

UberDNS Service where you manage your zone/records with Git - Amfy
http://uberdns.eu/

======
apendleton
Love the idea, but seems a little too fly-by-night for me to want to trust
real production stuff to it. DDoS-ing DNS providers seems to be the rage these
days, and I'd hate to be collateral damage because the weekend project I was
using as a DNS provider couldn't handle it...

And I totally get that this was just for fun... but a variant project that
still used git as the UI, but sat on top of a bigger-player DNS provider's API
(Route 53, maybe?) could probably give you the best of both worlds: a
weekend's worth of hacking, but still using infrastructure people felt like
they could trust.

~~~
Amfy
Thanks for your comment, and yes, of course I understand you.

I would have the infrastructure (an anycasted network with 11 PoPs, etc) - but
as you said, was only a weekend project and I wasn't about using this for the
project. But hm, I could later just rewrite this away from a independend dns
service to some parsing thingy to input zonefiles and use APIs of existing,
reliable providers (most of the popular ones have nice APIs). It's something
to think about, thanks.

~~~
shykes
+1 on making this a frontend to 3d-party DNS providers.

Git-push integration with Dyn, Route53, Zerigo/8x8, Gandi, etc. would be an
awesome feature.

------
bcl
I don't see anything here I couldn't do myself, and in a more secure way. I
don't trust handling of my DNS to random projects.

~~~
Amfy
Hm, but that's not an issue with this specific project, and yes, of course
there is nothing what is impossible to do on yourself - but I never said that
;)

If you would let me know if there is anything what you don't like, then I'm
happy to fix it or whatever :)

~~~
bcl
Well, from what I see on your site security and trust is an issue. You are
asking people to direct their DNS to your servers, that is a lot of
responsibility to take on. Who are you? How do I trust you? How do I know that
someone can't corrupt my zone entries in your system, either on purpose or on
accident. eg. lets say I setup a git repo with zone entries for another
customer you serve, how do you decide which one is authoritative?

I would only consider this useful if you posted your code on github so that
people can run it on their own DNS servers.

------
spindritf
Brilliant in its simplicity.

Could you share the technical details? What DNS server/software are you using?
How do you handle input, errors (broken zones? do you perform sanity checks?),
and reloads?

Do you enforce any limits? Support DNSSEC?

What's the web stack?

~~~
Amfy
I'm glad to answer your questions. As I wrote, this was just a fun project for
like two (maybe three) evenings, you can't expect to much.

Webstack is Nginx + Ruby + Sinatra + MySQL (Datamapper, I know I should switch
to Sequel) and a worker in Node.js on the slave nameserver for writing configs
+ reloading nsd

Servers are two small VPS, one on my own dedicated server in Frankfurt,
Germany, the other in Canada from lfchosting. Nameserver is nsd, because it
looked not to bad.

> How do you handle input, errors (broken zones? do you perform sanity
> checks?), and reloads?

I'm performing some checks, with nsd-checkconf, etc, but I'm sure there is
something I could improve. It gets reloaded everytime someone enters a domain
name or pushes changes to bitbucket/githup and they are posting to the
specific URL.

> Do you enforce any limits? Support DNSSEC?

Nah, there are no limits, currently. DNSSEC: No, also not looking to implement
it with this project, since besides that I'm working on a more serious one,
even with anycast, etc and there is dnssec already possible.

I hope I was able to answer your questions as you expected it, please let me
know if you want anything more detailed or have more questions for me :)

------
gregf
<http://www.luadns.com/> is doing this as well.

