Membership is FREE – with unlimited access to all features, tools, and discussions. Premium accounts get benefits like banner ads and newsletter exposure. ✅ Signature links are now free for all. 🚫 No AI-generated (LLM) posts allowed. Share your own thoughts and experience — accounts may be terminated for violations.

What I (DNF Admin) have been working on: Moving to Our Own DNS Infrastructure for Hostmaria

Joined
Apr 18, 2024
Messages
5
Reaction score
7
TL;DR: 20i won't let you enable DNSSEC on domains not purchased through them. Since we're now an accredited registrar handling our own registrations, that's a problem. So we're building our own DNS infrastructure, and figuring out the Anycast/BGP piece is where things get interesting.

Hey everyone,
Wanted to pull back the curtain a bit on something we've been quietly working on.

Problem 🙁

For a long time, HostMaria (@Helmuts) ran everything through 20i. Hosting, DNS, the panel, all of it.

It worked fine, until it didn't.

The breaking point was DNSSEC. We wanted it enabled by default for our customers, but 20i won't let you enable DNSSEC on a domain unless it was purchased through them.
That's a dealbreaker for us. We've become an accredited registrar for .lv, .uk, and a handful of other TLDs, meaning we're handling registrations directly, not through a third party. DNSSEC needs to be part of that workflow, not an afterthought.

So we made the call: build our own DNS setup.

Solution 😁

@Helmuts and I have been planning on Hostmaria DNS for a while now. From the start, the goal was simple: a DNS setup with solid global performance, so customers aren't giving anything up when they use ours or switch over to us.

And finally, I've completed Phase 1 of this. We now have a working setup: primary DNS using self-hosted PowerDNS with multiple secondaries. Everything is secured, and currently we are in the testing phase. But we are facing some issues.

Issues!!!

Issue 1:

Running nameservers is the easy part. The harder problem is infrastructure. Specifically: Anycast.
Most VPS providers are fine for a regular DNS node, but BGP/anycast support is a different story. The majority just don't offer it, which rules them out for a proper Anycast setup. Right now we're looking at BuyVM and Vultr, both of which have at least some BGP support. But we're still evaluating what a solid multi-region setup looks like in practice. BuyVM covers 3 American locations and Luxembourg only, so we may end up splitting across both providers, using one for ns1 and the other for ns2.

Issue 2:

We're also working on the WHMCS integration. If we can't find a clean API solution that fits our setup, we'll build our own add-on. And if we do, we'll release it for free. 😉


No big announcement yet. Just wanted to share where we're at.

Suggestions?​

Has anyone here run DNS infrastructure on BuyVM or Vultr with BGP/anycast? Or used a different provider that actually handles it well? We'd love to hear what's worked (or hasn't) before we commit to a direction.
 
Top Bottom