DO Ideas 2

add slave DNS to the DNS manager

The new DNS manager looks nice, but one feature that's missing is the ability to have the Digital Ocean servers serve as slave DNS servers performing zone transfers (AXFR/IXFR) from our droplets. Other hosts provide this, which reduces the DNS load on droplets.

  • tonycpsu
  • Sep 11 2018
  • Attach files
  • Director commented
    September 11, 2018 19:18

    After I started the free services offered by Cloudflare, this feature became instantly useless to me.

    Cloudflare offered a free DNS service with Anycast support. With their Anycast feature, all DNS queries worldwide is extremely fast. With their free DNS services, they offer for every domain TWO IPS FOR FREE. Thus, your domain will have two extra IPs and your Nameserver shall never fail!

    Further, they offer to each free account, a free firewall service to DNS and domains. Thus your domains remains shielded from Hackers.

    In addition to this, they offer caching of many files, like js, css, html, etc.

    DigitalOcean uses services by Cloudflare but does not offer all the features Cloudflare offers to all free account. I assume that this is the reason why they cannot offer further changes to the DNS API. I do not know. Regardless of this, I found an excellent alternative to the DNS Nameserver services with Cloudflare and cannot imagine anything better.

    Consequently, when I have a better Master Nameserver, why should I want any other services like slave DNS? Cloudflare with their Anycast in the free account is much better.

  • Andrew commented
    September 11, 2018 19:18

    i would also like this feature.

  • Director commented
    September 11, 2018 19:18

    I ordered certain domain names with a company based in Germany. They do not even have 10 % of income or customers like DigitalOcean does.

    I simply needed to paste one hundred domain names in one mask and enter master IP. All the slave zone files got created within less than 120 seconds.

    I would require more than five hours to create 100 zone files with DigitalOceans primitive DNS management tool.

    So yes, this feature is a must.

  • Martin commented
    September 11, 2018 19:18

    After what happened today with the DNS service I hope you guys give to this suggestion a big importance in your developer timeline. Is a simple and small feature which everybody need to use.

  • Ben Speakman commented
    September 11, 2018 19:18

    I wrote a simple copy of NickHiddenClever's script in JS if it helps anybody https://github.com/threesquared/digitalocean-dns-sync

  • NickHiddenClever commented
    September 11, 2018 19:18

    Hi there,

    I wrote a script to automatically synchronise BIND dns zones with DO's DNS servers using their API. Not sure if it will help anyone depending on setup but it does exactly the same (just a bit slower obviously). I'm still working on a few duplicate entry bugs with the intelligent sync portion but the full sync option works flawlessly.

    https://github.com/HiddenClever/digitalocean-dns-sync

    Thanks,

    Nick

  • GammX1 commented
    September 11, 2018 19:18

    1) Using Mail-in-a-Box as follows: https://www.digitalocean.com/community/tutorials/how-to-run-your-own-mail-server-with-mail-in-a-box-on-ubuntu-14-04 as my mail server and Primary DNS Mger. running over a DO Droplet...

    2) Additionally, an additional Droplet working as web servers powered by 'serverpilot' as follows: https://www.digitalocean.com/community/projects/serverpilot

    Then I would like to use DO 'DNS manager' for every domain at 2) to act as 'Secundary DNS' by automatically mirroring their DNS records from ther 'Primary' one at 1)

    Hope this will arrive soon!

  • dusty doris commented
    September 11, 2018 19:18

    I use dnsimple as my primary nameserver. They just offered the ability to slave records to another host. I would love to use DO as my secondary for times like when dnsimple goes down due to a DDOS attack.

    http://blog.dnsimple.com/2015/01/announcing-secondary-dns/

  • Andy commented
    September 11, 2018 19:18

    I also would love this feature :-)

  • Ben commented
    September 11, 2018 19:18

    While I'm in favor of DO allowing slave service for their DNS servers, I might point out that meantime you can get free slave DNS service from both puck.nether.net and rollernet.us. I use both (with my master actually at home) and they work quite nicely (both respond immediately to NOTIFYs).

  • Jyri-Petteri Paloposki commented
    September 11, 2018 19:18

    I absolutely need this for transition from Linode. I like having the master in my own control (PowerDNS + PowerDNSadmin), but don't really care about having a few more droplets just for the slaves.

  • Hargobind Khalsa commented
    September 11, 2018 19:18

    I too would greatly appreciate this functionality, but it's not because of performance. It's because I prefer to work with zone files over using a web interface, however I need to specify at least two NS records for my domain. I could spin up a second droplet, but despite your wonderful prices it still seems like a waste considering how little it would be doing.

  • tonycpsu commented
    September 11, 2018 19:18

    Of course we could create more nodes, but the point of slave DNS is that you guys have a lot more resources on your servers than our droplets do. The idea is to offload the task of resolving DNS for our many domains to your infrastructure, which is likely to be more resilient to attacks, sudden spikes in traffic, etc.

  • Moisey Uretsky commented
    September 11, 2018 19:18

    There are other inherit security concerns such as transferring a zone file that is already defined on our side.

    But overall if you are already running a nameserver hence why we would be slaving off of that, why not just spin up whatever slaves you need directly?

    Thanks

  • tonycpsu commented
    September 11, 2018 19:18

    Thanks for responding, Moisey. The problem with your workaround is that every time we want to add new records to our domain, we have to do it through the DNS manager interface instead of simply editing the zone files on our own hosts and having the changes propagate.

    Zone transfers aren't inherently insecure, and the transfer direction is from our hosts out to your DNS servers, so I would think the security issue (if any) would be the user's responsibility, and not affect the security of your own servers.

  • Moisey Uretsky commented
    September 11, 2018 19:18

    Some security concerns in regards to implementing this and usually we like to avoid enabling zone transfers.

    Technically speaking I think you can add domains to our DNS manager and then setup your ns1/ns2.domain.com to point to our nameservers IPs and it should work, only issue will be that the PTR record for the nameserver will resolve to ns1.digitalocean.com.

  • Josh commented
    September 11, 2018 19:18

    I need this to transition from Linode. Scale maybe 10,000+ slave domains.

  • Casey commented
    September 11, 2018 19:18

    I second this! It would be fantastic to use Digital Ocean as a secondary DNS provider.