Slashdot Mirror
Best DNS Service With API Access?
netaustin writes "My company runs quite a few media websites, mostly on Drupal, and about half on ec2. We have a good server setup with ec2 which allows us to route requests through Pound, a cluster of Varnish servers, then a cluster of Apache servers. We manage 50 domains (one per state) like this. Problem is, anytime things change, we have to manually adjust DNS for all 50 states, which is very boring and usually causes negative side effects too as we can't ever adjust all 50 DNS entries at once. We'd like to just change DNS providers and be done with it, but there are a lot of options, and I don't often shop for DNS services. I use EveryDNS for my personal domains, but I don't think they provide an API and it'd feel a little dishonest to reverse engineer the forms on their site since they're an esteemed donations-based service. I wouldn't feel bad about doing that to DNSPark, but they have a CAPTCHA image accompanying their login form, so goodbye DNSPark. I found a couple services that seem to do what I'm looking for, but they both feel a bit Microsoft-y and since I only want to change once, I want to get this right. Advice?"
DynDNS.
That was easy.
Potato chips are a by-yourself food.
Why not run your own??
How about running your own master DNS server, and having your provider slave from that.
It sounds like it's time to run your own dns servers. For what you're trying to do I recommend powerdns with either a mysql or postgres backend. You can do massive updates with regular sql update syntax very quickly and anything that can talk mysql can update it ... perl, php, ruby, etc ... you name it.
Are we talking any sort of budget here, or does it have to be free?
Quite a few places will charge a nominal per-year fee for dns, and provide good uptime...
A lot of those are the places you register the domains from, and they make more money on registrations than dns service, but provide both.
Please provide details
EveryDNS provides a "secondary DNS" service. If you can set up your own primary server, EveryDNS will clone it.
NearlyFreeSpeech.net has an API to control DNS records.
You can always run your own DNS server on a slice somewhere using MyDNS. I've had really good luck with it for over 5 years.
The above is not worth reading.
Are all your domains hosted on the same set of servers? Could you CNAME the 50 domains to a smaller subset of domain names, and then you only have to change the A records of that subset whenever you have a change?
I second this idea.
I'd also point out that you can ease your DNS transitions by carefully planning a "drawdown" of the TTL values of your records prior to the actual change and/or setting up HTTP redirection on the legacy addresses, redirecting to the new location, during the interval of time in which the new DNS information is still replicating and/or resident in DNS caches.
You could also leave your DNS static and use EC2 Elastic IPs to shift things around on the backend (you did mention you were using EC2).
FreeDNS I've been using them for a few years. Updating the DNS info can be done in a single click for all domains. They have a few free update clients, or you can use their API to write your own client.
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
Are you looking for features in a registrar or dns provider? While most registrars also provide DNS service, there's never a requirement that you have to use them. And use them I don't.
I got good and comfortable with Bind many years ago, and have the DNS administration stuff down pat. I have some really nice administration scripts that manage changes by service. Throw in a few variables, some regex, and some DNS boilerplate definition files, and I get the ability to re-ip a service (EG: websites, email, https, dbserver, etc. ad nauseum) for hundreds of domains in 60 seconds flat if you include updating the actual DNS servers with the changes. (I publish 2, I maintain 5 so that I can quickly switch nameservers in case of hardware/network failure)
Other than that, I have all my domains linked to two DNS servers by name, and occasionally I have to move a DNS server. It takes a few minutes.
Is this what you are looking for?
I have no problem with your religion until you decide it's reason to deprive others of the truth.
The API only really works if you want to manage the Wide IPs. iControl doesn't really have anything for working with the regular bind files. Plus it's a bit pricey for what it does and there are cheaper solutions that can be built rather then using a GTM.
You sound like you've had a long drive home. How about posting in the relevant forum next time, m'kay?
I dunno ... it was a pretty damn good rant.
The higher the technology, the sharper that two-edged sword.
...or do it yourself. Easy, you're the boss, and you only pay for the hardware and net service. I would never buy DNS from anyone.
Copy a 17 Meg file Every day...Like mire of decay, of various BSD Slashdot 'BSD is share, this news documents like a w1ll recall that it beyond the scope of
...he said as he collapsed on the keyboard, drooling, starting to realize that perhaps he was too drunk to post after all.
I've been using ZoneEdit for years and they're great. Free for small domains, and really cheap for huge domains. It never, ever breaks. And it's super easy to work with.
I like them, cheap and reliable, plus there's a CPAN module to interact with them. Personally I would also investigate running your own DNS servers, with Bind a simple run of sed through the text config files and a restart and you're done.
I've been using ZoneEdit for the past 4 years, and I dont remember a single problem with them. It is easy, as you said, and so cheap I feel guilty every time I use them.
dnsmadeeasy.
I only know about them because RightScale is using them.
Of course, when presented with this problem, I took an entirely different approach -- I wrote a DNS-as-REST server in Rails, and then a simple pipeclient-to-REST client/plugin for PowerDNS. The assumption is, it doesn't really have to perform well -- so long as it supports AXFR, you can set up any DNS server (or just about any provider) as a slave.
Don't thank God, thank a doctor!
PowerDNS -> run it yourself with the convenience of doing mass updates in SQL statements instead of maintaining a few dozen zone files on disk. If you think 50 domains is hard, try running several thousand on a shared hosting cluster. You either need scripted automation, or some type of DB-managed solution like PowerDNS. It's by no means the only one like it, but in my experience has worked reasonably well.
Pay a nominal fee to have an ISP slave their big bad never-down DNS servers against your hidden master. Make sure it is set up to allow DDNS updates from your master so there is no lag making the new data public. All you have to worry about is TTL.
Your server server will not take the load and will not have the uptime requirement as the public servers. You can put just about any DNS software on your server so you can use any API you want there.
Everyone has their opinions and I like UltraDns...great infrastructure, rock solid netwrok and API's
Hi there, I am representing my client, Staples, Inc. Your use of the phrase "That was easy" treads upon the Intellectual Property right of Staples, Inc. Use of my client's slogan without prior written authorization is not permitted. You will immediately cease claiming that anything other than Staples, Inc. "was easy". This includes everything from DynDNS to your girlfriend and/or wife.
Sincerely yours,
Mr. Vatwozeezee
We're having similar problems with our dns here at ATT. Half of texas is in the friggin dark right now because of it too.
1) Install and DNS server that supports what is technically called 'dynamic updates' and make sure that the updates can be authorized by keys. This server will be internal.
2) man nsupdate
Here, I'll even do this step for you: http://linux.die.net/man/8/nsupdate
3) Set the public facing DNS servers to transfer the zones from your internal DNS server.
4) Tada.
Using ISC BIND, I've setup my zones in a similar fashion. I configured the zone update authorization to be key based instead of IP based.
nsupdate uses no special magic, just RFC based standards to allow zone updates. If nsupdate doesn't fit your bill (and it should, it allows you to batch updates and send them), you can roll your own.
Keep in mind that 'dynamic update' doesn't mean 'low TTL value.' You can set it to whatever you please, it just means that you can updates records without any special zone magic.
Great infrastructure, robust, API, good people. I've been using them for around nine years now - http://ultradns.com/ - highly recommended.
The trouble with EC2 and CNAMEs is that you cannot CNAME a base domain.
So you can easily cname www.example.com to whatever you need, but you cannot cname example.com at all.
The better solution (as noted below) is Amazon's Elastic IP offering. Which is free if it attached to a running EC2 instance.
Otherwise, you could always set up your own master server. It's not really too hard to do, especially if you already have some experience with running web servers.
http://www.linode.com/api/ Perl, Python, PHP bindings that let you manipulate your DNS entries, $20 a month will buy you a linode that runs the DNS server, decent security setup lets you distribute control without giving out your master passwords (and revoke access as necessary). I use them for my DNS management for a number of domains and I must say no one else I've seen has a superior DNS entry interface.
I wrote:
-davidu
# Hack the planet, it's important.
www.opendns.com
The largest prime factor of my UID is 263267.
Slicehost, the preferred Linux VPS host of web 2.0 developers everywhere, has an published API that you can use to access their DNS hosting and make whatever changes you need.
Web consulting +
How about running myDNS (http://mydns.bboy.net/ )? It has a DB backend so changing 50 entries is a breeze and instant as well.
If you are managing that many domains, perhaps its time you, oh, I dunno, ran your *OWN* DNS server?
I know your post was asking more about hosted DNS solutions, but if you have a budget to do it right, take a look at Nominum ANS. Has a great SOAP API and supports zone templates.
Try Zerigo:NS (http://ns.zerigo.com/). The template feature may be enough to meet your needs. Change one template and every domain dependent on it changes at once.
If the templates aren't enough, there's also a REST API (brand new, not yet announced on the site, but should be functional).
Shoot me an email after setting up an account and I'll comp you at least 6mo of whatever level account you need to fit your domains. Be sure to let me know what level account you need.
To the rest of /. -- I'll comp any of you too: just mention this thread and let me know what account level.
(Disclaimer: If it wasn't obvious, I am affiliated with Zerigo.)
geek friendly VPS's and free API enabled DNS : zerigo.com
Look, I just happened to point out that this commercial entity just happens to have one of those! Own your own!"
Hey! It works for the Microsoft Windows guys.
GoDaddy dba WildWest has an API, but we seem to have ended up being guinea pigs for it, and it didn't go well. Their documentation had features that didn't exist, promised 24-hour turnaround on support failed, ...
It's working OK now, but I can't really recommend it.
Nothing to see here; Move along.
Hi.
I like domeneshop. (http://www.domainnameshop.com/)
They sell domain names and offers free dns services for registered customers.
They're located in Oslo, Norway and do all their hosting from there.
I'll throw DtDNS into the mix, which is the service I have operated for the last ten years. There is no public API aside from the IP update for dyamic hosts/domains, but we have built specific APIs for clients in the past. A "search and replace" function for zones will be available on the web site in the near future as well for mass IP changes.
Maybe your right, but if you've ever been in a serious datacenter, you'd know f5 is everywhere. Used by the big guys. Considering the asker doesn't seem to have a clue, I don't think thats the route for him.
Well.. maybe. Or Maybe not. But Definitely not sort of.
... DNS servers, using the reliable, secure, high performing, authoritative-only, name server software called NSD. Generate your zone files from a script in your favorite language, and be done with the issues.
now we need to go OSS in diesel cars
I highly recommend DNS made easy: https://www.dnsmadeeasy.com/s0306/res/ddnsc.html I use them with a bunch of serves on EC2 and it works like a charm.
Just set up a redirect from example.com to www.example.com and never change that. You can move www.example.com around any way you want. It also works better with google indexing.
New things are always on the horizon
Does the programming that calls the API actually run on their server?
now we need to go OSS in diesel cars
I've been hosting my domains with Enom since over 10 years now, and am very happy with the level of service they provide. Their control panels let you do most anything you need including setting TXT records, and there's an API they provide so you can programmatically make changes too. Very slick.
Even a web-based redirect from example.com to www.example.com still needs a valid A record for the host: "example.com".
I do agree that for search indexing, you want to either HTTP/HTTPS redirect www.domain => domain or vice versa.
I recommend again Gandi. They have very good service, very good ethics (completely adds free) and an XML API for managing your account if you choose the reseller account (which you would want anyway with 50+ domains). They ask 12EUR/year for a .com domain. I already recommended them yesterday for their email offer which is free with your domains.
What sig ?
I've recently switched my domains to editdns.net. The main reason for this was that ZoneEdit didnt't support SRV records. EditDNS does indeed have a simple API which just requires passing parameters to a PHP along with a predefined API key.
What, precisely, is that supposed to mean?
Oh, the ol' slip in a M$ jibe to get posted on Slashdot? I thought so.
I am very small, utmostly microscopic.
I am surprised nobody I have seen mentions GoDaddy. They don't have a API that I know of, but they have a copy feature that allows you to copy setting(s) from one domain to all the domains. Makes mass updates very easy, and their DNS is rock solid and fast. Plus they are free if you have a GoDaddy account.
dyndns.org and your done.
I think you underestimate just how much I just dont care.
It isn't all that hard you know...
And even a pretty busy DNS server doesn't require vast hardware resources. You already obviously have a hosting infrastructure, etc. Bind 9 can serve up a LARGE amount of DNS requests on a couple of fairly low end machines.
"Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
EasyDNS does have an API for "Dynamic" IP addresses.
Their clients are listed here: http://support.easydns.com/dyndns.php
And the API is here:
http://support.easydns.com/tutorials/dynamicUpdateSpecs.php
IMarv.
Trusting software vendors is no smarter than trus
Why do so many people refuse to run DNS themselves? At the very least, you can find a provider to host the public DNS, but you can host the primary DNS, which we propagate out to the public servers. This way, you can do whatever you like. BIND uses a flat text file for it's configuration. Easy to parse, edit, etc, with a script.
Do some friggin' homework before you post such a stupid question.
man sed(1)
There isn't much iControl integration into the BIND running on the GTM, but for this scenario all these names would be WIPs- so using iControl to move traffic around would work perfectly.
And F5 is never going to be the cheapest but it is usually the best (and when it comes to LTM and GTM, I've got no qualms saying that). For this particular guys needs it is overkill- he doesn't care about HA or site redundancy, he just wants API access to DNS. He also isn't using LTM so he gets no benefit from the integration between the two [And I'm pretty positive Amazon isn't going to give him credentials on their EC2 F5's :)].
This is some front line admin that just wants to make his life easier- not a business looking to avoid outages on mission critical apps [read that:cost significant revenue when they're down]- so I personally wouldn't push too hard to sell the guy an enterprise/carrier grade $50k+ global load balancing solution.
Exactly! I agree 100% with the prior poster.
As for the grandparent post, where is the sense of community? The OP obviously does not know how to do this in-house by himself, so he turned to the community. Is that a bad thing? It's the old "apprenticeship" model except he was looking to learn from his online peers.
Let's look at the facts:
- You have 50 domains.
- You're running a multi-layered cluster of web servers on EC2 (why?!)
- You're (ab)using a free DNS service
How hard could it possibly be for you to set up ONE conventional dedicated server as the front-end ? You could run your own DNS on there along with Pound/Varnish or whatever perverse setup you think you need. More importantly you shouldn't be using DNS as your node list... just write your own simple scripts to keep track of all your nodes, then you won't have to fight with DNS refresh issues at all, you can update your proxies instantly.
All these Amazon pay-as-you-go services are fascinating, but most people don't have a clue how to use them properly.
-Billco, Fnarg.com
DNS already provides a great API using the Master-Slave mechanism.
In detail:
Set up a nameserver of your choice. This might by pdns with ldap backend or anything with mysql backend. Do not waste a thought about performance, it won't have a lot of traffic.
Then search for some good slave nameserver providers. They are often called "secondary", but this should not be mixed up.
In theory:
Master: Authoritative namesevrer (your private one)
Slave: Nameserver that refresh based on your SOA record
In contrast to:
primary: Your first nameserver (should be mentioned in the SOA record too)
secondary: Nameserver 2-..
A nice setup for easy management would be like that:
(hidden) Master -> [ (primary) Slave | (secondary) Slave ]
EveryDNS, XName.org, twisted4life,... provide "secondary" nameservers in the meaning of slaves.
Sign up at at least two of these and restrict your private nameserver / firewall rules to only allow your slaves.
That's it. Manage your zones locally with any script you want, the slaves will come to get it (or if they support notify, your master pushes it out). Your master doesn't get a single connect by the users, you don't have the traffic and availability of the master is not really that important (it has to serve ~4 clients, depending on your SOA refresh about 30 requests a day..). The NS records in your zone don't mention your private server, your registry doesn't have to know of it's existence either.
Drawback: Not all "secondary" (in the meaning of slave again) providers support all DNS record types. Some strip out TXT, some do not serve SRV even if your zone contains some.
Search the web for "hidden master DNS" for further information.
I've been using Nettica to manage all of my DNS for a couple of years and am very pleased with them. Service has been fantastic and their features seem quite good. They have a template feature to administer many domains at once... might be what you're looking for.
I wouldn't exactly call it an API, but DNS Made Easy offers dynamic DNS in a way that seems pretty flexible to me. I haven't used it, but I've been very happy with their service for my static DNS entries - the service is quite flexible, the updates are REALLY fast, and I haven't ever had any problems. It costs me $5 a month, and it sounds like your needs would come to about $7 per month. You do have to pay up front, but I've been happy with them since... hmm, February. It feels like longer (I guess moving twice will do that to you).
DNS Made Easy's dynamic DNS and pricing.
Disclaimer: I'm not affiliated in any with DNS Made Easy, just a satisfied customer. They do have an affiliate program but... I don't want to look like a whore on Slashdot! Sigh, social norms.
The cost of setting up a couple DNS servers in a couple of different locations is going to be pretty trivial for anything but the very smallest shops. Basically depends on if it is worth the bother and minor expense.
"Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
As for the grandparent post, where is the sense of community? The OP obviously does not know how to do this in-house by himself, so he turned to the community. Is that a bad thing? It's the old "apprenticeship" model except he was looking to learn from his online peers.
I agree. I'm not a network admin (I'm a dev), but I'm always looking to expand my understanding of network topics. I find questions (and especially the answers) interesting because I *am* trying to learn more.
Politicians complicate life - logic is sacrificed on the altar of political expediency.
I'm glad we've reached an understanding here: Slashdot, News for Noobs.
Now, please turn in your account, Mr. WhatAmIDoingHere .. allow me to have at least a meaningful nickname.
(In return, I offer a Slashdot account with a preciously low UID stored on an Indy with dead CMOS)
As to my statement, Slashdot, News for Noobs, I present the following facts:
I've become a fan of zonedit. Normally I roll my own but, well, I'm f-n-lazy.
Having to work for a living is the root of all evil.
True. And I have done just that. It's more of a "tried and true" thing. Sometimes (many times) on any given topic, there's so much out there it's really hard to separate wheat from chaff. I'd rather hear from a community I trust (I know - what am I, crazy? Trust slashdotters?) that has some experience in the area of whatever topic.
Politicians complicate life - logic is sacrificed on the altar of political expediency.
Crazy idea here - why not just run your own?
Wha... what?
Not a Twitter sockpuppet... but I wish I was.
My company did try UltraDNS (now called NeuStar) and our records were deleted twice. Also, the billing is ridiculous, our overages went from an average of $200 to $9,000 and they would provide no logs to support it (says Ray McKenzie "we will be happy to enable our logging feature now and maybe there it will give some clue as to where the queries are coming from"). Their stance, "pay us or we'll turn it over to collections". Stay away from Neustar (aka UltraDNS)