Tech: VPS - own nameserver or Cloudflare?

[Paul&John]

Hi!

So far I've used CF free, didn't bothered setting up a nameserver. According to this it shouldn't be super hard. So what are the cons and pros of having your own nameserver? Actually I can't really think of any pros, just cons:

- time to set it up + extra room for major fuckups
- revealing your servers IP (unless you have an MX record set to your server at CF?)
- CF's DNS should be faster + more reliable?

Thanks.

[Ferus]

Dont - in case your infrastructure is down - including your SOA - you are fucked.
Use amazon, namecheap or something that have MFA validation and a secure setup(with DNSSEC), and focus on building your sites instead

[Paul&John]

Definitely not the answer I was expecting but I'm glad to hear this. Thanks.

[sandman!]

Unless your expecting to get a ddos attack there is no reason not to run your own dns.

This is assuming you are not using dns for geo load balancing and other shit.

Assuming your running a single server/vm with some sites on it no reason not to run your own people ran their own dns for years before cloud flare existed.

[Ferus]

Quote:

Originally Posted by sandman!

Unless your expecting to get a ddos attack there is no reason not to run your own dns.

This is assuming you are not using dns for geo load balancing and other shit.

Assuming your running a single server/vm with some sites on it no reason not to run your own people ran their own dns for years before cloud flare existed.

Not trying to be an ass, but this is your own service - If you (as a hosting provider) cant keep your DNS in check, why should anyone else risk it?

[sandman!]

my dns works fine, ns3 is not active its a new name sever i plan on deploying.

Quote:

Originally Posted by Ferus

Not trying to be an ass, but this is your own service - If you (as a hosting provider) cant keep your DNS in check, why should anyone else risk it?

[Ferus]

Quote:

Originally Posted by sandman!

my dns works fine, ns3 is not active its a new name sever i plan on deploying.

NS3 first seen 2019-07-20

You have both the primary and secondary DNS in the same subnet at the same location, and nobody running a business should run a risk like that, when its so easy to mitigate.

Secondary servers must be placed at both topologically and
geographically dispersed locations on the Internet, to minimise the
likelihood of a single failure disabling all of them.

That is, secondary servers should be at geographically distant
locations, so it is unlikely that events like power loss, etc, will
disrupt all of them simultaneously. They should also be connected to
the net via quite diverse paths. This means that the failure of any
one link, or of routing within some segment of the network (such as a
service provider) will not make all of the servers unreachable.
[RFC 2182]

The faulty serial number means you are at risk in case of a zone transfer


This is exactly why I recommend people never spend time running their own public DNS

[sandman!]

Go use cloud flare if you want , I have never had a dns failure in 20+ years I will keep doing what I’m doing. You go do what you want to do.

Quote:

Originally Posted by Ferus

NS3 first seen 2019-07-20

You have both the primary and secondary DNS in the same subnet at the same location, and nobody running a business should run a risk like that, when its so easy to mitigate.

Secondary servers must be placed at both topologically and
geographically dispersed locations on the Internet, to minimise the
likelihood of a single failure disabling all of them.

That is, secondary servers should be at geographically distant
locations, so it is unlikely that events like power loss, etc, will
disrupt all of them simultaneously. They should also be connected to
the net via quite diverse paths. This means that the failure of any
one link, or of routing within some segment of the network (such as a
service provider) will not make all of the servers unreachable.
[RFC 2182]

The faulty serial number means you are at risk in case of a zone transfer


This is exactly why I recommend people never spend time running their own public DNS

[Ferus]

Quote:

Originally Posted by sandman!

Go use cloud flare if you want , I have never had a dns failure in 20+ years I will keep doing what I’m doing. You go do what you want to do.

You are absolutely free to do as you want

It's just important that people listening to you understand, today's requirements to run a secure setup, are immensely different than it was 20 years ago.
Its not just stuff I make up to fit my argument - its industry standards (RFC's) mentioned you should consider applying for a more secure infrastructure.
"I havent had a problem in 20 years" is not a valid business argument

Even your own IaaS provider (WebNX) have a proper setup for it.

[wankawonk]

Quote:

Originally Posted by sandman!

Unless your expecting to get a ddos attack there is no reason not to run your own dns.

This is assuming you are not using dns for geo load balancing and other shit.

Assuming your running a single server/vm with some sites on it no reason not to run your own people ran their own dns for years before cloud flare existed.

the reason not to run your own DNS is that its dirt fucking cheap to pay someone else to do it for you and their business is to be reliable at it. keeping a website up 24/7 is hard enough already -- anything you can reliably outsource should be outsourced.

[redwhiteandblue]

You don't even have to pay for DNS -

https://freedns.afraid.org/