How to mitigate DNS problems

The article says that the host must support zone transfers out, but that not all hosts do.

Can someone provide examples of hosts that do? thanks.

I noticed some of you are looking for some high level information on DNS. I randomly came across www.dnsreviews.com the other day. They have some of the popular managed dns providers out there and descriptions of each company. Seems like a new site, but there are several user reviews and the information is very helpful. Should give you a pretty good idea on the providers out there and what each of them offers.

yeah you could go with multiple primaries, there are problems associated with the management of this though, although in most cases where a web UI is provided it's just a case of updating in two places. there will also potentially be problems if the SOA serials don't match.

Personally I wouldn't want a provider to allow zone transfers, unless you can specify IP's to allow zone transfers to as anyone can get a full list of your DNS config... not to mention it would be much easier to DDOS (lots of small queries returning lots of large results).

There are premium DNS providers out there that are hardened against these kind of attacks and have huge distributed infrastructure out there than can cope with it, if your domain is that important to you then this is really what you should be looking at.

You don’t have to run one server as primary and another as secondary; you could run more than one primary.

That means you have to have some other mechanism besides zone-transfer to make sure they’re all serving the same information. If you can only configure them via a GUI, then this is obviously going to be painful. But if you can just upload a config file in, say, BIND format, then it should be easy enough to upload the same config to multiple servers at once.

If you're looking for an introduction to DNS concepts, the djbdns documentation (and related Bernstein writings) are a good and relatively simple place to start:

http://cr.yp.to/djbdns.html

Really, it's more like BIND remains confusing because it still tries to do everything at once and contains some anachronisms. djbdns at least separates responsibilities between the programs to make it clear what the roles are when you're learning.

No, as I said, you need a provider that supports zone transfer out. Register.com doesn't support it.

Allow you to specify what your DNS servers are... is providing backup DNS as simple as setting up something with a secondary provider, and then in register.com's pages, adding those servers in as your DNS servers?

"Simply implement secondary DNS servers using a different provider."

That's rediculous, they can just DDoS attack the secondary DNS provider as well. Anyone is seceptible to this kinds of attack, get over yourself.

I've been with register.com for about 8 years and have been very pleased... until now, of course.

The thing is: If I switch primary DNS, I might as well switch everything; the cost is about the same ($28/year for primary DNS only and $35/year for domain and primary DNS from DynDNS; assuming I read the very complex pricing pages correctly.

If register.com would consent to be my primary DNS provider and allow me to specify a secondary name server, then I could see paying a bit more (DynDNS is $14.50 a year with a coupon) to have that secondary backup.

I wish I knew of a registrar without down time, I called register.com and they told me it was an attack. I was with godaddy.com before, had a lot more outages and I could'nt even speak to someone after a few **hours** on hold. I'm willing to wait it out plus unless you cannot check your email, everyone got a notice stating "Over the past 36 hours we have experienced intermittent disruptions to our
services as a result of a distributed denial of service issue - an intentionally
malicious flooding of our systems from various points across the internet. Your
services may have been affected. All of our technical resources are focused on
restoring and maintaining our services. "

Seems to me, based on the article, that it would be in a business' best interest to drop Register.com altogether and use DynDNS.com and EasyDNS as your primary and secondary providers. Why would you want to support Register.com when they can't even cover the basic in technical support?

Or is there some reason to use Register.com that isn't apparent?

This is beyond ridiculous. Once again they're down!

OMG register.com's DNS servers are down AGAIN! 3rd day in a row. I posted the other day if it happened again I was moving my domains and this is the final straw my domains are going to GoDaddy.
BTW it's 10:45 AM MST 4/3/2009.

If you find out could you let me know too please :0) ta

Hey rh, as someone who'd be dearly interested to have the DNS system explained to him, do you know of a good place to learn about it you could point me at?

I get stark raving mad of these commercial exploits that saw the pillars of build-in security of the internet and life in general for the advantage of a few bucks.

That's it; I'm emigrating to Africa ! :)

Every time something goes wrong with DNS at the office, or any time a change has to be made, I have to start at the beginning and explain how DNS works, again. And this is to technical people, not management, and to the same people, over and over.

I am constantly explaining the difference between the domain name and the nameservers and why you need MX records. Something about DNS causes peoples' brains to shut off, I don't know what it is.

It is no surprise to me that the registrars and providers of name services don't understand how it works. From my experience, there are maybe a dozen people in the world whose brain doesn't throw up when you mention glue records. Sad, really- it's not that freakin' complex.