
Your DNS Provider Should Not Be Your Registrar (2014) - hernantz
http://www.petekeen.net/your-dns-provider-should-not-be-your-registrar
======
sashk
I don't mind hosting my DNS at registrar, since they provide the service, but
I do want to have secondary DNS servers/provider somewhere else: dns.he.net
(free), or paid service elsewhere. But, unfortunately, none of the registrars
I tried allow you to have secondary DNS server, ie allow dns AXFR for the zone
file. (godaddy, hover, gandi, namecheap and 1and1 -- note, I tried them over
the time and asked all of them for AXFR to have secondary zone elsewhere --
all of them declined. Latest and current is Hover).

After long time researching, I've decided to use $2/month plan on cloudns.net
for primary DNS, and secondary at dns.he.net.

------
robalfonso
Most domains can have up to 13 name servers assigned at the registry, most
domain registrars will let you setup 6 or more (mine does 6). Ideally you'd
have your registrars and another source hosting your dns and keep them synced
up.

Unless you have a weird edge case most of the time its set it up once and
forget it. This way even if you registrar has problems you have another dns
that is still up. Do a dig on some popular domains (like google,cnn,etc) and
you'll see they have multiple dns entries by different providers.

If your website is important enough to keep up in case your registrar is not,
then you need it hosted by multiple providers including your registrar (its
usually free, why not right).

------
manigandham
Sounds like the author doesn't know how any of this DNS stuff actually works.

The registrar ultimately controls which nameservers are used to lookup your
domain. If someone has access to your registrar account then they can change
this so it doesn't matter if you have separate services.

Also if your registrar is accessible but your DNS provider is down, you can
switch to a different DNS provider at any time, it's not something to
"prepare" for like this article says.

~~~
zrail
Author here. At the time the problem was that DNSimple stopped resolving DNS
for customers AND their management interface for a long period of time (iirc
it was like 12 hours), which was affecting people who had registered domains
through DNSimple and used their DNS service. This affected a disproportionate
number of my friends and several clients.

You can't change your nameservers if your registrar's management interface
isn't resolving.

~~~
manigandham
These are separate issues:

1) DNS resolution stops working - use a different provider. 2) Registrar
interface stops working - wait till it starts working.

You were trying to solve problem 1 which required problem 2 to be solved
first, but there's no way around that. This means that everyone has the same
dependency issue with their registrar being a single point of failure. Hosting
your actual DNS elsewhere doesn't change anything or prepare for this
situation any better.

~~~
zrail
The problems were happening _at the same time_. It's impossible to solve 1 if
2 is happening simultaneously.

Using a registrar that is on separate infrastructure from your DNS host solves
both problems.

~~~
manigandham
It doesn't matter if the DNS service is up or down - the point is that you
cannot change your domain's DNS service without access to your registrar's
console.

So effectively, the registrar being up is the only thing that matters and
there's nothing you can do about it.

You're betting on the fact that by using 2 services, they won't be down at the
same time which might add some reliability, although most registrars aren't
hosting their console sites on the same network as their DNS servers anyway so
the odds of it happening are about the same. You were just caught in a bad
situation.

~~~
zrail
> It doesn't matter if the DNS service is up or down - the point is that you
> cannot change your domain's DNS service without access to your registrar's
> console.

True!

> most registrars aren't hosting their console sites on the same network as
> their DNS servers.

As a customer you have no ability to judge this. DNSimple was either hosting
them on the same infrastructure or the DDoS was targeting both. I can't speak
to what they do now, since this article is almost two years old.

By using one service for both components you're betting on the fact that
they're doing the right things behind the scenes. IMO that is not a safe bet.
For zero added monetary cost and effectively zero added management cost you
can double your ability to weather that specific type of storm.

------
zrail
FYI, this references the DNSimple outage event on December 1st 2014. The point
stands, but the "current" references aren't so current anymore.

------
combatentropy
Google is my DNS provider and registrar. I think I'm okay.

