[sf-lug] EveryDNS.net (and some of its plus sides and downsides)

Michael Paoli Michael.Paoli at cal.berkeley.edu
Sat Aug 23 10:00:15 PDT 2008


> Date: Thu, 21 Aug 2008 10:21:38 -0700
> From: Rick Moen <rick at linuxmafia.com>
> Subject: Re: [sf-lug] looking for a domain name service provider
> To: sf-lug at linuxmafia.com
> Message-ID: <20080821172138.GM3728 at linuxmafia.com>
> Content-Type: text/plain; charset=us-ascii
> 
> Quoting toya (toya at linefeed.org):
> 
> > For DNS I use everydns.net.
> 
> Some quick comments:
> 
> 1.  As you mention, it's from the OpenDNS outfit (David Ulevich's),
> which is a pretty benign and competent set of folks.  It's a
> free-of-charge service, which is nice.[1]
> 
> 2.  They use the authoritative-DNS portion of djbdns ("tinydns"), which 
> has some merits but is very peculiar, and is notorious for deliberately

Yes, everydns.net. definitely has its plus sides, e.g.:
o free (with certain limitations)
o multiple distributed DNS servers
o its funkiness is pretty well documented
But yes, it has its downsides, ... most notably its funkiness.
This is what I noted of its funkiness in some master zone files for
balug.org (e.g. in the new.balug.org. master zone file):

; For EveryDNS.net, NOTE AT LEAST THE FOLLOWING (at least as of
; 2007-05-26):
;
; Cannot be set up and function as slave(s) until one or more of
; their nameservers have been delegated as an NS via a chain of
; authority from the root nameservers.
;
; WILL NOT ACCEPT/LOAD ALL VALID RR TYPES (is not running BIND)
;
; LIMITS TO 200 THE TOTAL NUMBER OF RECORDS it will load for free for
; any given account or domain.
;
; ENFORCES CERTAIN MINIMUM TTLs.
;
; FAILs TO ACCEPT TCP CONNECTIONS on ns[123].everydns.net.  Among
; other things this would likely impact larger records and responses
; to queries where all the data (e.g. multiple records) could not fit
; within a single UDP reply.
;
; DOES WORK (including answering queries) with TCP on:
; ns4.everydns.net.
;
; Accepts but ignores notify
;
; Will pick up zone updates at most once per hour (and presumably
; only if SOA serial number indicates there's been an update).
;
; Some of these items can be checked with:
; http://www.dnsreport.com/
; and/or other tools.
;
; For more information, also check under:
; http://www.everydns.net/

> not implementing parts of the real-world DNS protocols that its author,
> Daniel J.  Bernstein, for whatever reason dislikes.  I see that EveryDNS
> doesn't support "NTFY" (Notify), for example.  Thus, if you update the
> contents of your DNS on your authoritative server, EveryDNS's secondary
> service will ignore the Notify advisory that your primary nameserver
> sends out.  Instead, they brute-force their software to automatically
> re-contact the primary nameservers every hour on the hour, and override
> the "expire", "retry", and "refresh" specs you put in the zone header.
> This is squirrely: When you update your DNS, there's no excuse for
> secondaries refusing to take notice.  You should not have to put up with
> that.
> 
> Ulevich is well aware of that problem.  It speaks well for him that he's
> up-front about that.  Quoting the FAQ:  "EveryDNS violates rfc1034 by
> ignoring your SOA parameters. We unconditionally poll every hour on the
> hour, no matter what refresh and retry parameters you list. This might
> possibly be interpretted as a Bad Thing."
> 
> It's not his fault.  It's because he's using Dan Bernstein's software.
> 
> Other demented peculiarities of djbdns/tinydns/etc. are noted in the
> djbdns entry within "DNS Servers" on
> http://linuxmafia.com/kb/Network_Other/
> 
> [1] Supporting the service through donations is tactfully but pointedly
> suggested.




More information about the sf-lug mailing list