[Discuss] DNS providers

[dsr at randomstring.org (Dan Ritter)]

On Thu, Sep 04, 2014 at 01:34:05PM -0400, Jason Normand wrote:
> we are looking to move our DNS out of house and are looking for
> recommendations.  currently we are managing multiple bind servers
> ourselves.  but most of our systems are now running in AWS, and the few
> left in the colo are being dropped within the year.  our needs are not
> really that intensive or complex, but we would like a robust system and a
> strong SLA is a requirement.

What is your actual goal? One way or another, you are in charge
of your own information; what responsibilities do you want to
pay someone else to handle?

You might consider, for example, running a single master DNS
server that you don't list as authoritative for public
consumption, but has slaves at several external providers which
are so listed. Your master can lost contact for periods of time
while the slaves continue to work. Distribute them over three or
four providers and it will be quite bullet-resistant.

If all your systems are in AWS, it might make sense to use
Amazon's Route53 system. It's unlikely to be much different in
terms of availability from AWS.

You also haven't mentioned whether you have split DNS, where
machines inside your security boundary can see a different view
than the public. That will change everything.

-dsr-