Hosted DNS questions



  • New to this board...first question, so here we go:

    Looking at using a hosted DNS service for my domains. Looking mostly at Cloudflare (but open to suggestions).

    Questions:

    1. Seems that most of these major hosted DNS providers do not provide Automatic Zone Transfer to setup secondary nameservers at another provider. Do any of the major hosts provide this, or, are all of you that are using a service such as Cloudflare, simply using them and them alone for your nameserver needs?

    2. Seems hit or miss on the providers that provide DNSSEC capability. I'd like to use it, but are the majority of you using it? If not, why not? Also have read that setting up slave zones with a lot of these hosts don't work if using DNSSEC, or am I interpreting that wrong.

    Thanks for any input.



  • @wscsuperfan said in Hosted DNS questions:

    Looking at using a hosted DNS service for my domains. Looking mostly at Cloudflare (but open to suggestions).

    Cloudflare is the only thing I use for DNS on my domains, and on every customer domain I have control over.

    @wscsuperfan said in Hosted DNS questions:

    Seems that most of these major hosted DNS providers do not provide Automatic Zone Transfer to setup secondary nameservers at another provider.

    What is the need for this? Do you have a need for this level of redundancy?

    @wscsuperfan said in Hosted DNS questions:

    Seems hit or miss on the providers that provide DNSSEC capability.

    Cloudflare supports is.



  • @JaredBusch said in Hosted DNS questions:

    @wscsuperfan said in Hosted DNS questions:

    Looking at using a hosted DNS service for my domains. Looking mostly at Cloudflare (but open to suggestions).

    Cloudflare is the only thing I use for DNS on my domains, and on every customer domain I have control over.

    @wscsuperfan said in Hosted DNS questions:

    Seems that most of these major hosted DNS providers do not provide Automatic Zone Transfer to setup secondary nameservers at another provider.

    What is the need for this? Do you have a need for this level of redundancy?

    @wscsuperfan said in Hosted DNS questions:

    Seems hit or miss on the providers that provide DNSSEC capability.

    Cloudflare supports is.

    The only reason I would look for a secondary provider is in the event Cloudflare has an outage. It would then be nice to have a secondary provider.

    I do notice that Cloudflare supports DNSSEC, and am leaning towards them. Do you use DNSSEC on your domains?



  • @wscsuperfan said in Hosted DNS questions:

    @JaredBusch said in Hosted DNS questions:

    @wscsuperfan said in Hosted DNS questions:

    Looking at using a hosted DNS service for my domains. Looking mostly at Cloudflare (but open to suggestions).

    Cloudflare is the only thing I use for DNS on my domains, and on every customer domain I have control over.

    @wscsuperfan said in Hosted DNS questions:

    Seems that most of these major hosted DNS providers do not provide Automatic Zone Transfer to setup secondary nameservers at another provider.

    What is the need for this? Do you have a need for this level of redundancy?

    @wscsuperfan said in Hosted DNS questions:

    Seems hit or miss on the providers that provide DNSSEC capability.

    Cloudflare supports is.

    The only reason I would look for a secondary provider is in the event Cloudflare has an outage. It would then be nice to have a secondary provider.

    DNS is already designed to mitigate this. It's what the TTL setting is all about. If you are really concerned that Cloudflare could have an outage, then set a long TTL, and all the other DNS servers will keep that IP address available for a long time even without Cloudflare up.

    I do notice that Cloudflare supports DNSSEC, and am leaning towards them. Do you use DNSSEC on your domains?

    I use DNSSEC. Mostly because I also use Cloudflare for my domains and DNS, so it's on by default. It doesn't really do much, but when it takes zero effort on my part, why not?



  • @wscsuperfan said in Hosted DNS questions:

    Looking mostly at Cloudflare (but open to suggestions)

    That's who we use. Hard to imagine wanting to use anyone else.



  • @wscsuperfan said in Hosted DNS questions:

    Seems that most of these major hosted DNS providers do not provide Automatic Zone Transfer to setup secondary nameservers at another provider. Do any of the major hosts provide this, or, are all of you that are using a service such as Cloudflare, simply using them and them alone for your nameserver needs?

    We don't use this nor do any of our customers. This is very "giant enterprise" and essentially, if CloudFlare is down, how much does DNS matter?



  • @wscsuperfan said in Hosted DNS questions:

    The only reason I would look for a secondary provider is in the event Cloudflare has an outage. It would then be nice to have a secondary provider.

    It's a nice theory, but if CloudFlare is down, typically so is half the Internet. I've never seen a CF outage where a secondary DNS provider would matter. CF is already highly redundant.



  • @scottalanmiller said in Hosted DNS questions:

    @wscsuperfan said in Hosted DNS questions:

    The only reason I would look for a secondary provider is in the event Cloudflare has an outage. It would then be nice to have a secondary provider.

    It's a nice theory, but if CloudFlare is down, typically so is half the Internet. I've never seen a CF outage where a secondary DNS provider would matter. CF is already highly redundant.

    Thanks for all the comments Scott.

    DNSSEC......use it or no?



  • @travisdh1 said in Hosted DNS questions:

    @wscsuperfan said in Hosted DNS questions:

    @JaredBusch said in Hosted DNS questions:

    @wscsuperfan said in Hosted DNS questions:

    Looking at using a hosted DNS service for my domains. Looking mostly at Cloudflare (but open to suggestions).

    Cloudflare is the only thing I use for DNS on my domains, and on every customer domain I have control over.

    @wscsuperfan said in Hosted DNS questions:

    Seems that most of these major hosted DNS providers do not provide Automatic Zone Transfer to setup secondary nameservers at another provider.

    What is the need for this? Do you have a need for this level of redundancy?

    @wscsuperfan said in Hosted DNS questions:

    Seems hit or miss on the providers that provide DNSSEC capability.

    Cloudflare supports is.

    The only reason I would look for a secondary provider is in the event Cloudflare has an outage. It would then be nice to have a secondary provider.

    DNS is already designed to mitigate this. It's what the TTL setting is all about. If you are really concerned that Cloudflare could have an outage, then set a long TTL, and all the other DNS servers will keep that IP address available for a long time even without Cloudflare up.

    I do notice that Cloudflare supports DNSSEC, and am leaning towards them. Do you use DNSSEC on your domains?

    I use DNSSEC. Mostly because I also use Cloudflare for my domains and DNS, so it's on by default. It doesn't really do much, but when it takes zero effort on my part, why not?

    Thanks for the reply.

    Looks like I'll use Cloudflare and enable DNSSEC as well.

    I had looked into Hurricane Electric and DNSMadeEasy, but Cloudflare seems to have a bit higher adoption and a broader feature set.



  • @wscsuperfan said in Hosted DNS questions:

    DNSSEC......use it or no?

    If available? Yes, good feature. If not, not a big deal at this point.



  • @wscsuperfan said in Hosted DNS questions:

    I had looked into Hurricane Electric and DNSMadeEasy, but Cloudflare seems to have a bit higher adoption and a broader feature set.

    Didn't level of player in the game.

    CloudFlare is the absolutely biggest dog in the game, the number one enterprise DNS/CDN player. The others aren't small, but the gap between top dog and small time players there is pretty big. CloudFlare is in competition with Amazon, not those guys.



  • @scottalanmiller said in Hosted DNS questions:

    @wscsuperfan said in Hosted DNS questions:

    I had looked into Hurricane Electric and DNSMadeEasy, but Cloudflare seems to have a bit higher adoption and a broader feature set.

    Didn't level of player in the game.

    CloudFlare is the absolutely biggest dog in the game, the number one enterprise DNS/CDN player. The others aren't small, but the gap between top dog and small time players there is pretty big. CloudFlare is in competition with Amazon, not those guys.

    Out of curiosity, where does Google Cloud DNS fit in?



  • @wscsuperfan said in Hosted DNS questions:

    @scottalanmiller said in Hosted DNS questions:

    @wscsuperfan said in Hosted DNS questions:

    I had looked into Hurricane Electric and DNSMadeEasy, but Cloudflare seems to have a bit higher adoption and a broader feature set.

    Didn't level of player in the game.

    CloudFlare is the absolutely biggest dog in the game, the number one enterprise DNS/CDN player. The others aren't small, but the gap between top dog and small time players there is pretty big. CloudFlare is in competition with Amazon, not those guys.

    Out of curiosity, where does Google Cloud DNS fit in?

    I personally don't trust Google with any business function, not that they are a bad company, but they randomly dump products that they claim to be the hottest new thing so quickly and often that I don't even let them enter my mind as a company to do business with. I'm sure their cloud products are fast and reasonably priced, but they famously lack business support and it's just not a vendor I'd want to waste my time with as I'm only confident that any product that they offer will suddenly vanish. I was stuck once using G Suite and it was a train wreck of support and killed off features.

    I'm sure it's good. But that's why I have no knowledge of it. Google doesn't have what it takes to play in the Amazon space, IMHO. They have to be worlds better than Azure, but that's not a ringing endorsement. They fall into that space of "probably pretty decent, but not quite good enough for me to care."

    Pretty much, I know of no reason that I'd look beyond CloudFlare and Amazon. They offer the enterprise free option, and the high end paid options. They offer the best in class services. There's really no one else to seriously consider unless there is some unique feature that you can get elsewhere that they don't have.



  • @scottalanmiller said in Hosted DNS questions:

    @wscsuperfan said in Hosted DNS questions:

    @scottalanmiller said in Hosted DNS questions:

    @wscsuperfan said in Hosted DNS questions:

    I had looked into Hurricane Electric and DNSMadeEasy, but Cloudflare seems to have a bit higher adoption and a broader feature set.

    Didn't level of player in the game.

    CloudFlare is the absolutely biggest dog in the game, the number one enterprise DNS/CDN player. The others aren't small, but the gap between top dog and small time players there is pretty big. CloudFlare is in competition with Amazon, not those guys.

    Out of curiosity, where does Google Cloud DNS fit in?

    I personally don't trust Google with any business function, not that they are a bad company, but they randomly dump products that they claim to be the hottest new thing so quickly and often that I don't even let them enter my mind as a company to do business with. I'm sure their cloud products are fast and reasonably priced, but they famously lack business support and it's just not a vendor I'd want to waste my time with as I'm only confident that any product that they offer will suddenly vanish. I was stuck once using G Suite and it was a train wreck of support and killed off features.

    I'm sure it's good. But that's why I have no knowledge of it. Google doesn't have what it takes to play in the Amazon space, IMHO. They have to be worlds better than Azure, but that's not a ringing endorsement. They fall into that space of "probably pretty decent, but not quite good enough for me to care."

    Pretty much, I know of no reason that I'd look beyond CloudFlare and Amazon. They offer the enterprise free option, and the high end paid options. They offer the best in class services. There's really no one else to seriously consider unless there is some unique feature that you can get elsewhere that they don't have.

    Thx for the insight



  • @wscsuperfan said in Hosted DNS questions:

    @scottalanmiller said in Hosted DNS questions:

    @wscsuperfan said in Hosted DNS questions:

    @scottalanmiller said in Hosted DNS questions:

    @wscsuperfan said in Hosted DNS questions:

    I had looked into Hurricane Electric and DNSMadeEasy, but Cloudflare seems to have a bit higher adoption and a broader feature set.

    Didn't level of player in the game.

    CloudFlare is the absolutely biggest dog in the game, the number one enterprise DNS/CDN player. The others aren't small, but the gap between top dog and small time players there is pretty big. CloudFlare is in competition with Amazon, not those guys.

    Out of curiosity, where does Google Cloud DNS fit in?

    I personally don't trust Google with any business function, not that they are a bad company, but they randomly dump products that they claim to be the hottest new thing so quickly and often that I don't even let them enter my mind as a company to do business with. I'm sure their cloud products are fast and reasonably priced, but they famously lack business support and it's just not a vendor I'd want to waste my time with as I'm only confident that any product that they offer will suddenly vanish. I was stuck once using G Suite and it was a train wreck of support and killed off features.

    I'm sure it's good. But that's why I have no knowledge of it. Google doesn't have what it takes to play in the Amazon space, IMHO. They have to be worlds better than Azure, but that's not a ringing endorsement. They fall into that space of "probably pretty decent, but not quite good enough for me to care."

    Pretty much, I know of no reason that I'd look beyond CloudFlare and Amazon. They offer the enterprise free option, and the high end paid options. They offer the best in class services. There's really no one else to seriously consider unless there is some unique feature that you can get elsewhere that they don't have.

    Thx for the insight

    I'm sure Google is fine 🙂 It's hard to state why I avoid them without it sounding dramatic. It's not. It's minor. But given that CloudFlare is free, I just never find a time not to use them. They are so good.



  • cloudns.net is good too



  • Just set registrar to use Cloudflare.

    Thanks everyone



  • @wscsuperfan said in Hosted DNS questions:

    Just set registrar to use Cloudflare.

    Thanks everyone

    It's free, if nothing else, try it first 🙂



  • I assume everyone is using the "proxy" feature of Cloudflare?

    When using it, and setting CF to force SSL, do I need to do anything at my webhost with the SSL cert I already have with them? I notice that now, when proxied, the site shows the CF cert.



  • @wscsuperfan said in Hosted DNS questions:

    I assume everyone is using the "proxy" feature of Cloudflare?

    Often, but not always. It's an amazing feature, but there are many times when you don't want it or can't use it. It's really perfect for the majority of things like standard websites. But like addresses used for email or some other function often can't be proxied.



  • @wscsuperfan said in Hosted DNS questions:

    When using it, and setting CF to force SSL, do I need to do anything at my webhost with the SSL cert I already have with them? I notice that now, when proxied, the site shows the CF cert.

    CF is a proxy, so it has separate SSL certs and settings from your server. You can skip SSL altogether on your server and CF will serve out SSL for you just fine. Or you can self sign. Or use a formal LetsEncrypt or whatever. This will change your "strict" style options with CloudFlare, but in all cases you can use CF's SSL when proxied whether the site has its own SSL or not.



  • @wscsuperfan said in Hosted DNS questions:

    I assume everyone is using the "proxy" feature of Cloudflare?

    When using it, and setting CF to force SSL, do I need to do anything at my webhost with the SSL cert I already have with them? I notice that now, when proxied, the site shows the CF cert.

    The end users will see the CF cert all the time.

    What your local cert protects is the communication between CF and your server. CF also have certs available to encrypt the traffic between your server and CF, I think they're even free.



  • @travisdh1 said in Hosted DNS questions:

    CF also have certs available to encrypt the traffic between your server and CF, I think they're even free.

    They are free.



  • @travisdh1 said in Hosted DNS questions:

    @wscsuperfan said in Hosted DNS questions:

    I assume everyone is using the "proxy" feature of Cloudflare?

    When using it, and setting CF to force SSL, do I need to do anything at my webhost with the SSL cert I already have with them? I notice that now, when proxied, the site shows the CF cert.

    The end users will see the CF cert all the time.

    What your local cert protects is the communication between CF and your server. CF also have certs available to encrypt the traffic between your server and CF, I think they're even free.

    Good to know

    Thanks



  • @scottalanmiller said in Hosted DNS questions:

    @travisdh1 said in Hosted DNS questions:

    CF also have certs available to encrypt the traffic between your server and CF, I think they're even free.

    They are free.

    And I have a guide on here on how to use one



  • @JaredBusch said in Hosted DNS questions:

    @scottalanmiller said in Hosted DNS questions:

    @travisdh1 said in Hosted DNS questions:

    CF also have certs available to encrypt the traffic between your server and CF, I think they're even free.

    They are free.

    And I have a guide on here on how to use one

    Sweet.....I'll go look for it. Thanks



  • @wscsuperfan said in Hosted DNS questions:

    @JaredBusch said in Hosted DNS questions:

    @scottalanmiller said in Hosted DNS questions:

    @travisdh1 said in Hosted DNS questions:

    CF also have certs available to encrypt the traffic between your server and CF, I think they're even free.

    They are free.

    And I have a guide on here on how to use one

    Sweet.....I'll go look for it. Thanks

    https://www.mangolassi.it/tags/origin certificate


Log in to reply