Today’s Go Daddy outage has made it clear that I need to configure secondary DNS servers for the domains I manage. Not only are Go Daddy’s servers vulnerable to hacking, they are not geographically distributed.
What is secondary DNS? It’s basically a backup DNS server (or several servers) that will continue to answer that all important “where is mcbsys.com?” question even when the primary servers are unavailable.
Today, Go Daddy themselves moved their DNS to their competitor, Verisign, so they could get their web site back online.
Many companies offer secondary DNS hosting. BuddyNS.com looks promising: their entry-level plan allows up to 300,000 queries per month at no charge. I’d think that would cover most small business accounts, but if not, their next step up offers 3 million hits for $1/month. They offer this handy tool to check your domain’s DNS distribution, including the “sparsity” (geo-diversity).
So I set up my BuddyNS account, but when I went in to configure Secondary DNS at Go Daddy, I was told I need to pay $3/month extra for "Premium DNS.” What? Why do I have to pay so I can configure third-party servers to take over when Go Daddy is unavailable?
Hopefully Go Daddy will see how ridiculous this policy is and stop charging people to safeguard against Go Daddy’s own vulnerability.
Update October 4, 2012: Go Daddy has not responded to my suggestion to make secondary DNS available to all. And the promised “gesture” for the downtime never materialized. I’ve moved primary DNS from Go Daddy to DNS Made Easy, with BuddyNS as secondary. Here’s how to set that up: Use DNS Made Easy with BuddyNS as Secondary.
I couldn’t agree more. I too was looking to add secondary DNS for my domains but couldn’t seem to do it without upgrading. I submitted a ticket to see if PremiumDNS was required or if there is another way. To charge a customer extra so they have recourse when you fail to meet you obligations is a bit on the outrageous side.
I already have GoDaddy Premium DNS and was still down on Monday (Secondary DNS was not enabled for my domain, but each of my vanity nameservers is located at a different IP… which obviously didn’t help). Once I could access GoDaddy again, I decided to look closer at the Secondary DNS Settings. Turns out if you have either of their other Advanced Settings enabled for your domain… those settings being DNSSEC and Vanity Nameservers, you cannot enable/use the Secondary DNS. Bummer. Instead of paying GoDaddy my $3/month, I’m considering paying the same (or less) to a different DNS Hosting company that already has redundancy built in.
Thanks for the feedback guys. Stewart, interesting info about Premium DNS. Trying to learn a bit about DNSSEC, I found this on the BuddyNS site: “BuddyNS does not support DNSSEC because it exposes to some vulnerabilities unsuited to a high-volume DNS service.”
I also stumbled across this today: Amazon offers DNS service starting at $1/month for one domain and 1 million queries: https://aws.amazon.com/route53/.
In spite of the overhead of keeping track of an additional provider, I still like the idea of hosting primary DNS with one company and secondary with another. Go Daddy says this outage was not due to a hack, but what happens when it is? DNS servers are well-known public IPs, so it wouldn’t be hard for a hacker to target all of Company X’s DNS servers. Hopefully they would not also be targeting random Company Y at the same time.