Our projects: DNS hosting with blackjack and buns
Continuing the series of articles about our projects, we’ll make the leap and tell you about our latest development: a DNS hosting project , the main purpose of which is to offer maximum opportunities for a reasonable price. The article is recommended for reading to all owners of domains and Internet resources. At the end - free vouchers for everyone.
It all started with the fact that a year ago we thought about improving the reliability of our system and for the overall optimization process it took our DNS hosting to maintain a fairly low TTL, say 5 minutes. Unfortunately, the ResellerClub, where our domains are registered and keeps the DNS zone, does not provide such an opportunity. In search of an alternative, it became clear that using the domain name system, you can not only balance traffic between servers, but also, for example, filter it during a DDoS attack. Last year, we analyzed the proposals and even published the result of our research and testing at Habré.
In the process of studying the market, it came to be understood that in fact there are 2 types of offers: the simplest version of DNS hosting for an adequate price ($ 1-3 per month) and DNS hosting with a ton of additional features like geo-targeting, but at fairly high prices. There is also the option of a simple hosting at high prices, but, for obvious reasons, we did not consider it. What we didn’t find is DNS hosting, which offers all the features and at an adequate price. Therefore, we decided to create abicycle such a project on our own.
')
We approached the development of the project seriously and began with a more detailed analysis of the competition. The bulk of the proposals came down to the package (1 domain + up to 100 entries + up to a million requests) for 1-3 dollars per month. On the technical side, most variants offer support for popular record types, the usual Round-robin, the minimum TTL in the region of 1-5 minutes. The number of servers serving competitive platforms varies from 1 to 15 (with the exception of Route 53 from Amazon).
A similar service, but with support for geo-targeting, advanced balancing, API and other amenities, is already much more expensive and, for example, for dyndns, starts at $ 195. Considering the cost of a package, we came to the conclusion that we can offer the same set of services in the package (1 domain + 100 records + 1 million requests) for as little as $ 2.
How to accomplish this miracle?
Of course, we are not going to deal with dumping, nor do we work at a loss. To provide the required level of services within the declared value, it was necessary to choose the right technology platform, and our choice fell on the technologies that we have recently been increasingly introducing into our own projects. For data storage, we chose the CouchDB NoSQL solution, which in turn allowed us to solve the problem of DNS server replication as well. Since “master-master” replication is already implemented at the CouchDB level, each DNS server could operate autonomously as a master, without knowing anything about the other servers. Among other things, this solution increases the overall stability of the system, since it eliminates the master-slave relationship at the DNS level, which means there are no problems that arise when the master falls. In our architecture, all servers are masters, and the platform works as long as at least one of them is available.
Actually, the choice of CouchDB in the role of the database and the name of the project itself couchness.com .
According to the tradition of recent years, the site was written on Django, using the internal library of one of our developers to work with CouchDB.
In the role of the DNS server, we tried several options, writing to all the bindings to our database on CouchDB, but eventually settled on PowerDNS, as the most optimal variant.
A lot of time has passed from the analysis and writing of the TOR to the completion of the project, but at the moment the main part of the functionality has already been implemented and active work continues on the remaining tasks. At the moment the project is running and supports the following features:
1. support IDN, IPv6, a number of popular record types.
2. Round-robin and load balancing (in fact Round-robin with the ability to specify the "weight" of a separate record).
3. 5 nodes, the number of which will grow steadily as the project grows. Our goal is to bring their number up to several dozen, which, given the architecture of the platform, only improves its stability.
4. support of the Russian language and Russian payment systems - for those who could never use Western solutions due to the lack of PayPal / credit cards.
5. TTL from one second (it is simply impossible to do less).
1. API, very soon.
2. Geo-targeting (directing users to different servers depending on their location) is a very useful solution for CDN service providers.
3. Geo-targeting of NS servers. With the growth of nodes in our server, it will be possible to register not only ns1 and ns2, but also msk.ru.ns1 and msk.ru.ns2, which will give a significant acceleration in DNS queries for those users who are “close” to these nodes. Actually for those whose main audience is in one country / city.
4. The DNS version system of zones with the ability to "roll back" to any version and view the changes.
5. Export / import of DNS zones.
and much more, about which we will not write for now - it’s necessary to keep the intrigue ...
1. Load balancing between servers, but not just uniform, as in Round-robin, but taking into account the resources of each server. Works for all types of records (and not only for SRV).
2. Protection against DDoS attacks using geo-targeting and API, thanks to which you can add real-time conditions for blocks and even for individual IPs, inviting them to go to 127.0.0.1 instead of your server’s IP. You will need to set a low TTL and is relevant only if the attack is on the domain, but can really help in reducing the load in this case.
3. Using the same API, you can dynamically change the settings in the DNS zone, completely removing individual records or changing their “weight” during balancing. With a low TTL it will give almost instant effect, removing or lowering traffic from the problem server.
Although at the moment not all features are available to the general public, the main functionality works perfectly, and we invite everyone to try the new service. To facilitate this task, we distribute $ 5 vouchers to everyone, and this, given our pricing policy, is enough for a couple of months of use. To get a voucher, just write to the LAN or make friends with the project page on Facebook ( http://www.facebook.com/couchness ).
Thanks in advance for any constructive comments, ideas and amendments regarding the project.
Prehistory
It all started with the fact that a year ago we thought about improving the reliability of our system and for the overall optimization process it took our DNS hosting to maintain a fairly low TTL, say 5 minutes. Unfortunately, the ResellerClub, where our domains are registered and keeps the DNS zone, does not provide such an opportunity. In search of an alternative, it became clear that using the domain name system, you can not only balance traffic between servers, but also, for example, filter it during a DDoS attack. Last year, we analyzed the proposals and even published the result of our research and testing at Habré.
In the process of studying the market, it came to be understood that in fact there are 2 types of offers: the simplest version of DNS hosting for an adequate price ($ 1-3 per month) and DNS hosting with a ton of additional features like geo-targeting, but at fairly high prices. There is also the option of a simple hosting at high prices, but, for obvious reasons, we did not consider it. What we didn’t find is DNS hosting, which offers all the features and at an adequate price. Therefore, we decided to create a
')
Analysis
We approached the development of the project seriously and began with a more detailed analysis of the competition. The bulk of the proposals came down to the package (1 domain + up to 100 entries + up to a million requests) for 1-3 dollars per month. On the technical side, most variants offer support for popular record types, the usual Round-robin, the minimum TTL in the region of 1-5 minutes. The number of servers serving competitive platforms varies from 1 to 15 (with the exception of Route 53 from Amazon).
A similar service, but with support for geo-targeting, advanced balancing, API and other amenities, is already much more expensive and, for example, for dyndns, starts at $ 195. Considering the cost of a package, we came to the conclusion that we can offer the same set of services in the package (1 domain + 100 records + 1 million requests) for as little as $ 2.
How to accomplish this miracle?
Equipment
Of course, we are not going to deal with dumping, nor do we work at a loss. To provide the required level of services within the declared value, it was necessary to choose the right technology platform, and our choice fell on the technologies that we have recently been increasingly introducing into our own projects. For data storage, we chose the CouchDB NoSQL solution, which in turn allowed us to solve the problem of DNS server replication as well. Since “master-master” replication is already implemented at the CouchDB level, each DNS server could operate autonomously as a master, without knowing anything about the other servers. Among other things, this solution increases the overall stability of the system, since it eliminates the master-slave relationship at the DNS level, which means there are no problems that arise when the master falls. In our architecture, all servers are masters, and the platform works as long as at least one of them is available.
Actually, the choice of CouchDB in the role of the database and the name of the project itself couchness.com .
According to the tradition of recent years, the site was written on Django, using the internal library of one of our developers to work with CouchDB.
In the role of the DNS server, we tried several options, writing to all the bindings to our database on CouchDB, but eventually settled on PowerDNS, as the most optimal variant.
A lot of time has passed from the analysis and writing of the TOR to the completion of the project, but at the moment the main part of the functionality has already been implemented and active work continues on the remaining tasks. At the moment the project is running and supports the following features:
1. support IDN, IPv6, a number of popular record types.
2. Round-robin and load balancing (in fact Round-robin with the ability to specify the "weight" of a separate record).
3. 5 nodes, the number of which will grow steadily as the project grows. Our goal is to bring their number up to several dozen, which, given the architecture of the platform, only improves its stability.
4. support of the Russian language and Russian payment systems - for those who could never use Western solutions due to the lack of PayPal / credit cards.
5. TTL from one second (it is simply impossible to do less).
In developing
1. API, very soon.
2. Geo-targeting (directing users to different servers depending on their location) is a very useful solution for CDN service providers.
3. Geo-targeting of NS servers. With the growth of nodes in our server, it will be possible to register not only ns1 and ns2, but also msk.ru.ns1 and msk.ru.ns2, which will give a significant acceleration in DNS queries for those users who are “close” to these nodes. Actually for those whose main audience is in one country / city.
4. The DNS version system of zones with the ability to "roll back" to any version and view the changes.
5. Export / import of DNS zones.
and much more, about which we will not write for now - it’s necessary to keep the intrigue ...
What good can be done with such opportunities?
1. Load balancing between servers, but not just uniform, as in Round-robin, but taking into account the resources of each server. Works for all types of records (and not only for SRV).
2. Protection against DDoS attacks using geo-targeting and API, thanks to which you can add real-time conditions for blocks and even for individual IPs, inviting them to go to 127.0.0.1 instead of your server’s IP. You will need to set a low TTL and is relevant only if the attack is on the domain, but can really help in reducing the load in this case.
3. Using the same API, you can dynamically change the settings in the DNS zone, completely removing individual records or changing their “weight” during balancing. With a low TTL it will give almost instant effect, removing or lowering traffic from the problem server.
Although at the moment not all features are available to the general public, the main functionality works perfectly, and we invite everyone to try the new service. To facilitate this task, we distribute $ 5 vouchers to everyone, and this, given our pricing policy, is enough for a couple of months of use. To get a voucher, just write to the LAN or make friends with the project page on Facebook ( http://www.facebook.com/couchness ).
Thanks in advance for any constructive comments, ideas and amendments regarding the project.
Source: https://habr.com/ru/post/129715/
All Articles