Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Alternatives to Cloudflare for DNS hosting?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Alternatives to Cloudflare for DNS hosting?

umiumi Member
edited July 2020 in Outages

Which domain registrars' control panels and dns hosting services were not affected by Cloudflare downtime?
First thing I tried during outage is to move dns hosting from CF to Vultr where I had backup dns records for my domains but Vultr was also down so I didn't even bother to check porkbun's control panel availability.

«1

Comments

  • tetechtetech Member

    Basically anyone who doesn't resell. Major players like DNSME/Constellix, NS1, Route53, HE, Oracle, ...

    Thanked by 1umi
  • JasonMJasonM Member

    try Godaddy dns, its quite stable.

  • umiumi Member
    edited July 2020

    Can anyone confirm that https://dns.he.net/ and domains hosted there were working during the CF's outage? https://downdetector.com/status/he/ tells us it was ok.

  • The correct thing to do is use more than one provider, so use one CF nameserver and another provider's. That way your site still resolves if one goes down.

    If it's very important you're up all the time, have a short TTL so you can quickly remove the non-functioning nameserver.

    Thanked by 5umi Aidan Pwner bdl alwyzon
  • rm_rm_ IPv6 Advocate, Veteran

    Just get two DDoS-protected VPSes from different providers and run your own. nsd is easy to set up.

  • cloudns.net ?

    Thanked by 1AlwaysSkint
  • tetechtetech Member

    @umi said:
    Can anyone confirm that https://dns.he.net/ and domains hosted there were working during the CF's outage? https://downdetector.com/status/he/ tells us it was ok.

    HE was up. I use it.

    Thanked by 1umi
  • umiumi Member

    @rm_ said:
    Just get two DDoS-protected VPSes from different providers and run your own. nsd is easy to set up.

    Yes, I agree that if you want something to be done right it's better to do it yourself!
    I can setup powerdns on my vpses, even anycasted ones, but how to integrate my nameservers with other provider's nameservers which I use normally because of better PoPs and latency?

  • tetechtetech Member

    @ricardo said: The correct thing to do is use more than one provider, so use one CF nameserver and another provider's. That way your site still resolves if one goes down.

    Yes. And preferably neither of them is CF :)

  • tetechtetech Member

    @rm_ said:
    Just get two DDoS-protected VPSes from different providers and run your own. nsd is easy to set up.

    I do that with 4 servers where latency isn't a big deal. But if you want good lookup times worldwide, then anycast DNS is preferable.

  • I use always HE

  • tetechtetech Member

    @umi said:

    @rm_ said:
    Just get two DDoS-protected VPSes from different providers and run your own. nsd is easy to set up.

    Yes, I agree that if you want something to be done right it's better to do it yourself!
    I can setup powerdns on my vpses, even anycasted ones, but how to integrate my nameservers with other provider's nameservers which I use normally because of better PoPs and latency?

    Decent providers will act as secondary servers and pull the records via AXFR.

    Thanked by 1AlwaysSkint
  • umiumi Member

    Does HE has an API to change records from scripts?

  • rm_rm_ IPv6 Advocate, Veteran

    because of better PoPs and latency?

    Just start simple and you'll be surprised how well the modern Internet actually works, that you might not need a dozen of PoPs or anycast to provide a decently working service.

    if you want good lookup times worldwide

    Could be important if your site earns you money via selling products with worldwide delivery, but most for people it's not like that, and typically a couple well-picked locations will do the job just fine for the majority of visitors.

    Thanked by 2quicksilver03 pbx
  • umiumi Member
    edited July 2020

    Yes, I have BuyVM's anycasted VPSes in LasVegas,NewYork and Luxembourg and latencies are quite nice in US and Europe, but when my LasVegas node went down, the whole US West coast was routed into black hole until the support rebooted the vps. So I'll need more nameservers to make the setup more reliable. And then I added one more unicast nameserver located in US West coast the latencies from Europe went south then they were selected that nameserver. So I'll need a second independent ring of anycasted vpses to handle that.

  • NeoonNeoon Community Contributor, Veteran

    As @rm_ said, get at least 2 POP's, one should at least have AntiDDoS.
    The point you miss is the TTL, the client looks up your domain once, for 1 hour or longer it keeps the entry.

    So if the response takes 20ms or 120ms does not really matter.
    Plus, put it on different networks so CF won't happen to you.

  • tetechtetech Member

    @rm_ said:

    because of better PoPs and latency?

    Just start simple and you'll be surprised how well the modern Internet actually works, that you might not need a dozen of PoPs or anycast to provide a decently working service.

    if you want good lookup times worldwide

    Could be important if your site earns you money via selling products with worldwide delivery, but most for people it's not like that, and typically a couple well-picked locations will do the job just fine for the majority of visitors.

    Depends on the circumstances. For many, you're probably right. Some of my sites are getting decent amounts of traffic from places like Australia. Doing a transpac lookup adds around 250 msec. Even if page load dependencies are optimized it is easy to end up with 2-3 blocking lookups and suddenly the page load is over 1 sec, mostly due to DNS. Adding a NS in Australia is not the answer, because clients pick a random one, so there's as much chance of someone in North America using the Australian NS.

    Therefore, for frontends I am not using my own NS.

    Thanked by 1umi
  • tetechtetech Member

    @umi said:
    Does HE has an API to change records from scripts?

    No. Only dynamic DNS.

  • SplitIceSplitIce Member, Host Rep

    If your a customer of ours we resell Rage4 and include a couple free zones with every service.

    They have been acceptably stable over the years.

    Thanked by 1umi
  • umiumi Member

    @tetech said:

    @umi said:
    Does HE has an API to change records from scripts?

    No. Only dynamic DNS.

    Dynamic DNS might actually work.
    I made a test setup with HE and marked www.mydomain.com as dynamic.
    So I can use curl to set www.mydomain.com any ip address I need automatically via script.
    The minimul TTL is 300 seconds. Which is ok for my needs. That means up to 300 seconds downtime if I need to switch my backends which is still better than 30 minutes with Cloudflare.

  • tetechtetech Member

    @umi said:

    @tetech said:

    @umi said:
    Does HE has an API to change records from scripts?

    No. Only dynamic DNS.

    Dynamic DNS might actually work.
    I made a test setup with HE and marked www.mydomain.com as dynamic.
    So I can use curl to set www.mydomain.com any ip address I need automatically via script.
    The minimul TTL is 300 seconds. Which is ok for my needs. That means up to 300 seconds downtime if I need to switch my backends which is still better than 30 minutes with Cloudflare.

    Yep. That might be enough. Better solution is to run your own primary NS and use HE as secondary via AXFR. Like ricardo said, better to have two different providers in case HE goes down, and AXFR would update both automatically without you needing to 'curl' each one. For example, also use NS1 free tier. BuddyNS good as a failover (you can pick NS locations but not anycast on free tier).

    Thanked by 2umi AlwaysSkint
  • pbxpbx Member
    edited July 2020

    @umi said: Vultr was also down

    This is strange as they appear to host DNS servers on their own network. Did you investigate a bit to see if this was related to the outage at CF?

    That being said while it's great to look for CF alternatives rather than putting all your eggs in the same basket, incidents at CF are taken care of quickly. They monitor their shit and act accordingly: not sure smaller players are necessarily better (as far as uptime is concerned, privacy and centralisation are different issues)

    Thanked by 1vimalware
  • umiumi Member
    edited July 2020

    @pbx said:

    @umi said: Vultr was also down

    This is strange as they appear to host DNS servers on their own network. Did you investigate a bit to see if this was related to the outage at CF?

    That being said while it's great to look for CF alternatives rather than putting all your eggs in the same basket, incidents at CF are taken care of quickly. They monitor their shit and act accordingly: not sure smaller players are necessarily better (as far as uptime is concerned, privacy and centralisation are different issues)

    The link https://my.vultr.com/dns/ was inaccessible during the CF outage and went up as soon as outage was over. Looks like they have CF somewhere in frontend or both of my providers have using CF dns resolvers which is highly not likely. Anyone with vultr control panel down during CF outage? In addition I think that 30min mess up for the company like CF is a quite serious signal to avoid them.

  • umiumi Member
    edited July 2020

    @tetech said:

    @umi said:

    @tetech said:

    @umi said:
    Does HE has an API to change records from scripts?

    No. Only dynamic DNS.

    Dynamic DNS might actually work.
    I made a test setup with HE and marked www.mydomain.com as dynamic.
    So I can use curl to set www.mydomain.com any ip address I need automatically via script.
    The minimul TTL is 300 seconds. Which is ok for my needs. That means up to 300 seconds downtime if I need to switch my backends which is still better than 30 minutes with Cloudflare.

    Yep. That might be enough. Better solution is to run your own primary NS and use HE as secondary via AXFR. Like ricardo said, better to have two different providers in case HE goes down, and AXFR would update both automatically without you needing to 'curl' each one. For example, also use NS1 free tier. BuddyNS good as a failover (you can pick NS locations but not anycast on free tier).

    Yes, next step I'll try to setup this: https://blog.zswap.net/dns-slave-setup-with-hurricane-electric-free-dns/
    I like the idea of shadow master dns setup.

  • I use a combination of my own cross-Atlantic/Pacific nameservers, with either ClouDNS or BuddyDNS secondaries. Has been pretty reliable, touch wood.

    Thanked by 1umi
  • tetechtetech Member

    @umi said:

    @tetech said:

    @umi said:

    @tetech said:

    @umi said:
    Does HE has an API to change records from scripts?

    No. Only dynamic DNS.

    Dynamic DNS might actually work.
    I made a test setup with HE and marked www.mydomain.com as dynamic.
    So I can use curl to set www.mydomain.com any ip address I need automatically via script.
    The minimul TTL is 300 seconds. Which is ok for my needs. That means up to 300 seconds downtime if I need to switch my backends which is still better than 30 minutes with Cloudflare.

    Yep. That might be enough. Better solution is to run your own primary NS and use HE as secondary via AXFR. Like ricardo said, better to have two different providers in case HE goes down, and AXFR would update both automatically without you needing to 'curl' each one. For example, also use NS1 free tier. BuddyNS good as a failover (you can pick NS locations but not anycast on free tier).

    Yes, next step I'll try to setup this: https://blog.zswap.net/dns-slave-setup-with-hurricane-electric-free-dns/
    I like the idea of shadow master dns setup.

    Sounds like a good plan. Remember to block access to your primary NS to IPs other than HE (216.218.133.2). Good to do this in both firewall and in the DNS software (in bind, allow-transfer { 216.218.133.2; };).

    Thanked by 1umi
  • umiumi Member

    The HE.net have 5 anycasted nameservers on 2 different networks and response time is pretty decent unless if you are in Australia.

  • tetechtetech Member

    @umi said:
    The HE.net have 5 anycasted nameservers on 2 different networks and response time is pretty decent unless if you are in Australia.

    Yeah, Australian queries to HE get routed to Tokyo (around 100 msec).

  • I honestly doubt my ability to get better network uptime for my DNS by self-hosting, compared to CF.

    It's fine as a learning exercise. Be sure to budget time to fighting some fires.

    Thanked by 1pbx
  • umiumi Member
    edited July 2020

    if I'd gone the HE route instead of CF from the begining then yesterday would be as smooth as usual. But instead the bunch of people went nervous for half an hour. So far the plan is to use HE with AXFR zone transfer from mine leading dns server and maybe I'll add 1 anycasted BuyVM's ip to this setup later.

    Thanked by 1pbx
Sign In or Register to comment.