DNS Articles

The Domain Name System (DNS) is one of the core components of the Internet as we know it today. It acts as a giant, distributed phone book where you can look up the IP address for any domain name.

It's also one of the oldest Internet systems in current use, complete with warts and boils, confusing terminology and baffling behavior. The articles below are my attempt at making things easier to understand for someone thrown into the topic.

Buy this entire collection as a nicely formatted ebook.


How I run my own DNS servers

For the longest time I used zoneedit as my DNS provider of choice. All of my important domains were hosted there, they never really did me wrong. A few months back I decided that I wanted to learn how DNS actually works in the real world, though. Like, what does it actually take to run my own DNS servers?


How and why I'm not running my own DNS

A few months ago I posted about how I run my own DNS servers using my virtual private servers and tinydns. Well, it turns out that's not a great idea, for a few reasons. First, because if I mess up I'm entirely shut out of my servers. I tried to turn off a service on them the other day and accidentally turned of the tinydns service instead and it took me ages to get back in. Running DNS on the same machines that handle email and web hosting for almost every piece of my online presence is just way too fragile.


DNS: The Good Parts

Frequently I come across confusion with domain names. Why doesn't my website work? Why is this stupid thing broken, everything I try fails, I just want it to work!! Invariably the question asker either doesn't know what DNS is or doesn't understand how something fundamental works. More generally, people think that DNS is scary or complicated. This article is an attempt at quelling that fear. DNS is easy once you understand a few basic concepts.


Fix Your Email Deliverability with DMARC

If you do anything more advanced with email than hitting "Send" in Gmail then you should care about deliverability, which is the likelyhood that your email will end up in your intended recipient's inbox instead of their spam folder.


Your DNS Provider Should Not Be Your Registrar

Note: This article references events that happened in December 2014.

Hopefully, by time you're reading this DNSimple will have recovered from their DDoS-powered outage. Today has probably been a terrible day for everybody over there and I'm sure they're ready for a break. While you can't do much to directly defend against DDoS attacks, you can insure yourself against DNS outages.

If you're a DNSimple customer right now or a NameCheap customer several times earlier this year, you know what happens when your DNS service goes out. Your website is inaccessible, emails are probably bouncing, and so are customers and their wallets. It's all around bad news.

The cheapest insurance you can buy is to host your nameservers and your registrar at different companies. That way, if your registrar gets attacked it's no big deal because they're not involved with your day-to-day name resolution, and if your nameservers are attacked you can easily change them. You can't do that if the web interface you need to use is down at the same time as your nameservers.

Splitting your DNS services between two or more companies adds a tiny bit of one-time overhead to setting up a new domain name, but the peace of mind this strategy buys is worth it. Your can be back up and servicing customers at a new DNS provider in as little as five minutes, depending on your registrar, while your previous/primary DNS provider is struggling with an attack for hours.

Personally, I use Amazon's Route53 service as my nameservers and either Gandi (for .io) or Namecheap (for everything else) as my registrars, but you can use whoever you want. You could even use DNSimple as your registrar and Route53 as your nameserver if you want. The point is that you should have at least two wholely separate companies involved.