Linode.com Forum

[caker]

I'd like some opinions on the DNS Manager that is to come...

Obviously, members need the ability to change reverse DNS for each IP. That's a no-brainer.

Now, in terms of dns zone features...

"A" records
"MX" records
"CNAME" records (although I usually just use A records).
Support for "@" or blank domains that resolve
Support for "*" wild carding domains.

Now, my issue is that people could use this system to point domains anywhere, not just their Linode. I could limit *where* you could point hosts to, but then that isn't very useful, because I know lots of people who have "homemachine.mydomain.com' and it points to some place else.

Should I limit the useful hosts (like @, www, wildcards, etc) to only be able to point to one of your Linode IPs?

Should I limit the DNS to only one domain?

Should I charge per-domain to keep people from abusing it?

Look forward to your suggestions,
-Chris

[sec39]

caker wrote: Should I limit the useful hosts (like @, www, wildcards, etc) to only be able to point to one of your Linode IPs?

That sounds like the best idea to me.. if people have more than 1 linode, perhaps, bind the IP's to the account or something like that (if people have seperate web, email, whatever servers).. I'm no DNS wiz so I could sound completely wrong here.

Just trying to make it so that it doesnt cost more money :D

[qbatqbat]

I guess another solution would be to log DNS usage and have a seperate DNS bandwidth allowance on each Linode plan but I dare say it would over complicate things (and would take up far more processor time for each request).

It certainly sounds like a good idea to prevent abuse though like you suggest, such as restricting more common hostnames to linode hosts, after all if people want more flexibility they can set up their own DNS server on their linode and secondary elsewhere, as I'm sure many of us are doing now.

P.S. Nice to see new Linodes coming online and quickly getting snapped up on http://www.linode.com/products/linodes.cfm

[antelope]

IMHO, there shouldn't be any restrictions on PTR records because of their nature.

[kenny]

Maybe just a really simple wizard where you can set a 'www' host, mx , soa records, maybe three? extra cname/a records, and pretty much full access to their ptr records.. maybe two or three domains. Watch the number of queries that the domains are getting, if they are being heavily hit for offsite hosts then start charging the person.
Someone needs more resources or ability then what the wizard offers, point them to the BIND howto (or tinydns!). Since anyone can just run their own dns on their linode, I don't think they should be too picky about using linode.com's for free (except PTR records).

Kenny

[faded]

Would there be any way you could set it up so we could just set the reverse via our own nameserver were running on our linode? just make everyone who wants a nameserver run bind i could put together a howto for people who have never used bind or they could use webmin to set it up just a thought

[JamesSykes]

you _can_ delegate PTR control - but not much point with such small ammounts of IPS - plus i imagine it would cause ALOT of suport problems with misconfigured dns etc...

Quote: Now, my issue is that people could use this system to point domains anywhere, not just their Linode.

So you dont want people using your DNS (when they should run it themselves on there own machine)

Sollution : Charge for IPS that point elsewhere. (give say 5 free though)

Quote: Should I limit the useful hosts (like @, www, wildcards, etc) to only be able to point to one of your Linode IPs?

No - but charge for each record over a certain ammount. UltraDNS charges 7CENTS per record i believe.

Quote: Should I limit the DNS to only one domain?

You _SHOULD_ have a limit - but maby 2-3 - after that make them pay for it.

[faded]

im not bashing what you have to say but i did not buy a virtual server to have to pay for domains i host seeing as i admin the box i should be able to host as many domains as i see fit if i sound like an ass im sorry i just dont see the point whats next will we have to pay to run apache to?

[caker]

faded wrote: im not bashing what you have to say but i did not buy a virtual server to have to pay for domains i host seeing as i admin the box i should be able to host as many domains as i see fit if i sound like an ass im sorry i just dont see the point whats next will we have to pay to run apache to?

We're just talking about "managed dns" -- a service I would provide as a convenience for customers who don't want to run their own name servers, or who don't want to outsource it to someone else.

The checks-and-balances would only be in place to keep people from abusing my DNS servers (and it would happen). You're still able to handle it on your own with no limitations.

-Chris

[faded]

oops heh sorry about the rant then :oops:

[irgeek]

I realize that you don't want people to abuse your DNS servers, but if you're only going to offer DNS service to users of linodes, then I don't think that's likely to be a big problem. As for service, here's what I think:

Allow each linode account to host 5 domains on your DNS servers.
For each of those domains allow 5 A records to be defined:
-- domain.tld
-- www.domain.tld
-- anything1.domain.tld
-- anything2.domain.tld
-- anything3.domain.tld
Also allow each domain to have 2 MX records. (Have you thought about providing secondary MX service? Maybe for an extra fee?)

I think that will fill the needs of most users of linodes. If users want more records, charge something like $0.10/record/month. If they want more domains either charge them or let them outsource it or setup their own DNS server on their linode.

Definately allow records to be pointed offsite. If someone wants to use linode to host their own mail but want their website hosted somewhere else, let them. This is what I do currently.

One final thought--it would be really nice if dynamic updating of pointers was possible for those of us that want to be able to get access back to our home system from the internet. Unfortunately this has the downside that the DNS servers need to reloaded more often to keep the dynamic IPs up-to date. Don't set the system up so that a dynamic update causes the nameserve to reload. This has DoS attack written all over it.

James

[PaulC]

To be honest, what I'd find most useful is secondary DNS (at the right price ;) )

I'm currently using zoneedit for two domains (where I need a little more flexibility) and my old hosting provider handles the rest. As I move the zones over, secondary DNS becomes the issue, and either I'll either use my home linux gateway as the secondary, or have to start paying someone for the service.

I'll be using my linode for a handful of low-traffic sites (my own and a few friends) so will have a number of zones, but little traffic. Most of the zones will be 'plain vanilla', though my primary two have a number of extra A, CNAME and MX records (I have a couple of DSL lines, so several are duplicated/round-robin).

I'm not a big fan of arbitrary limits; if the potential for abuse is a concern, then monitor usage and handle the exceptions, rather than capping all users. I agree with irgeek - if the service is only for linode users, I doubt there'll be a problem.

Specific comments to irgeek's proposal: five domains and five A records wouldn't be sufficient for me. Five distinct IP addresses per zone would work though, so long as I could create multiple A records for each IP.

Paul

[capo]

With regard to reverse mapping, I'd suggest you to verify that the name provided has an A record with the correct IP (or maybe a CNAME to the same effect).

As for the forward zones, I'd welcome a secondary DNS service, say free for a small number of zones and $<smallnumber>/month/each for additional zones.

William

[schof]

Graphically it's ugly as hell, but you could do worse than model yourself after www.zoneedit.com. I've looked at several, and their interface is best -- both simple to use and good at explaining WHY they want certain options to people who are just learning what those options are.

As for limiting where the DNS can point, don't. If you limit it to linode customers, you shouldn't have too much of a problem with allowing it to point anywhere. And anyway, you're allowed to change TOS. If you get the one linode customer who's abusing the system, change TOS or institute a fee to take care of the problem, hopefully without blocking this ability for everyone.

[dsp]

PaulC wrote: To be honest, what I'd find most useful is secondary DNS (at the right price ;) )

Take a look at EveryDNS.net. I'm sufficiently pleased with their service that I decided I would make a yearly donation.