We have (finally) built our new DNS system

When we started S4 we already had pretty concrete plans in place for the way that we wanted to do things, a roadmap created from our own past experience, best practices, and a lot of research.

The part of our infrastructure plan that covered DNS involved using a couple of different third-party services, which were sustainable and ethical companies, and which promised to provide good geographic coverage and redundancy.

We quickly realised that, as smart as we thought we were and as nice as the plan was on paper, it wasn’t ideal. The nameservers didn’t always sync as quickly as we would like, response times were not great from everywhere and admin was a bit of a hassle.

So, almost a year ago we announced that since we couldn’t find a DNS network that did everything we wanted it to, we were planning to build our own.

It’s taken us far longer than we wanted to build our own solution. We have learned as we’ve grown, found new problems and created answers to them, built tools we never realised we needed, and things that were on the roadmap but were working fine got pushed back. That’s not great but it’s reality, we plan to do better going forwards.

While we worked on it, we decided to use CloudFlare as a temporary solution and it served us well.

There are a lot of things we don’t love about CloudFlare and we would never recommend using their security or reverse proxy services, but they are very good at DNS. They are also a lot more sustainable than most people might realise, since 2019 they have been purchasing Renewable Energy Certificates to offset all of the power used in their data centres and offices worldwide. Offsetting is far from ideal but it does make them a lot better than most of the other DNS options.

Now though our new shiny and wonderful DNS system is up and running.

It sounds like it should have been a relatively easy task, but we wanted to make sure that we got it right. Obviously we needed to support IPv4 and IPv6, as well as DNSSEC. Just as importantly we wanted it to be fast, to update instantly, to be easy to administer for us and our clients, and for every node to be hosted in a green data centre.

We have achieved all of that and more, with a thoroughly modern system that is still built on tried and tested open source technologies like Bind. Right now we have two nodes online in Helsinki and Amsterdam and next week we will be switching on two more, one in the US and one in Asia.

Right now, this site, our analytics, mail servers, and a couple of client sites are already running on the new system. We will be migrating everything all of our own and client sites over during the next couple of weeks.

Across Europe our DNS response times are looking pretty great:

7 ms – Netherlands, Groningen
19 ms – Sweden, Stockholm
9 ms – Belgium, Brugge
20 ms – Ireland, Dublin
23 ms – Estonia, Tallinn
10 ms – UK, London
21 ms – Germany, Frankfurt

Things are a little bit less impressive if you are in Australia or Mexico but that will get much better when we bring the next nodes online.

UPDATE 28/07/21: We now have nodes active in Helsinki, Amsterdam, Singapore, and San Francisco.

Leave a comment