Thinking About DNS

DNS servers are things we don’t like to think about, and as long as they are functioning we don’t tend to care to think about them. Every day we use DNS servers, whether to enact a query (to lookup a webpage) or to make domains accessible. This post will focus on the latter.

Most of us don’t really think about who provides DNS access to our domain names because we get DNS servers through our domain registrars as a “value added” service. When is that “value added” service not enough? I guess that has to be a personal decision based on your needs and desires for your domain.

For me personally, registrar-based services were no longer enough when I switched to OpenSRS and discovered that their DNS servers do not support Dynamic DNS, something I had gotten accustomed to having through eNom previously. For people like me who run our own web servers (or have our boyfriends manage one for us) on a dynamic IP address, this is a tiny problem. For this reason I had to weigh my options carefully when moving to OpenSRS. I could either suffer with eNom’s horrible support, impersonal treatment of customers and potential for foul occurrences and have kick-ass DNS servers, or I could have what I needed in a registrar and seek DNS somewhere else. Since the service I was seeking was a good quality registrar I went with OpenSRS and started seeking out other providers of DNS servers. I found what I was looking for in Zerigo. For less than the difference I was paying OpenSRS under eNom I could have professionally hosted DNS (with my own vanity DNS servers).

Everything was going well with Zerigo until a few months ago, when suddenly their servers were being attacked, making my domains inaccessible by the world. While Zerigo did what they could to mitigate the attacks and keep at least one of their servers online (1 is all you really need anyway), it didn’t always go so well and they lost service completely on and off for a few days. While I’m sure there are ways to fault Zerigo on their fault-tolerance policies, or some other technical issue, it still doesn’t solve the actual problem. Every individual DNS provider is vulnerable. Any DNS servers that share a common characteristic (owner, administrator, physical location, backbone connection, server software, etc) is vulnerable to attack or outage due to some issue or another. The flaw that myself and every other person who relies on a single set of DNS servers (such as those provider by a registrar) is that they can all be compromised at the same time. DNS is a very likely single point of failure for the Internet and as such, redundancy is important.

While redundancy is very important, I think I may have taken it too seriously when my problems with Zerigo came about. I now use Zerigo, XpertDNS and Hurricane Electric’s DNS. My primary domains are on all three providers (I have a total of 14 available individual DNS servers). Less important domains are running with Zerigo as primary and HE as a backup. On many of my domains I have filled all 13 available DNS server positions, giving me the highest level of redundancy allowed under the current DNS standards.

For people who are on their registrar’s DNS or have another single set of DNS servers I seriously recommend HE’s free DNS hosting ( as a backup DNS provider to supplement your primary servers.