0

This is a followup question to my previous post Multiple free dns services redundant as name servers of a website?

I would like to setup DNS services as primary/secondary, master/slave and would like to know which is the better of the two options that my Domain Registrar provides.

OPTION 1
Use the domain registrar`s free DNS servers 1 and 2 (must use as primary and secondary) as the following:

PRIMARY ns1.domainregistrarfreeservice.com
SECONDARY ns2.domainregistrarfreeservice.com
NS ns1.everydns.com
NS ns2.everydns.com
CNAME entries...
MX entries…

OPTION 2
Use the domain registrar`s name server as a secondary DNS by providing a Primary server IP address and will use ns2.domainregistrarfreeservice.com as secondary zone transfer (I am not quite sure what this is). The following entry will also be needed in the Primary server

named.conf
------------------------------------------------------------------
zone "example.com" IN {
type master;
file "example.com";
allow-transfer {
some.ip.address.here; ←ns2.domainregistrarfreeservice.com
};
};
------------------------------------------------------------------

I thought I would add and do not believe it matters, but my hosting service is not on any of these DNS hosting services.

Community
  • 1
tokyowp
  • 3
  • 2

1 Answers1

0

Having the DNS servers outside your network is always a good idea, also it's important to keep your DNS structure as simple as possible to avoid human error.

Option 1 is the most desirable for you, check that the DNS provider gives you and what kind of redundancy do they have in their DNS service, lots of DNS providers have anycast DNS servers so the structure is pretty solid.

Option 2 would be desirable for you in case you didn't want to edit your DNS entries through some web interface and wanted to keep tight control of your DNS file in house, I had a customer once who wanted that but the experience was quite bad, not from the DNS provider but for all the problems regarding lag in secondary zone refreshing after the primary is updated.

lynxman
  • 9,397
  • 3
  • 25
  • 28
  • Unfornately, I think I purchased my domain from a registrar that does not provide much redundancy. Their name servers (which manages my domain) are managed by two other names servers that are on the same IP address so it would not really matter if I did option 1 or option 2. If somebody DDOS-ed the two name servers on the same IP address, all of it would fail. – tokyowp Jan 21 '11 at 23:21
  • Oops, that is the suck, nobody in their sane mind would put two nameservers in the same IP address, I recommend you run away as fast as you can ;) – lynxman Jan 22 '11 at 11:00
  • I really do not know what they were thinking. A major player as a domain registrar managing millions of domains and millions of businesses. – tokyowp Jan 23 '11 at 04:12
  • It could easily be that they're running anycast, check the BGP tables for that IP, nonetheless having primary and secondary on the same IP is not smart – lynxman Jan 23 '11 at 15:31