DNS is scary, so I decided to run my own nameservers

Fear was both a reason for and against hosting my own nameservers. The idea began when I grew uncomfortable with my registrar also hosting my DNS. I feared the single point of failure that my account credentials represented, and the risk of losing control of both my domains and DNS–and by extension, email–that that scenario posed. I’d also tired of the ever-increasing cost of Amazon’s Route 53 service, which while reliable and a remedy for my first concern, was also quite excessive for my needs.

As if I needed further motivation, the possibility of storing my DNS zones in version control was quite appealing. Similarly appealing was the flexibility that came with hosting myself: I could set any TTL I’d like, support every possible record type I could need, and update zones as often and immediately as I pleased. There’s also a bit of pleasure in the vanity of my DNS: ns1.ethitter.com, ns2.ethitter.com, and ns3.ethitter.com, rather than nsX.somerandomcompany.com. Or maybe that’s hubris?

Conversely, because of how slowly DNS changes propagate (24-48 hours for certain updates), and my general lack of confidence in what I’m doing with my VPS, the idea of running a nameserver seemed absolutely absurd. Perhaps at the time, I’d gathered a bit of confidence from the small successes I’d had with my mailservers. Nonetheless, I really had no place trying this, nor even much of a clue of where to start preparing to host the DNS for 30+ domains.

To my relief, I found a tutorial specific to the software I wanted to use (nsd), and the process turned out to be fairly painless. In my next post, I’ll describe how I configured the primary server and added redundancy.