Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Alternatives to Cloudflare for DNS hosting? - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Alternatives to Cloudflare for DNS hosting?

2»

Comments

  • umiumi Member
    edited July 2020

    AXFR transfer to HE.net works ok. After changes to zone is made and SOA serial is increased the command "pdns_control notify domain.com" sends udp NOTIFY packets to all slaves dns servers and shorly after that the AXFR transfer is complete. This way I can change any zone records including CNAMEs. But if you need to change A record only (for load balancing/failover) then dynamic dns approach is better as you can use https while updating your dynamic ip. Next question how secure is AXFR zone transfers? Of course tcp access on port 53 is restricted to allowed ips both in pdns and in firewall. I see mention of TSIG in AXFR setup dialogue.

  • rm_rm_ IPv6 Advocate, Veteran
    edited July 2020

    Well, HE.net is not the ultimate solution either. I actually migrated off HE and decided to run my own DNS back then, because of a multiple-hour outage that they had. OK, that was in 2013. Maybe they have improved by now. But still, it sucked to feel that all my sites are down and I cannot do anything, not even yell and complain at them much, since it is just a free service.

  • umiumi Member
    edited July 2020

    Ok. I have 2 NS records of HE.net and 2 NS records of my dns servers. In case HE.net is not capable/want to answer requests still there are my servers. Is this setup still be able to answer requests (although a bit slower due to timeouts/next ns server retries) till this situation is detected and unresponsive nameservers are removed from domain registrar's control panel.

    Let's set SOA TTL to 300 seconds and check nameservers every 300 seconds with test requests. Maybe not all at once, just 1 in round-robin fashion every 300seconds. I'm interested to see the behavior of 2 unresponsive nameservers to 2 still working. The problem I guess in unresponsiveness of a nameserver. if it returns error then resolver immediately should jump to next one. But if it is black holed then there will be timeouts and the request might take too long...

    Does anyone seen the domain registrar with the ability to edit nameservers with a script/API?

  • tetechtetech Member

    @umi said:
    Ok. I have 2 NS records of HE.net and 2 NS records of my dns servers. In case HE.net is not capable/want to answer requests still there are my servers. Is this setup still be able to answer requests (although a bit slower due to timeouts/next ns server retries) till this situation is detected and unresponsive nameservers are removed from domain registrar's control panel.

    Let's set SOA TTL to 300 seconds and check nameservers every 300 seconds with test requests. Maybe not all at once, just 1 in round-robin fashion every 300seconds. I'm interested to see the behavior of 2 unresponsive nameservers to 2 still working. The problem I guess in unresponsiveness of a nameserver. if it returns error then resolver immediately should jump to next one. But if it is black holed then there will be timeouts and the request might take too long...

    Does anyone seen the domain registrar with the ability to edit nameservers with a script/API?

    This setup is fine. Most resolvers have a short timeout and move to the next NS (or some hit all definitive NS in parallel and take the first valid reply). This is why you're required to supply two NS records.

    FWIW, I'm using a combination of NS1, HE, Softlayer, Oracle, LunaNode and my own NS for years. Each of these have different pro/con making them better/worse for particular cases, e.g. some have a free tier, some are not anycast, some allow shorter TTL, etc. Most of them run as secondary so I only do updates on my own master and don't have to juggle many services.

    Thanked by 2pbx umi
  • umiumi Member
    edited July 2020

    After some experimenting I have interesting results: Same setup: 2NS of HE.net 2NS of mine own. I have blackholed my nameservers with iptables so they did not respond with any answer, not good or bad record, no nothing. To imitate the complete outage like we have with CF yesterday. And with 50% chances, when the resolver got "unresponsive" nameserver then the total dns resolving timeout was around 4 seconds. Both for chrome and firefox. wget and dig showed up timeout with 2seconds with Cloudflare resolver, 3-4 seconds with Google and Quad9 resolvers. The key component here is unresponsiveness of a nameserver. If it is able to say anything, even SERVFAIL then it would not affect the responce time that much. Just one more rtt to anycasted server. That's the way the cookie crumbles... That was using webpagetest and gtmetrix. In real life with real browsers I don't see the huge delay. iphone's safari is snappy. firefox,firefox nightly and chrome show page "as usual" without 4 seconds waiting time for sure. https://tools.keycdn.com/performance test shows that resolvers are learning to ignore "bad" nameservers pretty fast. This may well be SRTT feature in action. https://www.uptrends.com/tools/cdn-performance-check shows that initially lots of requests took up to 3,4 some even to 8 seconds. Then with second and third run they almost all are within milliseconds range.

    Thanked by 2bdl vimalware
  • DylanDylan Member

    @pbx said: That being said while it's great to look for CF alternatives rather than putting all your eggs in the same basket, incidents at CF are taken care of quickly. They monitor their shit and act accordingly: not sure smaller players are necessarily better (as far as uptime is concerned, privacy and centralisation are different issues)

    Yeah, I think it's important to remember that every vendor has outages, and CF's overall uptime is still excellent. You just don't hear about it when the small companies go down because half the internet doesn't notice. That said, if you really want the best, go with Akamai -- I don't think they've had a major DNS outage in at least 5 years -- but know you're gonna pay a hefty premium.

  • DazzleDazzle Member
    edited July 2020

    Damn.. didnt read

  • LeviLevi Member

    Imperva.

  • @SplitIce said:
    If your a customer of ours we resell Rage4 and include a couple free zones with every service.

    They have been acceptably stable over the years.

    Is it possible to access the rage4 API (say, for DDNS) through your service?

  • SplitIceSplitIce Member, Host Rep

    @sgheghele we can create subaccounts for anyone who needs more than our panel provides.

Sign In or Register to comment.