Ask HN: DNS redundancy, how to do it right?
by leo8 on Hacker News.
I hope I’m doing this right, since it’s my first submission. It is a question directed to sysadmins of HN: How do I reach nameserver redundancy? Right now our provider is getting DdoS’ed, so my employer is not reachable by mail, web etc. If I do a whois on the affected domain, I’ll get multiple nameservers (which the provider owns). Looks like this: nserver ns01.provider.tld
nserver ns02.provider.tld
nserver ns03.provider.tld
nserver ns04.provider.tld
nserver ns05.provider.tld Actually two questions arise from this: – Is it a good idea to setup my own nameserver which basically just “copies” the entries from my current provider and specify it (wherever that may be). By doing this I won’t have to maintain 2 different NS, only the one from the provider since the ‘secondary’ will simply be a copy of the primary? – Is it a good idea to simply increase the TTL of the important A/MX-Records?
Will for example, 1.1.1.1 still resolve my domain correctly, even if my providers nameserver is down for an hour? (assumed I have a TTL of 3 hours for example) Thankfully, I’m not the CTO, but since he mentioned to me that this happens regularly to the provider (being DdoSed), it got me really curious what the right mitigation to being unreachable is.