Slashdot Mirror
Best DNS Service With API Access?
netaustin writes "My company runs quite a few media websites, mostly on Drupal, and about half on ec2. We have a good server setup with ec2 which allows us to route requests through Pound, a cluster of Varnish servers, then a cluster of Apache servers. We manage 50 domains (one per state) like this. Problem is, anytime things change, we have to manually adjust DNS for all 50 states, which is very boring and usually causes negative side effects too as we can't ever adjust all 50 DNS entries at once. We'd like to just change DNS providers and be done with it, but there are a lot of options, and I don't often shop for DNS services. I use EveryDNS for my personal domains, but I don't think they provide an API and it'd feel a little dishonest to reverse engineer the forms on their site since they're an esteemed donations-based service. I wouldn't feel bad about doing that to DNSPark, but they have a CAPTCHA image accompanying their login form, so goodbye DNSPark. I found a couple services that seem to do what I'm looking for, but they both feel a bit Microsoft-y and since I only want to change once, I want to get this right. Advice?"
DynDNS.
That was easy.
Potato chips are a by-yourself food.
Why not run your own??
How about running your own master DNS server, and having your provider slave from that.
Are all your domains hosted on the same set of servers? Could you CNAME the 50 domains to a smaller subset of domain names, and then you only have to change the A records of that subset whenever you have a change?
It sounds like it's time to run your own dns servers. For what you're trying to do I recommend powerdns with either a mysql or postgres backend. You can do massive updates with regular sql update syntax very quickly and anything that can talk mysql can update it ... perl, php, ruby, etc ... you name it.
Are we talking any sort of budget here, or does it have to be free?
Quite a few places will charge a nominal per-year fee for dns, and provide good uptime...
A lot of those are the places you register the domains from, and they make more money on registrations than dns service, but provide both.
Please provide details
I've used Nettica APIs from OSX and Linux and never had a problem. They have multiple API interfaces and are quite reasonably-priced. http://www.nettica.com/Support/Developers.aspx
EveryDNS provides a "secondary DNS" service. If you can set up your own primary server, EveryDNS will clone it.
NearlyFreeSpeech.net has an API to control DNS records.
You sound like you've had a long drive home. How about posting in the relevant forum next time, m'kay?
zoneedit.com
It has an API. Its free for personal use, and the catch is that someone like you, who uses lots of domains, would have to start paying some money.
Anyway, Its what I use for tying my domain to a dynamic IP, and I can update via a script. Its just a wget of a certain webpage with the variables set correctly (domain identified, and my password I think)
Might be what you are looking for. Good luck.
You can always run your own DNS server on a slice somewhere using MyDNS. I've had really good luck with it for over 5 years.
The above is not worth reading.
You could also leave your DNS static and use EC2 Elastic IPs to shift things around on the backend (you did mention you were using EC2).
before giving them a call, prepare to be floored by dynect's outrageous costs
FreeDNS I've been using them for a few years. Updating the DNS info can be done in a single click for all domains. They have a few free update clients, or you can use their API to write your own client.
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
Are you looking for features in a registrar or dns provider? While most registrars also provide DNS service, there's never a requirement that you have to use them. And use them I don't.
I got good and comfortable with Bind many years ago, and have the DNS administration stuff down pat. I have some really nice administration scripts that manage changes by service. Throw in a few variables, some regex, and some DNS boilerplate definition files, and I get the ability to re-ip a service (EG: websites, email, https, dbserver, etc. ad nauseum) for hundreds of domains in 60 seconds flat if you include updating the actual DNS servers with the changes. (I publish 2, I maintain 5 so that I can quickly switch nameservers in case of hardware/network failure)
Other than that, I have all my domains linked to two DNS servers by name, and occasionally I have to move a DNS server. It takes a few minutes.
Is this what you are looking for?
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Own your own distributed DNS infrastructure that comes with its own openAPI.
http://www.f5.com/products/big-ip/product-modules/global-traffic-manager.html
I'd like to own my own signed affidavit in which you disclose each and every real or potential financial tie that you have to F5.
To put that another way, you're coming across like a garden-variety spammer. Of course on Slashdot spammers know that an obvious spam won't go over so well, so they tend to use "product placement" techniques like what you just did. "Hey, I see you're talking about DNS with API access! Look, I just happened to point out that this commercial entity just happens to have one of those! Own your own!"
The API only really works if you want to manage the Wide IPs. iControl doesn't really have anything for working with the regular bind files. Plus it's a bit pricey for what it does and there are cheaper solutions that can be built rather then using a GTM.
You sound like you've had a long drive home. How about posting in the relevant forum next time, m'kay?
I dunno ... it was a pretty damn good rant.
The higher the technology, the sharper that two-edged sword.
...or do it yourself. Easy, you're the boss, and you only pay for the hardware and net service. I would never buy DNS from anyone.
Copy a 17 Meg file Every day...Like mire of decay, of various BSD Slashdot 'BSD is share, this news documents like a w1ll recall that it beyond the scope of
...he said as he collapsed on the keyboard, drooling, starting to realize that perhaps he was too drunk to post after all.
I've been using ZoneEdit for years and they're great. Free for small domains, and really cheap for huge domains. It never, ever breaks. And it's super easy to work with.
I like them, cheap and reliable, plus there's a CPAN module to interact with them. Personally I would also investigate running your own DNS servers, with Bind a simple run of sed through the text config files and a restart and you're done.
I've been using ZoneEdit for the past 4 years, and I dont remember a single problem with them. It is easy, as you said, and so cheap I feel guilty every time I use them.
dnsmadeeasy.
I only know about them because RightScale is using them.
Of course, when presented with this problem, I took an entirely different approach -- I wrote a DNS-as-REST server in Rails, and then a simple pipeclient-to-REST client/plugin for PowerDNS. The assumption is, it doesn't really have to perform well -- so long as it supports AXFR, you can set up any DNS server (or just about any provider) as a slave.
Don't thank God, thank a doctor!
PowerDNS -> run it yourself with the convenience of doing mass updates in SQL statements instead of maintaining a few dozen zone files on disk. If you think 50 domains is hard, try running several thousand on a shared hosting cluster. You either need scripted automation, or some type of DB-managed solution like PowerDNS. It's by no means the only one like it, but in my experience has worked reasonably well.
Pay a nominal fee to have an ISP slave their big bad never-down DNS servers against your hidden master. Make sure it is set up to allow DDNS updates from your master so there is no lag making the new data public. All you have to worry about is TTL.
Your server server will not take the load and will not have the uptime requirement as the public servers. You can put just about any DNS software on your server so you can use any API you want there.
Everyone has their opinions and I like UltraDns...great infrastructure, rock solid netwrok and API's
Hi there, I am representing my client, Staples, Inc. Your use of the phrase "That was easy" treads upon the Intellectual Property right of Staples, Inc. Use of my client's slogan without prior written authorization is not permitted. You will immediately cease claiming that anything other than Staples, Inc. "was easy". This includes everything from DynDNS to your girlfriend and/or wife.
Sincerely yours,
Mr. Vatwozeezee
We're having similar problems with our dns here at ATT. Half of texas is in the friggin dark right now because of it too.
1) Install and DNS server that supports what is technically called 'dynamic updates' and make sure that the updates can be authorized by keys. This server will be internal.
2) man nsupdate
Here, I'll even do this step for you: http://linux.die.net/man/8/nsupdate
3) Set the public facing DNS servers to transfer the zones from your internal DNS server.
4) Tada.
Using ISC BIND, I've setup my zones in a similar fashion. I configured the zone update authorization to be key based instead of IP based.
nsupdate uses no special magic, just RFC based standards to allow zone updates. If nsupdate doesn't fit your bill (and it should, it allows you to batch updates and send them), you can roll your own.
Keep in mind that 'dynamic update' doesn't mean 'low TTL value.' You can set it to whatever you please, it just means that you can updates records without any special zone magic.
www.editdns.net
Great infrastructure, robust, API, good people. I've been using them for around nine years now - http://ultradns.com/ - highly recommended.
Use TinyDNS with VegaDNS. kthx.
Otherwise, you could always set up your own master server. It's not really too hard to do, especially if you already have some experience with running web servers.
http://www.linode.com/api/ Perl, Python, PHP bindings that let you manipulate your DNS entries, $20 a month will buy you a linode that runs the DNS server, decent security setup lets you distribute control without giving out your master passwords (and revoke access as necessary). I use them for my DNS management for a number of domains and I must say no one else I've seen has a superior DNS entry interface.
I wrote:
-davidu
# Hack the planet, it's important.
www.opendns.com
The largest prime factor of my UID is 263267.
Slicehost, the preferred Linux VPS host of web 2.0 developers everywhere, has an published API that you can use to access their DNS hosting and make whatever changes you need.
Web consulting +
How about running myDNS (http://mydns.bboy.net/ )? It has a DB backend so changing 50 entries is a breeze and instant as well.
If you are managing that many domains, perhaps its time you, oh, I dunno, ran your *OWN* DNS server?
I know your post was asking more about hosted DNS solutions, but if you have a budget to do it right, take a look at Nominum ANS. Has a great SOAP API and supports zone templates.
Infoblox provides a DNS appliance with a full perl api. www.infoblox.com
Try Zerigo:NS (http://ns.zerigo.com/). The template feature may be enough to meet your needs. Change one template and every domain dependent on it changes at once.
If the templates aren't enough, there's also a REST API (brand new, not yet announced on the site, but should be functional).
Shoot me an email after setting up an account and I'll comp you at least 6mo of whatever level account you need to fit your domains. Be sure to let me know what level account you need.
To the rest of /. -- I'll comp any of you too: just mention this thread and let me know what account level.
(Disclaimer: If it wasn't obvious, I am affiliated with Zerigo.)
geek friendly VPS's and free API enabled DNS : zerigo.com
ftw.
Look, I just happened to point out that this commercial entity just happens to have one of those! Own your own!"
Hey! It works for the Microsoft Windows guys.
GoDaddy dba WildWest has an API, but we seem to have ended up being guinea pigs for it, and it didn't go well. Their documentation had features that didn't exist, promised 24-hour turnaround on support failed, ...
It's working OK now, but I can't really recommend it.
Nothing to see here; Move along.
nictool.
Sounds to me like you're routing all requests through one IP/server/cluster.
If that's the case, and the thing that chances is the IP, why not do this differently?
Why not use a CNAME from the webhosts to a service name, change the IP of the service name, and all the others change?
If you're somehosting.com, and you need to change ny.somehosting.com etc, just CNAME ny.somehosting.com to www.somehosting.com, then change ww.somehosting.com whenever you need?
Hi.
I like domeneshop. (http://www.domainnameshop.com/)
They sell domain names and offers free dns services for registered customers.
They're located in Oslo, Norway and do all their hosting from there.
I'll throw DtDNS into the mix, which is the service I have operated for the last ten years. There is no public API aside from the IP update for dyamic hosts/domains, but we have built specific APIs for clients in the past. A "search and replace" function for zones will be available on the web site in the near future as well for mass IP changes.
Maybe your right, but if you've ever been in a serious datacenter, you'd know f5 is everywhere. Used by the big guys. Considering the asker doesn't seem to have a clue, I don't think thats the route for him.
Well.. maybe. Or Maybe not. But Definitely not sort of.
... DNS servers, using the reliable, secure, high performing, authoritative-only, name server software called NSD. Generate your zone files from a script in your favorite language, and be done with the issues.
now we need to go OSS in diesel cars
If I am in the left lane and no one else is on the road,
... then you're the asshole for driving in the wrong lane, asshole
We've been using the neustar system for about 4 years now, find them to be quite reliable. They have provided well for our needs which are somewhat simlar to yours. They can be found at neustar.biz. Don't be fooled be the goofy domain these guys are enterprise solution providers and they host dns for such applications as hotmail. They have a long track record of being a leader in this area.
They do offer an api, as well as a bulk importer.
Matthew Carson
NetroMedia.com
I highly recommend DNS made easy: https://www.dnsmadeeasy.com/s0306/res/ddnsc.html I use them with a bunch of serves on EC2 and it works like a charm.
Does the programming that calls the API actually run on their server?
now we need to go OSS in diesel cars
Watch out for his Jew Claw though, they can be dangerous so it's best to approach them in mobs.
I've been hosting my domains with Enom since over 10 years now, and am very happy with the level of service they provide. Their control panels let you do most anything you need including setting TXT records, and there's an API they provide so you can programmatically make changes too. Very slick.
I recommend again Gandi. They have very good service, very good ethics (completely adds free) and an XML API for managing your account if you choose the reseller account (which you would want anyway with 50+ domains). They ask 12EUR/year for a .com domain. I already recommended them yesterday for their email offer which is free with your domains.
What sig ?
That whatever you choose, DJB would not agree with you.
I've recently switched my domains to editdns.net. The main reason for this was that ZoneEdit didnt't support SRV records. EditDNS does indeed have a simple API which just requires passing parameters to a PHP along with a predefined API key.
ishidden.net is also a great place to get a dynamic ip. You do not have to keep clicking on email links and there is an open API to write your own clients.
ultradns that is the best and fastest provider.
What, precisely, is that supposed to mean?
Oh, the ol' slip in a M$ jibe to get posted on Slashdot? I thought so.
I am very small, utmostly microscopic.
DNSMadeEasy (http://www.dnsmadeeasy.com) is a good provider. Serious people, reasonable prices, remarkable service. I've been using this service for years without a problem.
I am surprised nobody I have seen mentions GoDaddy. They don't have a API that I know of, but they have a copy feature that allows you to copy setting(s) from one domain to all the domains. Makes mass updates very easy, and their DNS is rock solid and fast. Plus they are free if you have a GoDaddy account.
dyndns.org and your done.
I think you underestimate just how much I just dont care.
It isn't all that hard you know...
And even a pretty busy DNS server doesn't require vast hardware resources. You already obviously have a hosting infrastructure, etc. Bind 9 can serve up a LARGE amount of DNS requests on a couple of fairly low end machines.
"Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
Probably the most technically advanced DNS provider in the industry is UltraDns (http://www.ultradns.com/). Full (working) api that does both hosted dns, and slaves. I don't imagine you'll find a more responsive tech support line.
EasyDNS does have an API for "Dynamic" IP addresses.
Their clients are listed here: http://support.easydns.com/dyndns.php
And the API is here:
http://support.easydns.com/tutorials/dynamicUpdateSpecs.php
IMarv.
Trusting software vendors is no smarter than trus
Why do so many people refuse to run DNS themselves? At the very least, you can find a provider to host the public DNS, but you can host the primary DNS, which we propagate out to the public servers. This way, you can do whatever you like. BIND uses a flat text file for it's configuration. Easy to parse, edit, etc, with a script.
Do some friggin' homework before you post such a stupid question.
man sed(1)
There isn't much iControl integration into the BIND running on the GTM, but for this scenario all these names would be WIPs- so using iControl to move traffic around would work perfectly.
And F5 is never going to be the cheapest but it is usually the best (and when it comes to LTM and GTM, I've got no qualms saying that). For this particular guys needs it is overkill- he doesn't care about HA or site redundancy, he just wants API access to DNS. He also isn't using LTM so he gets no benefit from the integration between the two [And I'm pretty positive Amazon isn't going to give him credentials on their EC2 F5's :)].
This is some front line admin that just wants to make his life easier- not a business looking to avoid outages on mission critical apps [read that:cost significant revenue when they're down]- so I personally wouldn't push too hard to sell the guy an enterprise/carrier grade $50k+ global load balancing solution.
Exactly! I agree 100% with the prior poster.
As for the grandparent post, where is the sense of community? The OP obviously does not know how to do this in-house by himself, so he turned to the community. Is that a bad thing? It's the old "apprenticeship" model except he was looking to learn from his online peers.
Let's look at the facts:
- You have 50 domains.
- You're running a multi-layered cluster of web servers on EC2 (why?!)
- You're (ab)using a free DNS service
How hard could it possibly be for you to set up ONE conventional dedicated server as the front-end ? You could run your own DNS on there along with Pound/Varnish or whatever perverse setup you think you need. More importantly you shouldn't be using DNS as your node list... just write your own simple scripts to keep track of all your nodes, then you won't have to fight with DNS refresh issues at all, you can update your proxies instantly.
All these Amazon pay-as-you-go services are fascinating, but most people don't have a clue how to use them properly.
-Billco, Fnarg.com
DNS already provides a great API using the Master-Slave mechanism.
In detail:
Set up a nameserver of your choice. This might by pdns with ldap backend or anything with mysql backend. Do not waste a thought about performance, it won't have a lot of traffic.
Then search for some good slave nameserver providers. They are often called "secondary", but this should not be mixed up.
In theory:
Master: Authoritative namesevrer (your private one)
Slave: Nameserver that refresh based on your SOA record
In contrast to:
primary: Your first nameserver (should be mentioned in the SOA record too)
secondary: Nameserver 2-..
A nice setup for easy management would be like that:
(hidden) Master -> [ (primary) Slave | (secondary) Slave ]
EveryDNS, XName.org, twisted4life,... provide "secondary" nameservers in the meaning of slaves.
Sign up at at least two of these and restrict your private nameserver / firewall rules to only allow your slaves.
That's it. Manage your zones locally with any script you want, the slaves will come to get it (or if they support notify, your master pushes it out). Your master doesn't get a single connect by the users, you don't have the traffic and availability of the master is not really that important (it has to serve ~4 clients, depending on your SOA refresh about 30 requests a day..). The NS records in your zone don't mention your private server, your registry doesn't have to know of it's existence either.
Drawback: Not all "secondary" (in the meaning of slave again) providers support all DNS record types. Some strip out TXT, some do not serve SRV even if your zone contains some.
Search the web for "hidden master DNS" for further information.
I've been using Nettica to manage all of my DNS for a couple of years and am very pleased with them. Service has been fantastic and their features seem quite good. They have a template feature to administer many domains at once... might be what you're looking for.
I wouldn't exactly call it an API, but DNS Made Easy offers dynamic DNS in a way that seems pretty flexible to me. I haven't used it, but I've been very happy with their service for my static DNS entries - the service is quite flexible, the updates are REALLY fast, and I haven't ever had any problems. It costs me $5 a month, and it sounds like your needs would come to about $7 per month. You do have to pay up front, but I've been happy with them since... hmm, February. It feels like longer (I guess moving twice will do that to you).
DNS Made Easy's dynamic DNS and pricing.
Disclaimer: I'm not affiliated in any with DNS Made Easy, just a satisfied customer. They do have an affiliate program but... I don't want to look like a whore on Slashdot! Sigh, social norms.
The cost of setting up a couple DNS servers in a couple of different locations is going to be pretty trivial for anything but the very smallest shops. Basically depends on if it is worth the bother and minor expense.
"Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
Ultra DNS offers a Full API as well to inject bulk changes, this is complimented by real time propagation. Unfortunately their pricing is not as low as DynDNS.
Domainsmadeasy has a feature called Domain Templates, best thing since sliced bread. Update the template, update a million domains in one go.
Also supports dynamic IPs within those domain templates if you so wish.
D.
As for the grandparent post, where is the sense of community? The OP obviously does not know how to do this in-house by himself, so he turned to the community. Is that a bad thing? It's the old "apprenticeship" model except he was looking to learn from his online peers.
I agree. I'm not a network admin (I'm a dev), but I'm always looking to expand my understanding of network topics. I find questions (and especially the answers) interesting because I *am* trying to learn more.
Politicians complicate life - logic is sacrificed on the altar of political expediency.
I'm glad we've reached an understanding here: Slashdot, News for Noobs.
Now, please turn in your account, Mr. WhatAmIDoingHere .. allow me to have at least a meaningful nickname.
(In return, I offer a Slashdot account with a preciously low UID stored on an Indy with dead CMOS)
As to my statement, Slashdot, News for Noobs, I present the following facts:
Yeah sure, nobody doesn't want you to learn. But why does this stuff have to appear on a major tech news site when you could just as easily do a search on wikipedia, google or microsoft live (lol, just kidding :) and find all relevant introduction, howto's and tutorials. That will teach you a lot more in the long run.
I've become a fan of zonedit. Normally I roll my own but, well, I'm f-n-lazy.
Having to work for a living is the root of all evil.
True. And I have done just that. It's more of a "tried and true" thing. Sometimes (many times) on any given topic, there's so much out there it's really hard to separate wheat from chaff. I'd rather hear from a community I trust (I know - what am I, crazy? Trust slashdotters?) that has some experience in the area of whatever topic.
Politicians complicate life - logic is sacrificed on the altar of political expediency.
Crazy idea here - why not just run your own?
Wha... what?
Not a Twitter sockpuppet... but I wish I was.
My company did try UltraDNS (now called NeuStar) and our records were deleted twice. Also, the billing is ridiculous, our overages went from an average of $200 to $9,000 and they would provide no logs to support it (says Ray McKenzie "we will be happy to enable our logging feature now and maybe there it will give some clue as to where the queries are coming from"). Their stance, "pay us or we'll turn it over to collections". Stay away from Neustar (aka UltraDNS)