Notes About DNS
Almost all of my clients run websites. A good number of them are hosted externally on services like Amazon’s EC2 or Linode’s VPS. There are a few clients that host their sites internally on their own servers. In both cases I see a lot of companies make the same serious mistakes. I thought I would take some time to run down the most common mistakes and then provide you with some real world best practices.
First a bit of a lesson on how DNS works. There are three parts that we care about in DNS. The registrar, that is the person that you registered the domain with. They act as a go between for ICANN (the international organization that oversees domain registrations) and you. GoDaddy is a popular example of a Domain Registrar. Then there is the DNS provider. The DNS provider is the person that actually looks up your domain and turns it into an IP address (the numbers computers use to talk to one another). GoDaddy provides some simple DNS hosting. Some popular alternatives are DynDNS or Amazon’s Route 53. The third part is your server, or more correctly your hosted IP address. Now this can be really confusing, but over simplified, this is the IP address that you use to get to your website.
A quick note on GoDaddy. I am using them as an example because they are so popular. I don’t mean to say that their service doesn’t work or that it doesn’t work well. Quite the opposite, their service is a good stop gap. But I don’t feel that you should go into production with it (though a lot of people do).
The most common mistake I see is using the registrar’s DNS service. Yes GoDaddy has a pretty nice interface for editing your domain’s records, but their actually DNS resolution service, while functional, is intended as a stop gap till you can get on your own DNS servers. I don’t think any serious website should launch using GoDaddy’s DNS resolution services. There are many DNS service providers to choose from. For example Amazon’s Route 53. DynDNS is another popular choice.
The reason you want to move to a more specialized DNS provider is simply speed and support. For example, a lot of times you will want to move your DNS provider to your hosting company. That way, as you make a new subdomain, it also gets auto created in DNS. Another example could be Amazon Load Balancers working best with Route 53. Leaving your DNS hosting on your Registrars DNS often leaves you with slow response times and longer support queues should a problem arise.
The next most command mistake is improper DNS setup. Setting up every subdomain as an A record, or having multiple entries for one host, when you shouldn’t. DNS really needs to be setup by someone who knows how. A lot of the DNS provider’s sites, make it look easy, but it can be very complicated. Specially on big sites or large lists of servers and services.
The third most common mistake is using internal DNS servers externally. In my opinion you should never use MS DNS services as a DNS provider external to your own domain. It’s kind of like email. Why have that headache internally when you can just let someone else have it. If you insist on hosting your own DNS you should use a Bind server (which means Unix or Linux maybe Mac) and set it up correctly. This means hiring someone who knows exactly how to setup a DNS server. This is usually an expense that is not needed. But hosting your own DNS and doing it wrong can cause a huge set of problems, some of which carry government fines. Again, better to just let a provider deal with that.
Now for some good rules of thumb:
- Always have only one A record per IP address. This helps speed up changes when changing IP address or hosting providers.
- Always setup a SPF record. This allows you to send email without it getting marked as spam
- Always test your response/resolution time. If you have to spend a long time in the DNS resolution phase it’s going to make your site seem slow even when it’s not.
- Always have your Development or IT staff setup the DNS records. They know what they need, and they should know how to set them up correctly.
- Always check your Domains against a domain checking service. http://www.dnssy.com is a good example of a testing site. Though you might have to have someone help you read the results.
- Never host your own DNS.
- Alway use a provider that has DNS servers in many locations. This helps prevent failure from natural disaster or major network outage.
I currently strongly recommend Amazon’s Route 53. It’s easy to setup and provides reliable, quick, and standards compliant DNS hosting. Other providers are out there. Most of the time your hosting provider will offer DNS as well. For example Slicehost had very good DNS servers, so I used to place all my customers with hosting at Slicehost on their DNS servers.
You can download an offline version of this article by clicking here.
Coteyr.net Programming LLC. is about one thing. Getting your project done the way you like it. Using Agile development and management techniques, we are able to get even the most complex projects done in a short time frame and on a modest budget.
Feel free to contact me via any of the methods below. My normal hours are 10am to 10pm Eastern Standard Time. In case of emergency I am available 24/7.
Phone: (813) 421-4338