Hrm. Need to get a new secondary DNS server... Same question, every few years: Do I continue to run my own DNS for my domains? Or just offload it in some provider that does all the heavy lifting for me?
I mean it's not really an effort (as long as I put off DNSSEC) - all this is rather static infrastructure that doesn't even warrant automation...
Somehow I feel that keeping running small bits of infrastructure myself (DNS, mail, web) is a small proof that it still can be done in today's world.

@ScottMortimer I'm currently using bind on OpenBSD and Linux, mostly because that's what I know - so I can do required changes quickly.
For the new secondary I was looking at NSD, just to try something different that doesn't seem to make too much additional work.

@selea @sillystring


running hidden master with 3 public ones here. nictool for management. giving up running dns, mail, web self hosted is the beginning of the end for privacy.


i'm working on one myself. for myself and if good enough to share with others. it's currently down while i inspect some interesting log entries. hoping to do a public go live before the end of the year.

very cool what you are doing @selea !

@selea @galaxis

After a very brief look into my options I began setting up #FreeBSD and #Unbound.

Then one evening for no great reason I switched to #Ubuntu and #BIND.

Most of my important servers for clients run Ubuntu and that's where I'm most comfortable. Since this is merely a side project, well, Ubuntu / BIND it is.

I just started lurking their user email list to try and learn some new tricks.

How about you selea?


Alright! I've have used Bind for many many years, both at work and private. But I decided that I instead would try PowerDNS - it is was basically love at first zone.


@galaxis Even if it's more effort, I'm automating all the stuff now...

@ascherbaum Yeah, I know I'm way behind on the automation front - but by now it's a steep cliff to climb for my personal infrastructure, which still mostly consists of pet systems that are running for a long time.

@galaxis Certainly the same here. But I make an effort to change that for every new system.


If #DNSSEC is burdensome use a third party. Most top level domain name registrars offer this I think.

Sign in to participate in the conversation
INFRa Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!