Hello –

I have my DNS with a cloud provider that I want to stop using, and was considering where to move it (a few domains with a handful entries each). At some point I was wondering if I should run it myself. I have two VPS’ in different data centers with fixed IP addresses, and I read up a bit - seems like this is doable. I am not set on what software to use. I would like it to run in a container. Does anybody have any recommendations, positive or negative?

Thanks :)

  • @RegalPotoo
    link
    English
    41 year ago

    It’s super achievable - I’ve run my own DNS for ages, there are a few common pitfalls but overall it’s pretty low maintenance.

    • Personally I use PowerDNS, but you could also use something like BIND. I find PDNS to be a little easier to configure
    • Make sure you are looking at the docs for PowerDNS Authoritative, not PowerDNS recursor
    • You install PDNS Authoritative on bother servers, then designate one as a primary (/master) and the other as a secondary (/slave/replica). You create records on the primary, and configure it to replicate the records to the secondary using AXFR
    • I’d recommend using one of the database backends for PDNS - personally I use Postgresql. Sqlite is simpler to set up, but I’ve had issues where making multiple updates over the API causes errors due to locking
    • DNSSEC is a bit fiddly to set up initially, but doesn’t add much operational overhead once it’s running
    • Take a looks at glue records if your want to host the domain that the nameservers themselves use
    • Once you’ve got things running, consider something like https://ns-global.zone as a backup

    Feel free to ping me if you have questions or need help getting things set up

    • @[email protected]
      link
      fedilink
      English
      11 year ago

      Kudos for mentionning powerDNS, it’s an amazing software :)

      One thing I love with powerDNS is the various backends available, notably the postgreSQL and mariaDB/mysql ones. Only the primary powerdns instance modifies the database records, the secondary instances just read from database (master or replicas). Thus, no real need for AXFR: as soon as you added/modified a record on the primary, the secondary pdns servers will see it in the database.

      The pdnsutil CLI tool is also really convenient, and the powerDNS API is a godsend when you need to automatise stuff for thousands of domains and hundred of thousands of records. There’s also a nice third-party webUI (powerdns-admin, docker image: pdnsadmin/pda-legacy). Bonus, Terraform does have a powerdns provider.

      At work we use dnsdist (from powerDNS too) to load-balance between our powerdns instances (with caching!), and to filter out/rate-limit/temporary ban bad actors (dns laundering, records enumeration and such for example).