the renewal process and I've given them up.
I now just use Names.co.uk's nameservers (on the same network, so if that bites the dust I'm buggered) until I can either find somewhere with a clue and a decent range of features (there was one UK company whose web interface didn't work with anything other than Internet Explorer and the support guys hadn't a fecking clue that was the case).
Oh. I did rather like Gradwell.com's 20-domain DNS service too, but a bit pricey at 10 quid per month and the support wasn't as good as I was expecting.
Most 3rd party DNS providers I've looked at charge on a per-domain basis which would make migrating all the domains we currently manage a big expense for little paypack; a lot of our customers like to have a few dozen domains all pointing to the same place and with pretty much just "www" in the DNS (often not even MX records).
In theory it doesn't take too much resources to run a DNS server - primary or secondary. I'm contemplating doing it with VPSes (from reliable hosting providers - not some fly-by-night operation that simply leases managed VPSes like so many do).
The reason for me doing this? Much of the reasons above, but also I am a big(ish) supporter of Google Apps, and I spend a fair amount of time helping people trying to resolve their DNS issues with getting their domain to work with the bloody thing. By offering a redundant managed DNS service for them, it'll take away some of the hassles.
Regards,
Martyn
Martyn Drake wrote:
In theory it doesn't take too much resources to run a DNS server - primary or secondary. I'm contemplating doing it with VPSes (from reliable hosting providers - not some fly-by-night operation that simply leases managed VPSes like so many do).
I've just looked at a couple of the US-based free DNS providers who do offer AFXR; in theory using a few such providers ought to be pretty resilient; I don;t like the idea of using servers outside the UK though. So best bet might be to manage my own DNS then use some of the free ones (which seem to provide better service than some of the commercial offerings) to provide backup; throwing donations at the free hosts seems better value than paying for some of the tied-down alternatives. I'd still prefer UK based though for latency issues - is this something that's likely to be an issue?
The reason for me doing this? [...] By offering a redundant managed DNS service for them, it'll take away some of the hassles.
There is some comfort from knowing I'm not the only one in this boat :-)
On 19 Nov 2007, at 3:38 pm, Martyn Drake wrote:
Oh. I did rather like Gradwell.com's 20-domain DNS service too, but a bit pricey at 10 quid per month and the support wasn't as good as I was expecting.
We have Gradwell VOIP stuff at work (not my choice, I hasten to add) and I'm subscribed to their status updates email and not a day goes by that they don't have some serious problem or other. In the last week they've had their VPS server's overheat, voip gateways crash, etc. Today they had this problem:
""" We are currently aware of problems accessing gradwell domain websites. """
Which basically was resolved a couple of hours later by them rebooting their webserver.
Anyway, what I'm trying to say is that I wouldn't trust them with my DNS and I wouldn't recommend anyone else does.
Thanks,
David
David Reynolds wrote:
Anyway, what I'm trying to say is that I wouldn't trust them with my DNS and I wouldn't recommend anyone else does.
Just goes to show that recommendations come and go; I've heard similar things of Gradwell recently but it's not that long ago that everyone seemed to sing their praises. They're not a company I have experience of to know hoe they've changed.
To be fair to Gradwell, at least they're honest by the sound of it. My current battles all involve suppliers who don't tell you when there's something wrong, but that isn't because nothing is wrong.
-
Adam Bower -
David Reynolds -
Mark Rogers -
Martyn Drake -
MJ Ray