RECOMMENDATIONS DNS Hosting advice

[LesD]

Sorry for what is really only indirectly related to PIAF but I need some urgent knowledgeable advice.

All my domains and those of some of my clients are currently hosted by Pay-as-you-host which was swallowed up by Plusnet. They have today advised that the service is closing down without offering any alternatives.

I do not host any web sites - I only use their excellent Plesk (Parallels) based DNS control panel - and need to find something similar to host the domains and make DNS zone changes simply and quickly.

Can anyone put forward suitable suppliers, preferably using Plesk. In particular I need to be able to set set short TTL times for some domains, and I understand that not all hosting companies allow that.

 

[LesD]

I forgot to mention that many are .UK domains.

 

[billsimon]

Not Plesk, but good and cheap: Amazon Route53 (http://aws.amazon.com/route53/).

Also highly recommended is DNS service from Hurricane Electric: http://dns.he.net

 

[atsak]

You could just buy 2 or 3 cheap VPS servers and run your own if you want; PowerDNS has a super easy to use front end and replication isn't too hard to setup; then you have a pretty redundant solution and it's all yours with any TTL you like. It probably isn't the cheapest way, but it might not be very much more for a pretty flexible option.

 

[LesD]

Not Plesk, but good and cheap: Amazon Route53 (http://aws.amazon.com/route53/).

Also highly recommended is DNS service from Hurricane Electric: http://dns.he.net

How would these work?

I would host my domain with whoever I chose and point it to their name servers?

Amazon is $6/year. Hurricane Electric is free. Can one rely on such a service?

 

[LesD]

You could just buy 2 or 3 cheap VPS servers and run your own if you want; PowerDNS has a super easy to use front end and replication isn't too hard to setup; then you have a pretty redundant solution and it's all yours with any TTL you like. It probably isn't the cheapest way, but it might not be very much more for a pretty flexible option.

Never thought of doing this myself - sort of sounds scary.

On the other hand, I do have available quite large servers on two continents so backup should not be an issue.

I can't find any reference to prerequisites in the documentation. Will it run on a Windows Server? I have MySQL installed. Anything else it needs?

Edit: Found the relevant section in the manual, which says: "Starting with version 3.0, Windows is no longer supported."

Unfortunately my Linux skills (gleaned from here) are really not up to doing this in Linux.

 

[billsimon]

How would these work?

I would host my domain with whoever I chose and point it to their name servers?

Amazon is $6/year. Hurricane Electric is free. Can one rely on such a service?

Yes, that's exactly how it works. When you register a domain, it asks which authoritative nameservers you want to use, and you enter the names given by Route53 or HE.net. Then you set up your DNS records on your chosen service to point to whatever you want. That is, Route53 does not require you to point your DNS records to Amazon's resources. It's just DNS.

Both are extremely reliable. Amazon's service is the DNS for its massive Amazon Web Services empire. Hurricane is also no slouch; they've been around a long time. HE is the one I have used for my own purposes for several years, hosting several named zones and a few IPv6 (ip6.arpa) subnet zones.

DNS is distributed and both of these companies provide you with several nameservers that will host your zones. Reliability and availability are unlikely to be of concern.

Now, if you follow atsak's advice and build your own, you are basically reinventing the wheel and have to set up muliple DNS servers in geographically separate locations to get the same. It will cost you fifty times as much as Route53 and you will have servers to maintain.

 

[LesD]

While the idea of my own DNS server has certain attractions, I have discounted it as it does not run on Windows.

I have so far looked at HE and it seems easy to set up so it looks like a candidate, but compared to Plesk it has a major failing - no facility for 'alias' domains.

With Plesk you can set up a single domain and then add others as an alias to the first and it will automatically create identical zones for the aliases.

With HE my 12 or so 'home' domains will need to be set up individually and all changes manually synchronised. With about 30 DNS records per zone it is quite a bit of work.

The fact that it is free is some compensation.

I will check out Route53 next. With aliases, I have about 26 domains so that will cost $13/month. I will check what extra we will get for that.

 

[billsimon]

Yes, that's too bad. Also it appears neither service has support for the relatively unknown 'DNAME' record, which is for aliasing entire zones.

Route53 does give you the option of performing an import, though. I haven't tried it, but I assume it either takes a raw zone file or does a standard AXFR zone transfer from your current nameserver.

 

[atsak]

Ha, oh well. I am a Windows admin also and had no trouble following the complete step by step how to's for powerdns I only know some Linux from PBIAF.

I used this article https://www.digitalocean.com/community/articles/how-to-install-powerdns-on-centos-6-3-x64

Centos 6.4 doesn't work properly I found . . .

Now the admin console for PowerDNS allows you to setup templates to use so would meet the "alias" requirement you note.

Obviously you should do what you're comfortable, and you do need to choose what's cheapest. I always like running my own stuff - I am fully in control all the time that way and not subject to anyone else's DoS problems (other than my own).

 

[VaHam]

I have been using DNSEXIT for some time now and found them to be excellent.

 

[LesD]

I have been using DNSEXIT for some time now and found them to be excellent.

I have had a look at DNSEXIT and it is similar to HE. It has one advantage in that it appears to allow TTL to be set at any value down to 1 min while HE lowest is 5 min and then at various other fixed values.

I will try both on a couple of my dormant domains and see how they go.

Could billsimon and VaHam confirm that any changes (like an IP change to a sub domain) is applied immediately (subject to TTL) to HE and DNSEXIT.

 

[LesD]

Ha, oh well. I am a Windows admin also and had no trouble following the complete step by step how to's for powerdns I only know some Linux from PBIAF.

I used this article https://www.digitalocean.com/community/articles/how-to-install-powerdns-on-centos-6-3-x64

Running PIAF and my own mail server (hMailserver) I do have a certain attraction to 'rolling my own'.

I will try and find time to set up PowerDNS in a VM and see how that goes.

 

[billsimon]

Yes, HE's solution is immediate. I have put in entries and then immediately looked them up locally. (Of course, don't try to look up a record before you enter it, or else you'll cache the NXRR for a while.) Route53 also.

 

[atsak]

Running PIAF and my own mail server (hMailserver) I do have a certain attraction to 'rolling my own'.

I will try and find time to set up PowerDNS in a VM and see how that goes.

Just don't use Centos 6.4 on hyper v for powerdns - doesn't work. 6.3 does swimmingly.

 

[billsimon]

If you end up setting up your own, understand that you really do need multiple servers. Failure of a lone DNS server will bring down your whole business.

You can go a hybrid route and run your own DNS on a single server and then establish slaves. This would be a good use of HE.net. When logged in, click on the "Add a slave" link on the left to see how it works.

 

[VaHam]

I have had a look at DNSEXIT and it is similar to HE. It has one advantage in that it appears to allow TTL to be set at any value down to 1 min while HE lowest is 5 min and then at various other fixed values.

I will try both on a couple of my dormant domains and see how they go.

Could billsimon and VaHam confirm that any changes (like an IP change to a sub domain) is applied immediately (subject to TTL) to HE and DNSEXIT.

Yes changes are applied almost immediately after you click change.

 

[LesD]

I have set up one domain on HE and changed the name servers to point to the HE servers. While waiting for that to percolate through I have installed CentOs 6.3 32 bit in a Virtualbox VM

Just a warning to others who may follow: despite setting up a fixed IP when installing CentOS, I could not connect to it from Putty. Turned out that the network config file for eth0 was set to boot="no". Changing it to yes and restarting fixed that.

I then started the PowerDNS install and got stuck at the 4th line: "mysql-server httpd"

First there is a space missing but after fixing that I get

[root@powerdns ~]# mysql -server httpd
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)

 

[billsimon]

this is a single line:

yum -y install php php-mcrypt php-pdo php-mysql pdns pdns-backend-mysql mysql-server httpd

(from https://www.digitalocean.com/community/articles/how-to-install-powerdns-on-centos-6-3-x64)

 

[LesD]

Thank you billsimon.

Moved on to the step to Edit /etc/pdns/pdns.conf

One of the lines to add is 'launch=gmysql'

The file already has an entry 'lauch=bind'

Do I leave or remove that line?

For the moment I have left it.

Next we go to: Step 5 - Create PowerAdmin Account

It says to go to 'http://10.27.27.40/install/' where 10.27.27.40 is the IP of the VM.

The IP is correct as I can connect there with putty and log in. ifconfig shows 'inet addr:10.27.27.40'.

However, entering 'http://10.27.27.40/install/' in Chrome I just get 'This web page is not available'.

httpd (pid 4271) is running...


Is this maybe a Firewall issue?

[root@powerdns inc]# service --status-all
abrtd (pid  1328) is running...
abrt-dump-oops (pid 1336) is running...
acpid (pid  1140) is running...
atd (pid  1355) is running...
auditd (pid  953) is running...
automount (pid  1208) is running...
certmonger (pid  1367) is running...
Stopped
cgred is stopped
cpuspeed is stopped
crond (pid  1344) is running...
cupsd (pid  1115) is running...
hald (pid  1149) is running...
htcacheclean is stopped
httpd (pid  4271) is running...
Table: filter
Chain INPUT (policy ACCEPT)
num  target    prot opt source              destination
1    ACCEPT    all      ::/0                ::/0                state RELATED,ESTABLISHED
2    ACCEPT    icmpv6    ::/0                ::/0
3    ACCEPT    all      ::/0                ::/0
4    ACCEPT    tcp      ::/0                ::/0                state NEW tcp dpt:22
5    REJECT    all      ::/0                ::/0                reject-with icmp6-adm-prohibited
 
Chain FORWARD (policy ACCEPT)
 
num  target    prot opt source              destination
1    REJECT    all      ::/0                ::/0                reject-with icmp6-adm-prohibited
 
Chain OUTPUT (policy ACCEPT)
 
num  target    prot opt source              destination
 
Table: filter
 
Chain INPUT (policy ACCEPT)
 
num  target    prot opt source              destination
1    ACCEPT    all  --  0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
2    ACCEPT    icmp --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT    all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT    tcp  --  0.0.0.0/0            0.0.0.0/0          state NEW tcp dpt:22
5    REJECT    all  --  0.0.0.0/0            0.0.0.0/0          reject-with icmp-host-prohibited
 
Chain FORWARD (policy ACCEPT)
 
num  target    prot opt source              destination
1    REJECT    all  --  0.0.0.0/0            0.0.0.0/0          reject-with icmp-host-prohibited
 
Chain OUTPUT (policy ACCEPT)
 
num  target    prot opt source              destination
 
irqbalance is stopped
Kdump is not operational
lvmetad is stopped
mdmonitor is stopped
messagebus (pid  1103) is running...
mysqld (pid  3613) is running...
netconsole module not loaded
Configured devices:
lo eth0
Currently active devices:
lo eth0
rpc.svcgssd is stopped
rpc.mountd is stopped
nfsd is stopped
rpc.rquotad is stopped
rpc.statd (pid  1039) is running...
ntpd is stopped
numad is stopped
oddjobd is stopped
4339: Child died with code 1
portreserve is stopped
master (pid  1304) is running...
postmaster is stopped
Process accounting is disabled.
quota_nld is stopped
rdisc is stopped
restorecond is stopped
rngd is stopped
rpcbind (pid  1021) is running...
rpc.gssd is stopped
rpc.idmapd (pid 1071) is running...
rpc.svcgssd is stopped
rsyslogd (pid  978) is running...
sandbox is stopped
saslauthd is stopped
smartd is stopped
openssh-daemon (pid  1228) is running...
sssd is stopped
ypbind is stopped