New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Do you have any specific questions?
Hey fxf, thanks for the comment
Since my original post, I went ahead with this little project and set up PowerDNS on two small VPS with MySQL replication of the backend pdns database. I then signed up a trial account with DNSMadeEasy and am using their nameservers for secondary anycast DNS.
This arrangement seems to be working very well so far with my test domains - it's neat being able to turn on DNSSEC for a domain from the command line, add SSHFP records, enable TLSA/DANE for my websites, etc, etc. and see the DNS records propagating in near real-time to all the slave nameservers :-]
What would be great though is to get some advice re the following:
how to properly secure/harden my PowerDNS instances (currently pretty much PowerDNS default config with recursion disabled)
recommendations for secondary DNS provider (must support DNSSEC, SSHFP, TLSA, etc) not sure if I'll stay with DNS Made Easy
how to properly secure backend db replication (currently using iptables to restrict access to MySQL port)
any/all comments, advice much appreciated!