How-To Geek recently posted the following:
“Your Internet service provider runs DNS servers for you, but you don’t have to use them. You can use third-party DNS servers instead, which offer a variety of features that your ISP probably doesn’t.”
Continue to the article here. This has useful information that I didn’t cover in my previous blog.
I’d just like to add the comment that this is more about DNS resolution than about hosting your own domain, though third-party providers can do that for you, too.
- So You Need A DNS Server? (crossadept.wordpress.com)
Hi! If you’ve been reading about DNS on my blog, you probably understand the importance of having DNS services, you have some idea about why you might want to run your own DNS server, and you realize that protecting your online brand means protecting your domain registration. What I’d like to talk about this time is how many DNS servers you should plan to operate.
BIND, which stands for Berkley Internet Name Daemon, is a DNS server that’s been designed to be able to provide every kind of DNS service you might need. It is the most commonly and widely used DNS server in the market, and it’s also open source and free. Technically speaking, you could theoretically run a single BIND server that hosts your internal domain, and provides your users and customers with a DNS resolver. A lot of organizations with limited resources start out this way. But even if you’re forced to start out with a setup like this, it’s not a good idea to keep it like this.
The problem with a one-server-fits-all approach is that if anything happens to degrade your DNS server’s performance, you can impact all of your DNS services. The DNS protocol is designed to run a distributed service with multiple servers sharing the load and making the DNS services very resilient. By splitting the service up among several servers, you insure that a problem with one server does not impact your entire DNS infrastructure.
There are a lot of companies out there who will offer to help you register your own domain. I’ve mentioned a few of the bigger names, such as Verisign, Dotster, and GoDaddy. Often a hosting provider or an ISP will provide you with domain registration services as a reseller.
I’m going to assume for now that you’ve selected a domain name and that you know which top-level domains (TLD’s) you want to register your name in. Examples of top-level domains are .com, .net, .org, .info, .me, etc. If you’re not sure about your options, see the list of valid TLD’s . Each TLD is represented by its own domain registry, which is operated by an entity called a registrar. In most cases, you won’t be dealing directly with the registrar — you’ll most likely be dealing with a company that partners with the registrar to provide registration services.
This is where you need to be very careful. Sometimes when a third-party registration service provider registers a domain on your behalf, they effectively control your domain as the administrative contact. For example, domain registration provider Tucows has a business model where they only deal directly with the reseller and not with the domain owner. This could put you in a very bad position if you need to make changes to your domain or if your domain isn’t renewed properly by the reseller. Imagine the trouble you’d have if your domain registration expired and the reseller went out of business a year earlier or doesn’t return your phone calls. I’ve seen it happen.
Make sure you’re doing business with a reliable registration service provider and that you have complete control over your domain registration. Don’t ever risk having your domain expire because of a reseller’s billing error. Cheaper is not necessarily better if your domain is effectively being held hostage.
In a previous blog post, I talked about why you should care about DNS. Now I’d like to talk about whether you need your own DNS server or not and what your options are.
Like I said before, most people don’t need to know much. They don’t own their own domain name and they use whatever DNS servers their Internet Service Provider gives them to use. Most of the time, that’s completely transparent to the end-user.
But if you’re running a business, you probably need to own a domain name and you might not want to use your ISP’s DNS servers for various reasons. If you’re a geek, you might want your own domain and DNS server just because. Why wouldn’t you just use whatever DNS server your ISP gives you to use?
You need your own domain name. You want to provide your customers and your employees with branded web, email, or other network services.
You have an isolated network. Your internal network may not be directly connected to an internet connection, but you still need to provide internal network services to your employees.
You want or need more control over your DNS service than your ISP provides.
Your ISP doesn’t provide DNS hosting services for your domain.
You can’t or won’t trust your ISP’s DNS services. (Just why are you using that ISP?)
You’re paranoid, you’re wearing a tin-foil hat, and you’re proud of it.
You’re a geek and it’s a (“fun”) learning experience.
In my day job, I am a DNS Professional. DNS stands for Domain Name System. It’s one of the reasons you can type crossadept.wordpress.com to get to my blog instead of having to remember six different numeric IP addresses.
(I’m also a Network Professional. I can remember six different IP addresses if I’m using them constantly. But not the dozens of IP addresses I connect to every single day.)
Most people don’t know what DNS is. It’s one of those things that quietly works day after day and nobody except DNS Professionals like me give it a second thought. But DNS is more relevant in today’s Internet than it was even ten years ago. And for the sake of your money and reputation, you ought to care very much that DNS is doing the job it’s supposed to do.
Whether you know it or not, you are using a DNS server right this very moment. What if someone was able to trick your DNS server into telling your web browser that “crossadept.wordpress.com” is an alias (another name) for “hackmycomputernow.badguy.net” (a fictitious black hat hacker website I made up) ? You could be in for a very bad day without a clue about what was going on.
Fortunately, there are ways to protect your DNS server from just such a thing happening. Unfortunately, many companies aren’t using them.
In the days to come, I hope to share with you on this blog how to set up a reasonably secure DNS system based on my own experiences. If you need to host your own domain, you need to make sure you’re not wide open to every black hat on the Internet.
If all you care about is making sure that you can use DNS on your home or small business PC’s without worrying about hackers, check out OpenDNS.