I plan to move an external DNS server to a hosted VPS in the near future. I would appreciate advice on VPS specs for this purpose, or an other helpful feedback from others who have done this before. I’ve used a lot of low end boxes to host web services, and would like to do that with this project as well but don’t want to under spec it. It will be used regularly by around 300 users.
I wouldn’t bother with the VPS if you could use a managed service like Route 53 in AWS.
Thanks for the suggestion. Honestly one thing I don’t like about AWS and a lot of the major cloud vendors these days is the pricing structure isn’t very easy for me to wrap my head around and I’m never confident what I will be charged. I do have some services on AWS and so far I haven’t had any surprises but I do always have that concern. I will give Route 53 another look though.
Running it in a dedicated VM is usually the more expensive option, particularly with something simple like DNS.
Are you using Route 53 for DNS? If so, would you mind sharing your monthly cost for that? Thanks again.
Is this being hosted in a VM that would be on-premises or cloud hosted? Is this going to be Windows-based or Linux/BSD based? It generally does not take a whole lot of computational horsepower to handle a lot of DNS requests. If you’re doing to handle DNS using Linux and don’t need dynamic update capability, you would be just fine using something like Unbound or NSD. I’d recommend maybe 2G of RAM and minimum 2 cores allocated. Now Windows will be much different. You’ll need more horsepower than that.
All great questions! It will be a Debian Linux hosted VPS. Thanks for the input!
Okay, then I think you will be good with around 2GB and 2 cores. I cannot speak highly enough for using Unbound or NSD. As of about two or three years ago, an authoritative DNS capability was added to Unbound and I cannot speak highly enough of it. I’ve used Unbound in production reliably for that long. After moving my domains to Cloudflare though, I found DNS resolution to be speedier simply because the DNS servers sit on an isolated segment instead of mixing traffic so I went that way. But I would go back to using Unbound in a heartbeat if Cloudflare decided to do something stupid. Which is always a distinct possibility because, well, it’s Cloudflare.
Thanks for the detailed response! I will definitely check out unbound. Sounds perfect. And 2 cores and 2 GB RAM is exactly what I was hoping would be enough, so I can keep costs down.
How heavy is the DNS used for changes (records added/removed)? Do you have DNSSEC active? Does the DNS server also act as a caching DNS (given that you mention it as an external DNS, I suppose not)? These things can influence the specs of the server.
I would imagine that, for common use cases, low specs are fine, but as this is an external facing DNS server you probably cannot be certain that more interaction won’t happen. If too lightweight, a lightweight DDoS might be sufficient to bring it down, which majorly impacts your service. So I wouldn’t go below 2core, 4Gb.
But personally, I don’t recommend hosting your own DNS. DNS is a brittle service the moment you want to do more than just exposing a single zone, and the complete DNS architecture shouldn’t rest on a single service. There are dedicated DNS service providers out there that work very well, and can be programmatically configured (API).
