DNS: How to split configuration across multiple DNS providers?

Photo by Taylor Vick on Unsplash

DNS: How to split configuration across multiple DNS providers?

A step-by-step guide to creating redundant DNS config across multiple providers and syncing them with octoDNS.

Introduction

In today's world, the success of a website or application depends mainly on its reliability and performance. A vital component of the online infrastructure is the Domain Name System (DNS), which converts domain names into IP addresses. To ensure high availability and resilience, organizations often use multiple DNS providers.

This article will dive into split DNS, exploring how to use octoDNS to manage DNS records across Cloudflare and Akamai, two popular DNS providers. We'll discuss the benefits of split DNS, provide a step-by-step guide for setting up octoDNS, and offer some best practices for implementing split DNS effectively.

octoDNS is a useful and powerful tool that enables the management and synchronization of records across various providers.

The power of split DNS

Split DNS refers to the practice of distributing DNS records across multiple providers. This approach can offer numerous benefits, including:

  1. Improved redundancy: You can use multiple DNS providers to ensure your domain remains accessible even if one provider experiences an outage or suffers a DDoS attack.

  2. Load balancing: Distributing DNS queries across providers can help balance the load and prevent any single provider from becoming a bottleneck.

  3. Geographical distribution: Utilizing providers with data centers in various regions can help reduce latency and improve overall performance for global users.

Harnessing octoDNS

octoDNS is an open-source tool designed to facilitate managing and synchronizing DNS records across multiple providers. octoDNS integrates with popular DNS providers, such as Cloudflare and Akamai, and allows you to define DNS records in a YAML configuration file.

Here's a step-by-step guide to setting up octoDNS for use with Cloudflare and Akamai

Step 1: Install octoDNS

First, you'll need to install octoDNS on your system. You can do this using pip, the Python package manager:

pip install octodns

Step 2: Generate API Keys

To enable octoDNS to communicate with Cloudflare and Akamai, you must generate API keys for each provider.

  • For Cloudflare, navigate to your profile's API Tokens page and create a new token with the "Edit zone DNS" permission.

  • For Akamai, follow the instructions in their API Authentication Guide to create an API client with read/write access to the "DNS Zone Management" service.

Step 3: Create a Configuration File

Next, create a configuration file (e.g., config.yaml) to specify your DNS providers and their respective API keys. Here's an example configuration:

providers:
  cloudflare:
    class: octodns.provider.cloudflare.CloudflareProvider
    email: your-email@example.com
    token: your-cloudflare-api-token
  akamai:
    class: octodns.provider.akamai.AkamaiProvider
    client_token: your-akamai-client-token
    client_secret: your-akamai-client-secret
    access_token: your-akamai-access-token
    host: your-akamai-host

Step 4: Define Your DNS Records

With the providers configured, you can now define your DNS records in a separate YAML file (e.g., example.com.yaml). Here's an example:

---
example.com:
  ttl: 300
  type: A
  values:
    - 1.2.3.4
  type: AAAA
  values:
    - 2001:0db8:85a3:0000:0000:8a2e:0370:7334
www.example.com:
  ttl: 300
  type: CNAME
  value: example.com.

This configuration defines an A record for example.com, an AAAA record for IPv6, and a CNAME record for www.example.com pointing to example.com.

Step 5: Test and Apply the Configuration

Before applying the configuration to your DNS providers, you can run octoDNS in a dry-run mode to verify the changes. To do this, execute the following command:

octodns-sync --config-file=config.yaml --zonefile-dir=./zones --debug

This command will prompt octoDNS to process the configuration and zone files, compare them with the existing DNS records on Cloudflare and Akamai, and display the planned changes.

If everything looks correct, you can proceed to actually apply the changes by adding the --doit flag:

octodns-sync --config-file=config.yaml --zonefile-dir=./zones --debug --doit

octoDNS will synchronize your DNS records across Cloudflare and Akamai, ensuring they remain consistent and up-to-date.

Step 6: Confirm the Name Servers with your domain name registrar

The last step is ensuring that your domain name points to the nameservers from both Cloudflare and Akamai. That way, you have highly available DNS records published by two providers.

On your domain name registrar's control panel or dashboard, add the NS records from both Cloudflare and Akamai.

You can verify the configuration with dig NS example.com. +short.Here is an example for github.com which uses split DNS across different providers:

$ dig NS github.com. +short

ns-520.awsdns-01.net.
dns1.p08.nsone.net.
dns2.p08.nsone.net.
dns3.p08.nsone.net.
dns4.p08.nsone.net.
ns-1283.awsdns-32.org.
ns-1707.awsdns-21.co.uk.
ns-421.awsdns-52.com.

Best Practices for Implementing Split DNS

Now that you know how to set up octoDNS for split DNS, consider these best practices to maximize the benefits of this approach:

  1. Monitor DNS performance: Regularly monitor the performance and availability of your DNS providers to identify any issues and ensure optimal performance. Tools like DNSPerf can help you compare and analyze the performance of different providers.

  2. Use health checks: Enable health checks on your DNS providers to automatically remove unhealthy endpoints from the DNS rotation, further improving redundancy and reliability.

  3. Implement DNSSEC: To secure your DNS infrastructure, consider enabling DNSSEC (Domain Name System Security Extensions) on both providers. DNSSEC adds a layer of cryptographic protection to your DNS records, preventing attackers from forging or manipulating them.

  4. Keep configurations version-controlled: Use a version-control system like Git to track changes to your DNS configurations, making it easier to collaborate, review changes, and revert to previous configurations if needed.

Conclusion

Discover the potential of split DNS and boost your online infrastructure's resilience and availability. You can improve redundancy, load balancing, and geographical distribution by leveraging octoDNS to synchronize DNS records across providers like Cloudflare and Akamai. This comprehensive guide outlines step-by-step instructions and best practices to help you harness the full potential of split DNS and enhance the performance and reliability of your online presence.

Did you find this article valuable?

Support Mrugesh Mohapatra by becoming a sponsor. Any amount is appreciated!