So I have 100+ websites I manage for various clients, and it is a pain for me to login to their hosting or domain registrar accounts to manage their DNS.
Is there a simple solution, where I can turn on my own server that manages DNS? So for every domain I manage, I simply set a DNS once as ns1…com, and from thereon I can just manage their DNS configurations?
You must log in or register to comment.
If you’re getting paid to manage these sites you should not selfhost their dns. Use a real dns provider like cloudflare.
Since you’re managing clients’ DNS, you don’t really want to self host it.
Take a look at OctoDNS: https://github.com/octodns/octodns
Yaml config for DNS, and it just interacts with all the providers your clients want to work with while letting you have everything in one place managed via IaC.
If you do self host dns make sure you have at least 2 vm’s on different subnets (not the same ip ranges) and if you really go smart about it have them hosted in separate cloud providers to mitigate the risk a bit. Then make sure you are aware of how hackers use dns servers for example dns amplification attacks with dns to prevent yours from being used. There is documentation and CIS guides on this. But overall it is not scary. Just a bit of initial admin to get going. As other have mention there is bind, powerdns and that other one that was mentioned Technitium or something (never heard of it before). But as others have mentioned before, Cloudfare really is a good option to selfhost without the infrastructure requirements.
Cloud flare offers an api which allows you to manage it yourself without much hassle.
this is a better solution
Thanks, but I have had issues with clients with Cloudflare in the past. They tend to ban/block websites or traffic on subjective grounds. I am happy to spin off 5 VMs if needed.
The reason I like to self host is because I am kind of sick of these large companies acting like they own us.
Thanks for the detailed post. I will keep these in mind.
I use PowerDNS and PowerAdmin. Supports pretty much everything (including BIND backend), has an API, and you can store the DNS records in a SQL database.
dnscontrol it via git actions and u will never go to gui :)
You can always use a Pi-Hole which offers DNS Hosting or if you have a Synology NAS
https://dnssimple.com is also a great cheap solution that will host your own NS servers.
I use Cloudflare. I just have the users add the Cloudflare nameservers to their domain. Once all is done, I can make DNS changes while the customer continues to pay for the domain using their preferred registrar.
I would use cloudflare and terraform to be honest, but bind would work just fine. You’d be able to keep all configs in git and have a pipeline deploy to the server and reload.
Cloudflare + terraform is a good solution. It’s not self hosted, but cloudflare managing the dns for you is much less headache. And you can manage all the records with IaC which makes it super simple to automate and take away the ‘clickops’
I do both bind and route 53, but this is self-hosted so bind would be my choice.
I’d advise to use DNSControl, combine that with Gitlab / GitHub and a ci/cd pipeline and you’ll only have to commit you’re changes and the ci/cd will do the rest.
I use it to manage DNS at Cloudflare, but anything else that DNSControl can communicate with will work.
I like powerdns for an authoritative server.
I run coredns.io these days. Simple, many plug-ins available, can handle split brain, etc.
(Personally I just make a change in git and it auto updates my dns boxes)
Bind, powerdns, dnsmasq… You COULD do it with windows DNS server or even something like a mikrotik router…
AWS has route53… but depending on your clients someone would be paying money…
Id probably look for someone like digitalocean or cloudflare that has an API and use that… DNS is pretty simple… Until it’s not.
Cloudflare is the best choice!
I use three instances of CoreDNS (one main and two others) at three different providers. Setup is relatively easy and I manage all DNS zone files, keys for DNSsec with Git.