Roll Your Own CDN
reinterpretcast.comPlease do not run your own DNS server if you do not have the knowledge or expertise to properly secure it. It is extremely irresponsible, and the article is also irresponsible for suggesting it and not having any information about rate limiting.
Use nsd. If you just run an authoritative only service, it is easy to do correctly.
For the record, the setup shown with PowerDNS is authoritative-only too.
I run a recursing DNS server behind a firewall for my home servers -- is this risky?
If nobody can query the server from behind the firewall, you're fine. Nearly every home router runs a copy of dnsmasq as a recursive resolver for the users on the local network.
Plus your DNS servers (you are running more than one right?) are never going to be as fast as Route 53 and the ilk. Spend the $5/m and use a real DNS host.
Do you have any suggestions/articles on where people can learn how to run a DNS safely?
Unfortunately, I do not. Even though I personally learned on one of the big boys, I'd still pay somebody else to do this who has it as their dedicated job (like Amazon or Google). It's just not worth the headache and constant monitoring.
At minimum you need conservative rate limiting and monitoring that will page you when you start sending out gobs of traffic.
I'd like to point out that google DNS among others uses anycast and are in reality composed of multiple servers geographically distributed, even if there is a single IP.
The IP you query as a client is anycast, but I'd wager recursive queries out of their caches come from geo-friendly IPs.
Right you are. Just updated the article to be more accurate on this matter.
If you want to cut down on DNS-induced latency, Route 53 is a fairly good option. Their latency-routed DNS doesn't perfectly map to all geographical zones, but it works fairly well for DigitalOcean's locations.
I wish it was easier/cheaper to run your own anycast network...
I wonder if "run your own anycast network as a service" would ever make sense as a product. I can't see anyone other than CDN or testing being terribly interested, and a lot of this is included in the raw CDN use case.
There is at least one already out there - http://www.hostvirtual.com/anycast-bgp-cloud/. You have to bring your own IP space (/24 minimum of course). I vaguely remember reading the charges were in the low thousands of dollars per month, but that was a while ago.
Is that what you are looking for? They only have 3 locations tho.
Looks a bit like a one person shop – not exactly what you're looking for while building a high availability system.
http://www.linkedin.com/company/rage4-networks-limited
2 person shop. ;)
That said, some people on lowendtalk swear by them and they usually are the first to complain about not getting 100% uptime on a $7 a year VPS.
Route 53 now does GeoDNS so you can map it more accurately, for a few cents more.
Awesome, didn't realize that! Will definitely be using it.
It just came out this week which is probably why. :)
The Powerdns geo backend as mentioned by the article is used by wikipedia among others.
I have some additions (e.g. Google Public DNS), see the files at https://gist.github.com/dgl/8344c3ebe405a1400e2d (which also has the rsync location for the original).
[edit: now I read the article again I notice the author is assuming 'eu' is going to get all of EU, it won't. There need to be entries for each country.]
This is a neat article, but 'CDN' is such a broad term. This is much more a very well done proof of concept article, but fails to take into account the huge scope of a large scale CDN, and all associated quirks it comes with.
It must be so hard to expand the abbreviation once.
I think more people know "CDN" than the expansion (Content Distribution/Delivery Network).
Same is probably true for ATM (financial or 53-byte cell), POP, DNS, RFP, RFC, IMAP, SSL, ...