Sign in to follow this  
tekiegreg

To outsource or not to outsource the DNS that is the question...

Recommended Posts

So I've got a VPS setup through Hawkhost, that amongst other things rolls its own DNS.  All seems good but many have told me I really should find another server for DNS, security and reliability reasons.  Makes sense.  Of course that just costs more money, at least for a good provider.

 

Thoughts?  Is it really a best practice now?  Would HawkHost help at all (maybe open up HawkHost DNS servers and allow me to place a zone file on HawkHost's own DNS)?  

 

Just curious...

Share this post


Link to post
Share on other sites

There is definitely merit to using third party DNS and offloading that part of your infrastructure to a provider that specializes in DNS management. In addition to the improved control/features DNS providers have *massive* networks in place, in terms of both overall throughput/capacity and hardware based filtering, so they can mitigate most attacks sent towards your site(s). If you look at the recent attacks directed at Dyn they only struggled once the attack hit upwards of 620 Gbps (which it goes without saying is just stupidly big...). The fact that they were able to stay online up until that point should give you an idea of what a specialized DNS provider can offer you in terms of protection.

If you lookup the DNS/nameservers of a lot of company websites you'll notice more times than not they're using third party DNS. The trend really becomes obvious the more you poke around / once you're aware of it. 5-10 years ago doing everything in house (email, DNS, etc) was the accepted standard but as specialized companies started popping up (and also became affordable for most organizations) everything shifted back to paying someone else to manage certain aspects of your infrastructure.

Quote

Would HawkHost help at all (maybe open up HawkHost DNS servers and allow me to place a zone file on HawkHost's own DNS)?

This isn't something we'd want to do to be quite honest with you. Even if we had the infrastructure in place it would be very ill-advised of us to mix customer properties/sites with our internal infrastructure. Imagine the nightmare scenario of you being attacked and being unable to reach us because we're down for the same reason. That's a scenario where nobody comes out ahead.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this