Accessible DNS hosting with LuaDNS

Posted on March 26, 2014
Tags: Accessibility, DNS, Git, LuaDNS, GitHub, BitBucket, Web hook, IPv6, DNSSEC

I used to host my internet infrastructure at Hurricane Electric. It all started in october 1998 with POP3/SMTP, HTTP and DNS. In the coming years, I began to host all services except DNS on my own. But I kept using he.net for its DNS management interface. It was dead simple, and therefore accessible. All they had was a basic textarea with BIND alike configuration in it. I could log in to their admin interface and change my DNS records as desired.

A few years ago, they auto-upgraded my account to their new shiny DNS panel, which, surprise surprise, is no longer accessible with a simple text browser. After a bit of bitching with support, they ended up downgrading my account back to the old functionality, so I was happy again. However, as you might guess, last time I needed to change a DNS record, I found that the DNS panel has been ugpraded yet again and is again no longer accessible to me.

So it was time to leave the sinking ship. But I needed to find an accessible DNS hosting service. Not an easy task, given that everyone seems to do more or less the same thing these days.

Git to the rescue!

After a bit of web searching it became apparent that most offers these days are not what I want. I want a simple interface without any danger of accessibility issues. In most cases, you can not test the DNS management interface before signup. After a few dead ends, I took a step back and said to myself: “So, what is it that I am actually looking for? If this were a wishlist item, how would I like my workflow to be?” And the answer came immediately: “I want my zonefiles in a git repo!”

So I decided to turn my search upside down and search exactly for that. And guess what, I found exactly what I was looking for: LuaDNS.

LuaDNS has 5 nameservers in Europe, Asia and North America. As the name implies, it offers a way to write your zone files with Lua. This can be quite helpful for programmatically generating zones. However, it also supports BIND alike zone files, which is what I use.

The idea is simple: You create a Git repository on GitHub or BitBucket and let LuaDNS know where it is. A web hook can be setup to automatically trigger zone rebuilds once you push to your repository.

So all my accessibility problems around DNS hosting are suddenly completely gone. Once I edited/commited my zone files and pushed to my repository, LuaDNS will automatically pull from the repository and update my zones.

  • I can edit my zones with my editor of choice without having to go through the web.
  • I have history for my DNS changes.
  • I can revert changes easily.
  • Changes can have descriptive commit log entries.
  • All the usual advantages of Git.

And I will never have to fight with an inaccessible web interface again. That said, LuaDNS has a web interface for administering account settings. It works very nice with Lynx. I hope they keep it that way.

Current LuaDNS limitations

There are two things I don’t particularily like about LuaDNS currently:

  • There are currently no AAAA records for their DNS servers. This is apparently being worked on and is supposed to be fixed somewhere around april 2014. Note that AAAA records are perfectly supported by LuaDNS zone files, it is just that none of the DNS servers they provide to you offers any AAAA records yet. So IPv6-only hosts might have trouble to reach your site if they don’t use an IPv4 enabled recursor (a rather rare setup I guess).
  • Due to the way BIND alike zone files work in LuaDNS (SOA records are autogenerated), you can currently not sign your zones. I’ve been told DNSSEC is on the list of things to work on at LuaDNS, so I am looking forward to see what they will implement.

The team is friendly and was very fast to react on a question via email. Looks good, I’ll stay.

Now that I think of it, this article might be considered an answer to Steve Kemps question what would you pay for: I’d pay for a VCS based DNS hosting solution that allows me to use DNSSEC, if its web interface were kept clean and simple and therefore accessible. However, I don’t mind a free account for low volume usage at all. Especially if that makes it easy to test the service and make sure it works as expected.