dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1228

hmishra
Premium Member
join:2006-01-04
Flower Mound, TX

hmishra to nitzan

Premium Member

to nitzan

Re: [Future9] F9 down?

So, was it an issue with the balance in your DNSMadeEasy account which caused this outage?

arpawocky
Premium Member
join:2014-04-13
Columbus, OH

4 recommendations

arpawocky to nitzan

Premium Member

to nitzan
said by nitzan:

It's not a pricing issue - DNS is cheap.

Good DNS is cheap (almost free). Bad DNS is horribly expensive.

BIND, PowerDNS, and/or NSD could save you a ton of headache, and a small amount of cash.

You already have the geo redundant network. Why outsource the DNS at all?
Mango
Use DMZ and you get a kick in the dick.
Premium Member
join:2008-12-25
www.toao.net

3 recommendations

Mango

Premium Member

We used to use a third-party DNS service, but eventually switched to running our own DNS servers with BIND. Apparently attackers sometimes DDoS their target's DNS servers instead of the target directly, so that the hosting provider(s) don't know who the target is. The bad news is that the other 1000s of customers would get caught in the crossfire.

That's not what happened today, but I think it is another reason to run your own DNS servers, at least for critical things.
Stewart
join:2005-07-13

1 recommendation

Stewart

Member

said by Mango:

Apparently attackers sometimes DDoS their target's DNS servers instead of the target directly, so that the hosting provider(s) don't know who the target is. The bad news is that the other 1000s of customers would get caught in the crossfire.

Unfortunately, if you run your own DNS servers, unless you take appropriate measures, your network can be brought down by attackers using them to amplify attacks on other sites. »www.us-cert.gov/ncas/ale ··· A13-088A .

And, as with any other publicly accessible service, keeping current with all security updates is a must.

My only personal experience with hosted DNS was with Dyn, and had plenty of hassles with them.

Sorry, I don't know of any easy good solution. Maybe that's why it's called BIND.
nitzan
Premium Member
join:2008-02-27

nitzan to hmishra

Premium Member

to hmishra
said by hmishra:

So, was it an issue with the balance in your DNSMadeEasy account which caused this outage?

Essentially. $20. Instead of notifying us there is a balance due they just disconnected the account.
said by arpawocky:

You already have the geo redundant network. Why outsource the DNS at all?

There are advantages to outsourcing DNS:
1. DNS is up even if your servers are not.
2. They have more servers/more redundancy.
3. They have DNS failover - I'm sure we could do it in house too, but why reinvent the wheel?

Overall we've never had an outage with them until today. In 6 years that's a pretty good track record.

Arne Bolen
User of Anveo Direct, 3CX and Qubes OS.
Premium Member
join:2009-06-21
Utopia

Arne Bolen to nitzan

Premium Member

to nitzan
said by nitzan:

I don't know what the hell is wrong with DNSMadeEasy, but they've made one hell of an error and suspended our account with no warning or reason that I can see. For now it's been fixed, later we'll be evaluating whether to stay with them or move on.

I suggest you consider CloudFlare as your DNS provider.

CloudFlare is a CDN provider and also a DNS provider. Their DNS service is free of charge and is one of the best on the market. You can use only the free DNS service if you wish, no need to use their CDN service.

Their DNS service is well protected against DDoS as it runs on the same CDN network as the rest of CloudFlare services.
nitzan
Premium Member
join:2008-02-27

nitzan

Premium Member

Thanks for the suggestion - does CloudFlare have DNS monitoring and automatic failover though? there isn't much info about DNS on their site and the help section doesn't mention failover/monitoring.

It does look like they had at least two DNS outages this year, and one last year. AFAIK DNSMadeEasy had none since 2010, so not so confident about CF in that respect.

engineercarl
Premium Member
join:2003-02-24
Washington, DC

engineercarl to rsriram22

Premium Member

to rsriram22

My personal up-side

If there is an upside to this DNS exercise, I noticed the down status on my account immediately when I got home. The line key on my new Obi1032 assigned to F9 was glowing yellow; a call attempt told me right then there was no response from the server.

Arne Bolen
User of Anveo Direct, 3CX and Qubes OS.
Premium Member
join:2009-06-21
Utopia

Arne Bolen to nitzan

Premium Member

to nitzan

Re: [Future9] F9 down?

said by nitzan:

Thanks for the suggestion - does CloudFlare have DNS monitoring and automatic failover though?

Your DNS data will reside in all of their 28 data centers around the world, so in order to get your DNS offline all 28 data centers must be down.

The many data centers makes CloudFlare one of the fastest DNS services on the planet.

I suggest you open a free account, without changing NS servers, and play with the DNS settings. If you feel comfortable with CloudFlare you only need to change your NS settings and your new DNS will work.


nitzan
Premium Member
join:2008-02-27

nitzan

Premium Member

Thanks. I'm talking about DNS monitoring/failover for my servers - not theirs. i.e. if incoming.future-nine.com is pointing to a server that's down, the DNS provider will change the IP to resolve to a different server. I guess I'll just open an account and check.

Arne Bolen
User of Anveo Direct, 3CX and Qubes OS.
Premium Member
join:2009-06-21
Utopia

Arne Bolen

Premium Member

said by nitzan:

Thanks. I'm talking about DNS monitoring/failover for my servers - not theirs. i.e. if incoming.future-nine.com is pointing to a server that's down, the DNS provider will change the IP to resolve to a different server.

I doubt CloudFlare can handle that, but I may have overlooked such features.
PX Eliezer1
Premium Member
join:2013-03-10
Zubrowka USA

PX Eliezer1 to Arne Bolen

Premium Member

to Arne Bolen
said by Arne Bolen:

I suggest you consider CloudFlare as your DNS provider.

Doesn't [this] website use them?

Arne Bolen
User of Anveo Direct, 3CX and Qubes OS.
Premium Member
join:2009-06-21
Utopia

Arne Bolen

Premium Member

said by PX Eliezer1:

Doesn't [this] website use them?

DSLR uses CloudFlare for CDN, but not for DNS.