Re: How can I launch a private Internet DNS server?
Am 06.11.20 um 13:25 schrieb Tom J. Marcoen: First of all, sorry that I cannot reply within the thread, I was not yet a member of the mailing list when those emails were sent. On Thu 15/Oct/2020 18:57:16 +0200 Jason Long via bind-users wrote: Excuse me, I just have one server for DNS and that tutorial is about secondary DNS server too. Just skip the chapter about the secondary. You're better off buying secondary DNS services externally. A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. Best Ale Is it not a requirement to have at least two authoritative name servers? I believe all TLDs require at least two name servers but I must be mistaking as no one pointed this out yet. yes, and "You're better off buying secondary DNS services externally" don't say anything else the point is that the two nameservers are required to be located on two different ip-ranges anyways to minimize the risk that both going down at the same time ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can I launch a private Internet DNS server?
On 06-Nov-20 08:50, Reindl Harald wrote: > > > Am 06.11.20 um 13:25 schrieb Tom J. Marcoen: >> First of all, sorry that I cannot reply within the thread, I was not >> yet a member of the mailing list when those emails were sent. >> >>> On Thu 15/Oct/2020 18:57:16 +0200 Jason Long via bind-users wrote: Excuse me, I just have one server for DNS and that tutorial is about secondary DNS server too. >>> >>> Just skip the chapter about the secondary. You're better off buying >>> secondary >>> DNS services externally. A good secondary offloads your server >>> noticeably, and >>> keeps the domain alive in case of temporary failures. >>> >>> Best >>> Ale >> >> Is it not a requirement to have at least two authoritative name >> servers? I believe all TLDs require at least two name servers but I >> must be mistaking as no one pointed this out yet. > > yes, and "You're better off buying secondary DNS services externally" > don't say anything else > > the point is that the two nameservers are required to be located on > two different ip-ranges anyways to minimize the risk that both going > down at the same time > Do a web search for "secondary dns provider" and "backup dns provider". There are a number of them, some paid, some free. Not all are equal - last time I looked, support for DNSSEC was uncommon,, especially among the free ones. IPv6 support has been lagging, but improving. Also, if you use UPDATE, make sure the service that you use supports NOTIFY. Some limit or charge according to the number of queries, zones and/or names - but that doesn't necessarily correlate with price. Also look for minimum TTL restrictions - especially with free services. I use a free service that does support IPv6, DNSSEC & NOTIFY - and runs on BIND. Often the external services provide better geographic diversity than a small operation can - and have better internet connections. If you have the resources, you can also setup an agreement with a similarly-situated organization for mutual secondary service - you slave their zones & they slave yours. This can work well - often at no cost - especially if the resource demands are roughly equal. Other caveats: external services typically won't use hostnames in your domain - or if you want that, will charge you for it. And if you depend on views, external services will only work for external views - you'll need to provide your own secondary servers for internal-only views. Finally, if performance matters and you have a dispersed user base, look for a provider that has a solid infrastructure - ANYCAST is one good clue. You'll almost always have to subscribe to a paid service in these cases, especially with high query rates. RFC2182 (https://tools.ietf.org/html/rfc2182) is fairly readable and describes many of the considerations involved in selecting secondary DNS servers. DNS appears deceptively simple at first blush. Setting up a serviceable infrastructure requires an investment of thought and on-going maintenance. You will not be happy if you skimp on that investment, since broken DNS is externally visible - and frequently catastrophic. Timothe Litt ACM Distinguished Engineer -- This communication may not represent the ACM or my employer's views, if any, on the matters discussed. signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [External] Re: How can I launch a private Internet DNS server?
On 11/7/2020 10:15 AM, Reindl Harald wrote: > > https://tools.ietf.org/html/rfc1537 > Common DNS Data File Configuration Errors > > 6. Missing secondary servers > > > It is required that there be a least 2 nameservers > > for a domain. > > - > > that above is common knowledge virtually forever and the difference of > "must" and "should" in IETF wordings is also very clear While I agree this is common knowledge as a best practice, this rfc is a memo NOT a standard from my reading: This memo provides information for the Internet community. It does not specify an Internet standard. Distribution of this memo is unlimited. Regards, KAM ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can I launch a private Internet DNS server?
> Do a web search for "secondary dns provider" and "backup dns provider" > I just wanted to comment that there is no "requirement" to run a secondary DNS server. It's certainly best practice and should be considered. However, the goal of having two DNS servers is to promote redundancy if DNS fails but other services you need have not. They may or may not be the case here and merits consideration of the question, "what will redundant DNS gain this organization?" $0.02, KAM ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can I launch a private Internet DNS server?
you can't run a sec. srv. from your own. You need some action from ADMIN-C or TECH-C otherwise it will not work at all x RFC SOA refresh 24H In all case a sec. srv. on the same net From: bind-users on behalf of Kevin A. McGrail Sent: Saturday, November 7, 2020 2:03 PM To: bind-users@lists.isc.org Subject: Re: How can I launch a private Internet DNS server? > Do a web search for "secondary dns provider" and "backup dns provider" > I just wanted to comment that there is no "requirement" to run a secondary DNS server. It's certainly best practice and should be considered. However, the goal of having two DNS servers is to promote redundancy if DNS fails but other services you need have not. They may or may not be the case here and merits consideration of the question, "what will redundant DNS gain this organization?" $0.02, KAM ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [External] Re: How can I launch a private Internet DNS server?
On 11/7/2020 9:04 AM, Reindl Harald wrote: > first: there *is* a requirement of a secondary nameserver > https://www.iana.org/help/nameserver-requirements Does that requirement apply to the use-case? Based on the first sentence, "These are the technicals tests we perform for delegation changes in the zones we manage (root zone, .INT, .ARPA).", I would guess it's not applicable. Regards, KAM ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [External] Re: How can I launch a private Internet DNS server?
Having at least two name servers is not a requirement by the RFC standards but which TLD allows for only one NS server to be given when hou register a domain? On Sat, 7 Nov 2020 at 16:53, Kevin A. McGrail wrote: > On 11/7/2020 10:15 AM, Reindl Harald wrote: > > > https://tools.ietf.org/html/rfc1537 > Common DNS Data File Configuration Errors > > 6. Missing secondary servers > > > It is required that there be a least 2 nameservers > > for a domain. > > - > > that above is common knowledge virtually forever and the difference of > "must" and "should" in IETF wordings is also very clear > > While I agree this is common knowledge as a best practice, this rfc is a > memo NOT a standard from my reading: > > This memo provides information for the Internet community. It does >not specify an Internet standard. Distribution of this memo is >unlimited. > > Regards, > KAM > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
