Diversifying DNS for a More Resilient DNSimple

If you use DNSimple, you know we're constantly working on innovation, security, and uptime for your domains. We already provide secondary DNS, and the ability to use DNSimple alongside other DNS providers. Now we're rolling out a new authoritative DNS cache edge to supplement our existing cache edge and continue improving our network redundancy. Many domains in DNSimple are already using this new cache edge through ns4.dnsimple-edge.org.

Let's dive into why network diversity is important to your domains, how our cache edge network works, and why we built it.

Network diversity = better resiliency

Good authoritative DNS systems use network diversity for better resilience. We achieve network resiliency by adding systems on different ASNs (Autonomous System Number) and separate TLDs.

To improve the resiliency of our authoritative DNS systems, we're adding a second DDoS defense network in front of our origin name servers, enhancing DNSimple's network. This new edge network complements our existing DDoS defense system and retails a relatively low latency for authoritative DNS queries.

This means your domain names are more likely to resolve, even if there are issues with a specific TLD's name servers or ASN.

Developing our cache edge network

For the last eight years, our solution for edge caching has been Cloudflare's large, well performing edge network through their vDNS Firewall product. As with all networks, there's always a risk of issues that can cause high latency, or worse, failure to deliver packets.

In 2022, we decided to add a second edge network to address our network's lack of diversity and resilience. After searching for a DNS edge network to meet our requirements and not finding anything that fit, we began developing our own cache edge network to remove our dependency on a single provider. At the end of the year, we started moving customers over to a new name server name — replacing our existing ns4.dnsimple.com with ns4.dnsimple-edge.com.

We employ the open source dnsdist software from PowerDNS, running on bare metal on-demand system for our new DNS cache layer. This combination allows us to set up a pair of servers for redundancy in 14 different locations (with more scheduled) all announcing their own anycast block. We then have the origin for this cache layer set to the anycast block of our origin NS4 servers. It's a straightforward setup that allows room for growth at a reasonable cost.

Getting set up

If your domains are registered with DNSimple, we've already moved you over to the new NS4 edge cache. If your domains are not registered with DNSimple, you can switch to the new NS4 edge cache by updating your name servers at your registrar, or just wait until we switch the IP address for ns4.dnsimple.com in the near future.

If you have domains hosted with us that use vanity name servers, you can switch the IP address to the new NS4 name server at your registrar now. You'll have to switch the IP address soon after we've completed the transition of our existing NS4 name server.

Moving forward

Deploying a new edge network is challenging. It requires standing up nodes in various locations around the world, verifying network routes are optimized, and setting up monitoring. And the DNSimple team works diligently to identify and address areas where we can further improve this new network.

Right now, we're monitoring the latency and performance of this new edge cache on domains registered through DNSimple. In March 2023, we'll change the IP address on ns4.dnsimple.com to the new address, moving all domains delegated to us through ns4.dnsimple.com over to the cache layer. In the following months, we'll be rolling out the cache edge layer to NS2 and follow the same pattern — stay tuned for more.

Have questions or want to learn more? We're always happy to help. Take a look at our support site, or drop us a line.

Not using DNSimple yet? Give our resilient systems a try free for 30 days and see how we can help ensure your business continuity.

Share on Twitter and Facebook

Santiago Traversa

I was born at an early age. V8 juice saved my life. Fútbol ⚽️ passionate.