[150540] in North American Network Operators' Group
Re: Reliable Cloud host ?
daemon@ATHENA.MIT.EDU (Jared Mauch)
Mon Feb 27 09:40:23 2012
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <1fd3e972-a2e2-4ecc-b2d1-03fe47a828ff@zimbra.network1.net>
Date: Mon, 27 Feb 2012 09:39:25 -0500
To: Randy Carpenter <rcarpen@network1.net>
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 26, 2012, at 5:56 PM, Randy Carpenter wrote:
> We require 1 or 2 very small virtual hosts to host some remote =
services to serve as backup to our main datacenter. One of these =
services is a DNS server, so it is important that it is up all the time.
>=20
> We have been using Rackspace Cloud Servers. We just realized that they =
have absolutely no redundancy or failover after experiencing a outage =
that lasted more than 6 hours yesterday. I am appalled that they would =
offer something called "cloud" without having any failover at all.
Pardon the weird question:
Is the DNS service authoritative or recursive? If auth, you can solve =
this a few ways, either by giving the DNS name people point to multiple =
AAAA (and A) records pointing at a diverse set of instances. DNS is =
designed to work around a host being down. Same goes for MX and several =
other services. While it may make the service slightly slower, it's =
certainly not the end of the world.
Taking a mesh of services from Rackspace, EC2, The Planet, or any other =
number of hosting providers will allow you to roll-your-own.
The other solution is to go to a professional DNS service provider, =
e.g.: Dyn, Verisign, EveryDNS or NeuStar.
While you can run your own infrastructure, the barrier for operating it =
properly is getting a bit higher each year in doing it "right". I was =
recently shown an attack graph of a ~200Gb/s attack against a DNS =
server. *ouch*.
Sometimes being professional is knowing when to say "I can't do this =
justice myself, perhaps it's better/easier/cheaper to pay someone to do =
it right".
- Jared
(Disclosure: I work for one of the above named companies, but not in a =
capacity related to anything in this email).=
