Best DNS Service With API Access?

← Back to Stories (view on slashdot.org)

Best DNS Service With API Access?

Posted by samzenpus on Wednesday September 24, 2008 @01:53PM from the free-advice dept.

netaustin writes "My company runs quite a few media websites, mostly on Drupal, and about half on ec2. We have a good server setup with ec2 which allows us to route requests through Pound, a cluster of Varnish servers, then a cluster of Apache servers. We manage 50 domains (one per state) like this. Problem is, anytime things change, we have to manually adjust DNS for all 50 states, which is very boring and usually causes negative side effects too as we can't ever adjust all 50 DNS entries at once. We'd like to just change DNS providers and be done with it, but there are a lot of options, and I don't often shop for DNS services. I use EveryDNS for my personal domains, but I don't think they provide an API and it'd feel a little dishonest to reverse engineer the forms on their site since they're an esteemed donations-based service. I wouldn't feel bad about doing that to DNSPark, but they have a CAPTCHA image accompanying their login form, so goodbye DNSPark. I found a couple services that seem to do what I'm looking for, but they both feel a bit Microsoft-y and since I only want to change once, I want to get this right. Advice?"

47 of 221 comments (clear)

Min score:

Reason:

Sort:

DynDNS by rho · 2008-09-24 13:56 · Score: 5, Informative

DynDNS.
That was easy.

--
Potato chips are a by-yourself food.
1. Re:DynDNS by crush · 2008-09-24 14:04 · Score: 5, Informative
  
  Yeah. One of the most reliable and ethical operators in the business.
  
  This seems like an appropriate link.
2. Re:DynDNS by oskard · 2008-09-24 14:20 · Score: 4, Informative
  
  Also be sure to check out Dynect!
  
  DynDNS also offers another service, more business class. It has a MUCH more robust API, offers Failover, Load Balancing, Anycast, etc. Multiple users, node-based permissions. 37Signals, Mozilla, and RackSpace use Dynect. Highly recommended, give them a call!
  
  http://dynect.com/technology/developers.html
  
  http://dynect.com/features/api.html
  
  --
  Sigs are for Terrorists.
3. Re:DynDNS by rho · 2008-09-24 14:32 · Score: 5, Informative
  
  Yeah. One of the most reliable and ethical operators in the business.
  This should be emphasized. DynDNS is both reliable and ethical, and have been for a long time. Indeed, since before they went commercial. When they were non-com, you could get unlimited custom DNS services for a $30 donation. Guess what? When they went commercial they honored that pledge. I still have a number of "never expires" services because of this.
  Seriously, it's not worth dicking around with DNS. Get it done right the first time.
  
  --
  Potato chips are a by-yourself food.
4. Re:DynDNS by Anonymous Coward · 2008-09-24 16:00 · Score: 4, Interesting
  
  Actually I have had two accounts 'vanished' by DynDNS now and would never use them again, including one that has been with them for about 8 years first using their dyndns service and more lately (over the last few years) using their staticdns service. Both appear to have been clobbered by their 'stuff must get updated at least every 30 days' policy [1]. Which of course makes utterly no sense for a staticdns service. The staticdns account was for a domain with a PR of about 5 (it was on the air and highly linked-to for over seven years...), so I was understandably upset to see it suddenly vanish off the air one day with no warning whatsoever.
  Totally unimpressed, I would never, ever touch them for things I cared about again.
  [1] Read the first couple of sentences of the second paragraph on this page:
  https://www.dyndns.com/account/resetpass/index.html
5. Re:DynDNS by ishobo · 2008-09-24 16:50 · Score: 4, Insightful
  
  You should have gotten your own domain, not the host sitting on their domain, and used the CustomDNS service. I have an account that has been inactive for over a year and it is still there. CustomDNS domains will never expire if you have been with them since the begining when they were free; all those domains were grandfathered and remain free of charge.
  
  Totally unimpressed, I would never, ever touch them for things I cared about again.
  With the free DynamicDNS service, you get what you pay for. If the infrastructure is that important to you, pay for the account.
  
  --
  Slashdot - The great and glorious cluster fuck of Internet wisdom.
6. Re:DynDNS by ishobo · 2008-09-24 23:23 · Score: 2, Insightful
  
  You depended on a free service that had limitations for a critical function of your web and email. I am not sure why you decided to use the DynamicDNS service instead of CustomDNS unless you did not want to pay for your own domain. I can understand not wanting to spend any money but you got exactly what the service offers. DynamicDNS has always had the 30 day rule. That is what the word dynamic means. An update client could have been used; the IP address does not have to change but the record needs to be refreshed. You needed to upgrade to the premium level in order to remove the auto expire, and the upgrade was a onetime fee many years ago. Did you not read the account details before signing up?
  The old ml.org asked for donations, which did not work out too well. The premium level is how DynDNS was going to make some cash in the begining because it actually costs money to host servers.
  
  --
  Slashdot - The great and glorious cluster fuck of Internet wisdom.
7. Re:DynDNS by CyprusBlue113 · 2008-09-25 03:13 · Score: 2, Insightful
  
  I'm sorry but you clearly read and understood the limitations, and then proceeded to completely ignore them in design. This was completely your fault, and blaming the company for it just proves how incompetent/irresponsible you are. I hope I never have the misfortune of any of my systems depending on you.
  
  --
  a handful of selfish greedy people are no match for millions of selfish, greedy people -u4ya
diy?? by sholdowa · 2008-09-24 13:59 · Score: 3, Insightful

Why not run your own??
1. Re:diy?? by Anonymous Coward · 2008-09-24 14:42 · Score: 5, Insightful
  
  >Why not run your own??
  Apparently the article submitter isn't competent enough to do this on his/her own: Why else would he/she submit something so obviously mission critical to Slashdot?
  I *hate* seeing articles such as these on Slashdot: They fall into the "do my job for me" category, and should be tagged as such... only, now days, there are *so* many people on Slashdot lacking basic networking skills, it's almost moot: Hell, articles such as these generate traffic/revenue for Slashdot (to which I am contributing, of course), simply because of that fact. I imagine that such are the second highest traffic/revenue generator, right behind the "RIAA/MPAA"-type articles.
  My advice: If you can't figure out a viable method to accomplish what you need, using the skills and knowledge you possess, perhaps you should *hire* someone that can? And, learn from them, as they are doing it?
  Slashdot: News For Wannabes, Stuff That Matters To Them.
  Captcha: bitterly
  Now THAT is a nice one.
2. Re:diy?? by WhatAmIDoingHere · 2008-09-24 15:02 · Score: 3, Funny
  
  "My advice: If you can't figure out a viable method to accomplish what you need, using the skills and knowledge you possess, perhaps you should *hire* someone that can? And, learn from them, as they are doing it?"
  
  That's what HE was hired for.
  
  --
  Not a Twitter sockpuppet... but I wish I was.
3. Re:diy?? by NETHED · 2008-09-24 15:22 · Score: 5, Insightful
  
  I know replying to an AC won't do much, but I just feel like it, and have not much else to do right now.
  Begin Rant...
  Slashdot was _the_ site for breaking news a few years ago, and sites would be regularly slashdotted, etc. Now, blogs have taken over, and push out news MUCH faster than slashdot. I think slashdot has the ability/potential to become more of a community. I used to read the comments of slashdot for more insight, as there are truely intelligent people on this site that leave comments, but lately, the S/N ratio has gone bad.
  Stories like this are (I think) an attempt to bring back the good S/N ratio. No, slashdot no longer breaks stories, nor does it need to, the slashdot community has probably read about the articles somewhere else, and now comes here to discuss them. Yes, people flame, and there are many FPs, but thats slashdot, and it adds a little something.
  So when I read this story, I read it because I'm looking to learn something from the comments. I think thats the direction the slashdot community is going towards.
  End of Rant...
  
  --
  --sig fault--
Run a master? by The+Lesser+Powered+O · 2008-09-24 14:00 · Score: 5, Insightful

How about running your own master DNS server, and having your provider slave from that.
1. Re:Run a master? by Anonymous Coward · 2008-09-24 14:16 · Score: 2, Informative
  
  If you don't mind running your own master DNS server like this poster recommends, DNS Made Easy has a very cheap and very redundant IP anycast based DNS service that we use for all corporate sites. For dollars a month you could have access to their nameservers, which run all over the world. Other services offer similar enterprise DNS functionality, but comparing performance with price, we haven't been able to find a better deal yet.
2. Re:Run a master? by Charles+Dodgeson · 2008-09-24 14:57 · Score: 5, Informative
  
  Me, too. (That means "mod parent up")
  You can use DNSpark (whom I use) or other providers as slaves. Your master doesn't even need to be publicly accessible, just as long as you allow the appropriate zone transfers. This way you can have your own little scripts that generate the zone files on a host you fully control, while having the world query those professionally managed servers.
  
  --
  Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
3. Re:Run a master? by WuphonsReach · 2008-09-24 17:04 · Score: 3, Insightful
  
  How about running your own master DNS server, and having your provider slave from that.
  
  That's the ideal way to do it. Setup your own master server using BIND or whatever, and you get the best of both worlds. You can script access to your DNS server entries, make updates however you want to, and make it as secure as you want to.
  
  Then let the DNS provider simply serve as secondary servers for your DNS domains. Even if your primary DNS server is down for maintenance, the NS records on your domains are pointing at the DNS provider's pool of servers which are geographically separated.
  
  (Alternately, you could try a service like DNSMadeEasy, which allows you to make API-style updates to your DNS entries. Unfortunately, security is a bit thin and you have to hard-code usernames and passwords.)
  
  --
  Wolde you bothe eate your cake, and have your cake?
4. Re:Run a master? by Sentry21 · 2008-09-24 18:57 · Score: 4, Interesting
  
  to heck with zone files, set up something like PowerDNS and set it up with a database backup. Do one update query and push out to the slaves. PDNS is also quite snappy, and configuration is far less arcane compared to Bind - in five minutes I had an authoritative, non-recursing DNS server which was not vulnerable to the Kaminsky vulnerability (even if it did recurse). It does things same, logs sanely, and doesn't make me feel like a clueless newbie like Bind does (even after ten years of adminning DNS servers).
  Check it out, it's worth it.
5. Re:Run a master? by nullchar · 2008-09-24 20:10 · Score: 2, Informative
  
  What sort of load can the DB backend handle? Does it use caching? There's a DLZ-bind mod out there, but it executes at least one SQL query for every DNS query; which can't handle even moderate load.
6. Re:Run a master? by Anonymous Coward · 2008-09-24 20:49 · Score: 3, Informative
  
  "who would you go to for DNS glue records?"
  If really needed, your DNS registrar will do.
  "you need DNS glue from someone above you in order for those DNS servers to be valid."
  No, you don't.
  "Or has stuff changed since I last did this a few years back?"
  No, it hasn't.
  You only need glue records... when you need glue records. For a NS that means only if the name server for a domain happens to be within the same domain (so NS for example.com is for instance ns.example.com). On the typical scenario DNSs will be something like ns1.mycompany.com, ns2.mycompany.com and they will serve i.e. onestate.com, othercompany.com and the like. No glue records involved.
7. Re:Run a master? by Lorens · 2008-09-24 22:39 · Score: 2, Insightful
  
  What sort of load can the DB backend handle?
  Enough.
  
  Does it use caching?
  Yes.
  
  There's a DLZ-bind mod out there, but it executes at least one SQL query for every DNS query; which can't handle even moderate load.
  That's their problem. PowerDNS rocks. No more pesky start-up times, no more wondering if the syntax is OK so everything can start up again after a reload, let client have a web interface to his zone using simple SQL...
Run your own dns servers .... try powerdns by brainchill · 2008-09-24 14:03 · Score: 3, Informative

It sounds like it's time to run your own dns servers. For what you're trying to do I recommend powerdns with either a mysql or postgres backend. You can do massive updates with regular sql update syntax very quickly and anything that can talk mysql can update it ... perl, php, ruby, etc ... you name it.
1. Re:Run your own dns servers .... try powerdns by abigor · 2008-09-24 14:46 · Score: 3, Informative
  
  If you indeed do need to run your own dns servers, then I second the PowerDNS recommendation. Having a proper sql backend is just paradise compared to the flat files of, uh, a certain other dns server that should be killed off. It's also worth noting that PowerDNS splits the authoritative server and the recursor into two separate daemons, which is quite a nifty idea.
2. Re:Run your own dns servers .... try powerdns by Lennie · 2008-09-24 19:19 · Score: 3, Informative
  
  It's not nifty to split authoritative and recursive, it's sane (security).
  
  --
  New things are always on the horizon
"media-based company" by perlchild · 2008-09-24 14:04 · Score: 3, Interesting

Are we talking any sort of budget here, or does it have to be free?
Quite a few places will charge a nominal per-year fee for dns, and provide good uptime...
A lot of those are the places you register the domains from, and they make more money on registrations than dns service, but provide both.
Please provide details
1. Re:"media-based company" by Anonymous Coward · 2008-09-24 14:59 · Score: 2
  
  Quite a few places will charge a nominal per-year fee for dns, and provide good uptime...
  Could you be more specific?
Re:CNAMEs? by Wowlapalooza · 2008-09-24 14:15 · Score: 2, Insightful

Are all your domains hosted on the same set of servers? Could you CNAME the 50 domains to a smaller subset of domain names, and then you only have to change the A records of that subset whenever you have a change?
I second this idea.
I'd also point out that you can ease your DNS transitions by carefully planning a "drawdown" of the TTL values of your records prior to the actual change and/or setting up HTTP redirection on the legacy addresses, redirecting to the new location, during the interval of time in which the new DNS information is still replicating and/or resident in DNS caches.
Elastic IPs? by andrewl6097 · 2008-09-24 14:19 · Score: 3, Interesting

You could also leave your DNS static and use EC2 Elastic IPs to shift things around on the backend (you did mention you were using EC2).
FreeDNS by Chabil+Ha' · 2008-09-24 14:20 · Score: 2, Interesting

FreeDNS I've been using them for a few years. Updating the DNS info can be done in a single click for all domains. They have a few free update clients, or you can use their API to write your own client.

--
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
1. Re:FreeDNS by almightynayr · 2008-09-24 14:41 · Score: 3, Informative
  
  afraid.org will do everything he wants and then some, been using them for over 5 years now with no problems. check it out
Unclear by mcrbids · 2008-09-24 14:25 · Score: 3, Insightful

Are you looking for features in a registrar or dns provider? While most registrars also provide DNS service, there's never a requirement that you have to use them. And use them I don't.
I got good and comfortable with Bind many years ago, and have the DNS administration stuff down pat. I have some really nice administration scripts that manage changes by service. Throw in a few variables, some regex, and some DNS boilerplate definition files, and I get the ability to re-ip a service (EG: websites, email, https, dbserver, etc. ad nauseum) for hundreds of domains in 60 seconds flat if you include updating the actual DNS servers with the changes. (I publish 2, I maintain 5 so that I can quickly switch nameservers in case of hardware/network failure)
Other than that, I have all my domains linked to two DNS servers by name, and occasionally I have to move a DNS server. It takes a few minutes.
Is this what you are looking for?

--
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Re:Most people I have ever met or seen by ScrewMaster · 2008-09-24 14:34 · Score: 2, Insightful

You sound like you've had a long drive home. How about posting in the relevant forum next time, m'kay?
I dunno ... it was a pretty damn good rant.

--
The higher the technology, the sharper that two-edged sword.
ZoneEdit by bziman · 2008-09-24 14:39 · Score: 3, Informative

I've been using ZoneEdit for years and they're great. Free for small domains, and really cheap for huge domains. It never, ever breaks. And it's super easy to work with.
PowerDNS by skelly33 · 2008-09-24 15:01 · Score: 2, Interesting

PowerDNS -> run it yourself with the convenience of doing mass updates in SQL statements instead of maintaining a few dozen zone files on disk. If you think 50 domains is hard, try running several thousand on a shared hosting cluster. You either need scripted automation, or some type of DB-managed solution like PowerDNS. It's by no means the only one like it, but in my experience has worked reasonably well.
Run your own hidden master by Anonymous Coward · 2008-09-24 15:02 · Score: 5, Insightful

Pay a nominal fee to have an ISP slave their big bad never-down DNS servers against your hidden master. Make sure it is set up to allow DDNS updates from your master so there is no lag making the new data public. All you have to worry about is TTL.
Your server server will not take the load and will not have the uptime requirement as the public servers. You can put just about any DNS software on your server so you can use any API you want there.
Dear Mr. Rho, by Anonymous Coward · 2008-09-24 15:07 · Score: 5, Funny

Hi there, I am representing my client, Staples, Inc. Your use of the phrase "That was easy" treads upon the Intellectual Property right of Staples, Inc. Use of my client's slogan without prior written authorization is not permitted. You will immediately cease claiming that anything other than Staples, Inc. "was easy". This includes everything from DynDNS to your girlfriend and/or wife.
Sincerely yours,
Mr. Vatwozeezee
Run your own servers. by ScytheBlade1 · 2008-09-24 15:19 · Score: 2, Informative

1) Install and DNS server that supports what is technically called 'dynamic updates' and make sure that the updates can be authorized by keys. This server will be internal.
2) man nsupdate
Here, I'll even do this step for you: http://linux.die.net/man/8/nsupdate
3) Set the public facing DNS servers to transfer the zones from your internal DNS server.
4) Tada.
Using ISC BIND, I've setup my zones in a similar fashion. I configured the zone update authorization to be key based instead of IP based.
nsupdate uses no special magic, just RFC based standards to allow zone updates. If nsupdate doesn't fit your bill (and it should, it allows you to batch updates and send them), you can roll your own.
Keep in mind that 'dynamic update' doesn't mean 'low TTL value.' You can set it to whatever you please, it just means that you can updates records without any special zone magic.
UltraDNS by pixel.jonah · 2008-09-24 15:26 · Score: 2, Informative

Great infrastructure, robust, API, good people. I've been using them for around nine years now - http://ultradns.com/ - highly recommended.
1. Re:UltraDNS by MikeFM · 2008-09-24 19:36 · Score: 2, Informative
  
  I recently switched to UltraDNS for my important domains after a string of problems related to my old providers going down under DDoS attacks. So far it seems good. A little pricey but that doesn't really matter so long as they deliver everything they promise.
  Their support has already proven to be good too - they even answered a question that was more about my registar than DNS serving.
  
  --
  At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
What the heck? by davidu · 2008-09-24 15:35 · Score: 5, Interesting

I commented on this story in the firehose... what happened to that? [ http://slashdot.org/comments.pl?sid=974977&cid=25145093 ]

I wrote:

We're working on providing a FULL API to EveryDNS. Slowly, but surely. I've got new folks on board taking over the site to make it finally be the awesome beast it should be. And it'll still be free. I'm also trying to figure out a way to tie this into Pingdom's API since a lot of people already use that for monitoring. :-)

-davidu

--

# Hack the planet, it's important.
1. Re:What the heck? by stefanlasiewski · 2008-09-24 18:14 · Score: 2, Interesting
  
  Comments made to articles in the firehose do not make it to the live site. It's like a BRAND NEW firehose.
  
  --
  "Can of worms? The can is open... the worms are everywhere."
2. Re:What the heck? by netaustin · 2008-09-24 20:12 · Score: 3, Interesting
  
  davidu,
  I actually met you in college at one point; you were a senior, I was a [self involved] freshman, and you gave me some very good advice then too. FWIW.
  Thanks to everyone for all the great advice. I'm going to probably roll with EveryDNS one way or the other out of loyalty to their service which has never let me down.
  And we'll donate our savings from DNSPark.
  We use and love OpenDNS too. If you're ever in New York, I owe you a beer.
  -netaustin
Re:EasyDNS by seifried · 2008-09-24 16:00 · Score: 2, Informative

Uhh sed can do that you know. hint: -f
Zerigo by zarqman · 2008-09-24 16:14 · Score: 2, Interesting

Try Zerigo:NS (http://ns.zerigo.com/). The template feature may be enough to meet your needs. Change one template and every domain dependent on it changes at once.
If the templates aren't enough, there's also a REST API (brand new, not yet announced on the site, but should be functional).
Shoot me an email after setting up an account and I'll comp you at least 6mo of whatever level account you need to fit your domains. Be sure to let me know what level account you need.
To the rest of /. -- I'll comp any of you too: just mention this thread and let me know what account level.
(Disclaimer: If it wasn't obvious, I am affiliated with Zerigo.)

--
geek friendly VPS's and free API enabled DNS : zerigo.com
GoDaddy dba WildWest by bobbozzo · 2008-09-24 16:45 · Score: 4, Informative

GoDaddy dba WildWest has an API, but we seem to have ended up being guinea pigs for it, and it didn't go well. Their documentation had features that didn't exist, promised 24-hour turnaround on support failed, ...
It's working OK now, but I can't really recommend it.

--
Nothing to see here; Move along.
DNS Made Easy by Bud-froggy · 2008-09-24 18:59 · Score: 2, Informative

I highly recommend DNS made easy: https://www.dnsmadeeasy.com/s0306/res/ddnsc.html I use them with a bunch of serves on EC2 and it works like a charm.
Re:Try GoDaddy by sega01 · 2008-09-24 23:25 · Score: 2, Informative

Go Daddy will take down your domain if they hear a peep about it, and cause all sorts of trouble. http://nodaddy.com/ I'd just run NSD and serve them from in-house (maybe get an external VPS as a slave).
Uh, just run your own DNS server? by Giant+Electronic+Bra · 2008-09-25 00:04 · Score: 2, Informative

It isn't all that hard you know...
And even a pretty busy DNS server doesn't require vast hardware resources. You already obviously have a hosting infrastructure, etc. Bind 9 can serve up a LARGE amount of DNS requests on a couple of fairly low end machines.

--
"Malo periculosam, libertatem quam quietam servitutem." -- Jefferson