this post was submitted on 17 Mar 2024
185 points (97.9% liked)

Selfhosted

40926 readers
768 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I'm currently on the lookout for privacy-respecting domain registrars. What are you guys using and why?

Edit: I've registered my domain with Porkbun. I got a really cool one, it's called reallyaweso.me!

you are viewing a single comment's thread
view the rest of the comments
[–] ikidd 21 points 9 months ago (2 children)

Namecheap for registrar and Cloudflare for the name servers. Always keep those services separated so if one dies, you can still get into the other service to fix it.

[–] blurg 5 points 9 months ago (1 children)

If a registrar goes out of business, ICANN transfers the domain(s) to another registrar.

If a name server business fails, you change name servers through your registrar.

You can't really fix registrar services in your name server, nor name server problems through your registrar. (Unless, of course, your registrar is also your name server.)

[–] ikidd 8 points 9 months ago (1 children)

If your registrar goes down but the NS are on a different provider, the root servers will keep that NS record and all will be well. You can go to a different registrar and transfer it over, but in the meantime it'll be fine and you can do whatever you need with your DNS.

If the DNS provider goes down, you can go to your registrar and quickly change the NS to another provider. It'll quickly be back up on your new DNS servers.

Believe me, I've done this for 3 decades because one or the other have gone down on me more than once and I've had minimal downtime with this separation. Even when I was running my own NS, I kept more than one NS outside my server farm so if my connections went down, I could pop the farm up on a backup colo and point my tertiary accordingly.

[–] blurg 3 points 9 months ago (1 children)

After a bit of research, I'm forced by facts (NS records can be cached for an undetermined time) to see what you're saying. Thank you for teaching me.

The workings are, of course, a bit more complicated than what either of us have said (here's a taste), but there is a situation as you describe, where separating the registrar from the name servers, and the name servers from the domain, could save the domain from going down.

[–] ikidd 3 points 9 months ago

Well, I kinda simplified it, but yes, the root servers will keep the NS records as long as nothing else updates it (or nobody requests it for longer than the TTL that came with the last lookup) which is why it works.

Happy to help.

[–] MigratingtoLemmy 0 points 9 months ago (1 children)

I was thinking Cloudflare as a registrar and AWS as name servers, but good choice regardless.

[–] [email protected] 2 points 9 months ago (1 children)

Is it possible to do that? Afaik they don't allow to use different name servers if they're registrars

I had the domain on a registrar that didn't allow changing name servers (Tophost for 6 euro per year) and I had to "hop" with ovh for 60 days before having cloudflare for a registrar as they didn't allow to transfer the domain with different NS

[–] MigratingtoLemmy 1 points 9 months ago (1 children)

Cloudflare doesn't allow me to change my name servers? What blasphemy! I had never considered this, I thought it would be allowed by default. Where can I read about this?

I'm looking for a cheap domain registrar with terraform support

[–] [email protected] 1 points 9 months ago (1 children)

It's the main reason why their domains are so cheap. Their thinking is that since you have to use Cloudflare services to use the domain, you may look at the paid services and decide to pay for one, or suggest it at your workplace.

They charge wholesale price for domains, so they make $0 profit on them. Effectively it's a loss leader to hook you into the ecosystem. That's the same reason why VMware ESXi used to be free for home labs - users would become advocates for it and use it professionally.

[–] MigratingtoLemmy 2 points 9 months ago (1 children)

I'll paste the comment I made earlier:

Oh boy, I was unaware of the fact that I can't use my own nameservers with cloudflare. Definitely not going to recommend them anymore

Which registrar do you suggest with good API support? Most of my infrastructure uses Terraform and Salt

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago) (1 children)

I use Porkbun for most of my domains. They appear to have an API but I've never tried it: https://porkbun.com/api/json/v3/documentation#DNS%20Create%20Record

I'm not familiar with Terraform or Salt but maybe you could try use something like https://github.com/StackExchange/dnscontrol as an abstraction over the DNS provider.

[–] MigratingtoLemmy 1 points 9 months ago (1 children)

Salt is an alternative to Ansible. However I prefer HashiCorp's Terraform for day 0 deployments. Unfortunately, PorkBun doesn't seem to support Terraform, so I'll keep looking. I'll take a look at the link you sent, thanks.

Out of curiosity, if you don't use these IaC tools, how do you manage self-hosted infrastructure?

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago)

how do you manage self-hosted infrastructure?

Manually, mostly.

DNS is handled by my own PowerDNS server using the PowerDNS-Admin web UI. I manually add records as needed. Editing a domain sends AXFRs / IXFRs to the secondary DNS hosts I use (I self-host three PowerDNS servers, plus I have a DNSMadeEasy account for the important domains, although I'll be dropping that at some point since they increased prices over 10x after being acquired by DigiCert. I use acme-dns for Let's Encrypt DNS challenges. I take daily backups of everything, including the PowerDNS database, so restoring the DB after a server failure is not an issue.

I have 28 VPSes for dnstools.ws and those are lightly managed using Ansible (there's really not a lot running on them): https://github.com/Daniel15/dnstools/blob/master/ansible/roles/dnstools-worker/tasks/main.yml, but I do configure the base OS manually. I don't set up new ones often so this has been fine.

I have a few other VPSes (all running Debian) and a home server (running Unraid) that I handle manually. I don't change things often so it mostly hasn't been an issue for me. Stuff just keeps working. I take daily backups.

The Debian systems all have unattended-upgrades installed. The 'main' Debian VPS I've got started as a dedicated server running Debian Sarge (3.1, from 2005) and I've just kept upgrading it over the years. These days it's a VPS that's much cheaper yet way more powerful than the original 2005 dedicated server :)