What are the Benifits of Running Your Own DNS?

baileyjs asks: "I help run a small web development firm, and we are always trying to save money, but not at the cost of service to our customers. We currently purchase DNS services from our ISP, but are looking at getting our own rack. I was going to put some DNS servers there when I saw that Network Solutions offers free DNS. All our of domains (about 150) are currently on Network Solutions, so transfer is not an issue. Why shouldn't I use Network Solutions? Why should I build my own? What reasons, besides 'Network Solutions is Evil', can I give my boss?"

Speed of Service

[Saac]

I don't know how good customer service is at Network Solutions, but our ISP was taking over 24 hours to process our change requests. This was unacceptable to us. So we roll our own.

The downside is that you have to make sure these machines are secure, hence there is an overhead to it all.

Do Both

[linuxwrangler]

I'm actually moving the other way - toward hosted DNS. This is especially important if you only have one data line - dual DNS is useless if both servers are on the same connection (just ask Microsoft - that's why they ended up outsourcing theirs a couple of years ago after a big DNS problem).

But sometimes it's great to be able to do quick changes for test/development and such so you can either delegate a sub-domain that you run internally or you can set up a test/dev domain and run your own DNS for that one.

Re:Do Both

[vlm]

Except that email sent to you will bounce with a message similar to:
"no MX record exists"
whereas if your DNS was up while your mailserver was unreachable, the sending mailserver would spool the message and retry at various intervals until it went thru, with no error messages generated.

This is another one of those "ask slashdot" questions that summarize to, read the oreilly book...

Re:Remember backup DNS.

[DA-MAN]

Remember that the backup DNS really shouldn't be geographically located near the primary. Even though 9/10 they are on the same network sadly.

Yes, it would be terrible if your network is down and people weren't able to resolve your hostnames in order to connect to your web servers which are also down. Really, what's the point of that unless you have multiple geographically diverse webservers as well?

The Web is not the internet, when will people get this? It's very cheap to pay a hosting company a monthly fee to provide a backup mail server to spool when your primary is down. Secondary NS's should be available if the primary goes down if just to keep mail working properly.

In addition, there are many free services out there like GraniteCanyon that will host your secondary ns for free. So there really isn't a reason to do it wrong.

Re:Speed is not a reason

[Webmonger]

DNS caching is configurable. If you know changes are coming soon, you can change your time-to-live (ttl) to 5 minutes.

When your new ttl has propogated to everyone, you can make your changes, which will apply in 5 minutes, then restore the old ttl.

These sorts of changes are not as easy to make with an external DNS provider, though they can be done.

run your own primary DNS with an off-site 2ndary

[chongo]

Hosting your own DNS server allows you to have full control and maximum flexibility over your domains. But don't forget that you need an off-site secondary DNS server as well!

You need a secondary DNS in case your site is cutoff from the net (backhoe cuts your cable), or if your ISP has routing/service problems, or if you suffer a loss of power for an extended period of time.

Loss of DNS service is more than people simply not being able to reach your site, loss of DNS service means EMail bounces (servers return EMail if they can no longer resolve your domain). Loss of DNS service means that web browsers tell your customers that you do not exist instead of simply telling them that you are down / not responding.

You want a secondary DNS that is located " elsewhere ". You want it far enough away that a single regional disaster (power outages, floods, earthquakes, etc.) does not take out both your primary DNS and your secondary DNS. You want your secondary DNS to have a distinct set of service providers to increase the chance that sites will be able to resolve your domain if the regional network is partitioned.

Run your own primary DNS. Make it a non-caching, non-forwarding, static, only answers queries for the domains it is authoritative. Then pick 1+ secondary DNS services that will slave off of your DNS master keeping in mind the points raised above.

One example of a secondary DNS Service is BackupDNS. They are inexpensive: Secondary DNS hosting your 150 domains would cost $28.50 US per month ($0.19 US per zone per month). They let you be in full control of your DNS service: Their site lets you new add zones, update (purge your zone on their servers and then force an reload) or remove zones on the fly. They will be a backup MX site if you like. They can even grok TSIG to improve the security of zone transfers. The BackupDNS folks are clueful, efficient, reliable and (unlike NetSol/Verisign) non-evil. I'm sure there are other secondary DNS Services that are both clueful, inexpensive. I mention these folks because we have had years of flawless secondary DNS service from them.

To sum it all up: Run a primary DNS to maximize the control and flexibility over your own domains. Use a clueful off-site secondary DNS service to maximize the chance that others will be able to resolve your domain.