By xorcist
It depends on what you mean by “distributed”. There are many servers behind Cloudflare’s DNS servers, but they are all controlled by one organization.
Best practice is to have your DNS servers in different AS. This is not only to have many servers all over the world, which Cloudflare solves for you, but to have them accessible over different routes, not controlled by the same people. That way a configuration error somewhere (or a bad BGP route, which happens) can not put your DNS out of service.
DNS service is cheap and plentiful, and you might even have it included in your ISP deal. You might as well use it.
Also note that if you secure your records with DNSSEC, none of your DNS secondaries can tamper with your data. This is by design. You do not need to place trust in the organizations running them, so that part can be left out of your SLA.
It is also best practice to have all your public DNS servers mirror your primary master, which is not public. This is to make sure all your public servers are kept running even when you have operations issues with your primary.
See more about this article by clicking the link here: https://news.ycombinator.com/item?id=10259725
xorcist comments on "Google, Microsoft, Qualcomm and Baidu Announce Joint Investment in CloudFlare"
No comments:
Post a Comment