2022-02-04

DNS Hosting with gratisdns is dead, long live...

How I learned to stop worrying and replaced GratisDNS

This might be helpful - not just for those of you moving from gratisdns, but for anyone looking for a DNS hosting provider.

Note: If You're moving to a DNS Hosting provider that do not support .dk hostmasters new process, read this companion post: https://blog.infosecworrier.dk/2022/02/redelegation-of-dk-domains-to-other.html

While I subconsciously knew this would happen when one.com bought GratisDNS, I'm ashamed to admit that I did not plan accordingly. The other day all current users of GratisDNS got the troubling email from the new owners that they'd migrate all zones from the multiple GratisDNS servers to 2 one.com servers "march 2022" so likely in a month.

With no further information tangible information on the migration specifics or future cost, this triggered me to look for other providers of DNS hosting.

 


My requirements were (are):

[R1] DNSSEC: This is a must!

[R2] Decentralized. There's way too much centralization, perverting DNS.

[R3] Hidden Master: Very nice to have, however can live without.

[R4] API: If hidden primary isn't supported, this is high on the list.

R5. Cheap or free: I need to pay for food and coffee.


Started investigating some possibilities (In alphabetical order):

CloudFlare.

Hetzner.de (.com).

QuickDNS.dk.

Simply.com

Migration Process

Created the following simple process for migration.
  1. Select a less critical domain for testing.Luckily I have quite a few domains.
  2. Disable DNSSEC.
  3. Create zone on selected provider.
  4. Transfer, add and verify all RR's
  5. Test with dig to ensure RR's are correct (use @ns.provider.tld with dig and e.g. OpenDNS or even 1.1)
  6. (Re)enable DNSSEC.
  7. Test with dig that DNSSEC works. dnsviz.net is awesome for this too, especially when you're tired and can't read dig output :)
  8. Test DKIM some more. Fatfingered during testing.

This is (opinionated) how they fared during my testing.

Cloudflare

Large centralized US based provider, trying to grab all our DNS queries at 1.1.
They did have a very nice interface, support DNSSEC and have an API with the free tier. If you want to pay several hundred $/month you can also use a hidden master.
Migrated one of my domains to Cloudflare and it worked well. But no (see R2)

Hetzner.com

Never got to test Hetzner as they wanted both a credit card and a photo of my passport to create an account even for the free tier. Heard good things, but no.

QuickDNS

Not supporting DNSSEC, no hidden master, no API, even no AAAA support.
I wish quickdns the best and hope they grow into a great alternative.

Simply.com

European provider, nice interface, have an API, but no hidden master support. Free tier for DNS only but the prices for web hosting look okay (not tested, but may happen).

Conclusion

I ended up moving a bunch of my domains to simply.com, with nothing but the mere due diligence described above, to be in better control of the migration and current/future costs. I'll report back on my experiences, but so far it's great.

No comments: