DNS Services for a registrar

DaKnOb daknob.mac at gmail.com
Fri Aug 12 12:50:55 UTC 2016


Someone registered the domain “corp.gr” and now sells subdomains similar to .com.gr, .co.uk, etc. They use a “clever” way to make sure they will have 100% uptime at virtually no cost:

$ dig NS corp.gr
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.8.3-P1 <<>> NS corp.gr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47495
;; flags: qr rd ra; QUERY: 1, ANSWER: 28, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;corp.gr.			IN	NS

;; ANSWER SECTION:
corp.gr.		21599	IN	NS	puck.nether.net.
corp.gr.		21599	IN	NS	ns4.dnsunlimited.com.
corp.gr.		21599	IN	NS	i.ns.buddyns.com.
corp.gr.		21599	IN	NS	d.ns.zerigo.net.
corp.gr.		21599	IN	NS	f.ns.zerigo.net.
corp.gr.		21599	IN	NS	b.nskey.com.
corp.gr.		21599	IN	NS	g.ns.buddyns.com.
corp.gr.		21599	IN	NS	ns4.he.net.
corp.gr.		21599	IN	NS	ns5.dnsunlimited.com.
corp.gr.		21599	IN	NS	f.ns.buddyns.com.
corp.gr.		21599	IN	NS	h.ns.buddyns.com.
corp.gr.		21599	IN	NS	d.ns.buddyns.com.
corp.gr.		21599	IN	NS	ns2.he.net.
corp.gr.		21599	IN	NS	ns2.afraid.org.
corp.gr.		21599	IN	NS	a.nskey.com.
corp.gr.		21599	IN	NS	b.ns.zerigo.net.
corp.gr.		21599	IN	NS	b.ns.buddyns.com.
corp.gr.		21599	IN	NS	e.ns.buddyns.com.
corp.gr.		21599	IN	NS	ns1.dnsunlimited.com.
corp.gr.		21599	IN	NS	c.ns.zerigo.net.
corp.gr.		21599	IN	NS	c.ns.buddyns.com.
corp.gr.		21599	IN	NS	ns3.dnsunlimited.com.
corp.gr.		21599	IN	NS	a.ns.zerigo.net.
corp.gr.		21599	IN	NS	ns5.he.net.
corp.gr.		21599	IN	NS	ns2.dnsunlimited.com.
corp.gr.		21599	IN	NS	ns1.twisted4life.com.
corp.gr.		21599	IN	NS	e.ns.zerigo.net.
corp.gr.		21599	IN	NS	ns3.he.net.

;; Query time: 161 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Aug 12 14:42:58 2016
;; MSG SIZE  rcvd: 577

Of course, I don’t recommend you do this. On a serious note, as mentioned previously, AWS lacks IPv6 currently. A custom solution would provide more control but it may have some challenges. In addition to that, you’d probably need some form of network redundancy but you’re most likely not going to reach AWS’ anycasted network’s availability easily. I’d recommend looking to some other providers as well, some of which may be in the list of name servers above.. 

Just my 2c

> On 12 Aug 2016, at 08:56, Ryan Finnesey <ryan at finnesey.com> wrote:
> 
> We need to provide DNS services for domains we offer as a registrar.  We were discussing internally the different options for the deployment.  Does anyone see a down side to using IaaS on AWS and Azure?
> 
> We were also kicking around the idea of a PaaS offering and using Azure DNS or AWS Route 53.
> 
> Cheers
> Ryan
> 




More information about the NANOG mailing list