Do you really want to use your own DNS servers?
Now, for those of you who are not familiar with the term DNS server let me start with a small explanation…
When you register a domain name you’re basically generating a name which you or other people can use to reach a certain place on the Internet. For example; “www.yourdomain.com” could be pointed to a webserver which hosts your website. “mail.yourdomain.com” could be pointed at a mailserver; a computer which makes sure that you can receive and maybe sent e-mail. Maybe you’d even use GD’s forwarding features so that “chat.mydomain.com” points to one of your social webpages…
But how does this all work? How does your browser know where to go to when you tell it that you wish to see “www.yourdomain.com” ?
The answer is a so called DNS server. DNS stands for ‘Domain Name System’ or ‘Domain Name Server’, it is a way in which names can be translated to computer addresses; the so called IP address. A browser can’t very much with a name, but it sure knows how to put an IP address to good use!
So everything which may be required to know about a domain’s contents is stored in a DNS server which is responsible for that domain.
And this is also why you should be very reluctant with hosting your own DNS server(s). Should something go wrong with your DNS server in any way then it is not unthinkable that people can abuse it to take over your website, e-mail or worse….
An example.. You registered ‘yourdomain.com’, you also have an e-mail account “firstname.lastname@example.org” and you told your registrant that they can sent any information to this e-mail address.
Because you want much more than GD provides you decide that you setup 2 DNS servers for your domain so that its fully hosted outside GD’s network. So far, so good..
However, as stated above; when an attacker manages to break into your DNS server or worse: finds a flaw which allows him/her to feed your DNS server with falsified information then you’re basically home free.. It wouldn’t be difficult to point your website name (‘www.yourdomain.com’) to something else; now you risk that all your website visitors may now get to see stuff they didn’t ask for, this could cost you visitors!
And by taking your your e-mail, this could be done by changing the pointers to the mailservers for the domain, you’d also never get any possible warnings that something isn’t going right.
And because it is not unthinkable that they left no traces this would also make it harder to detect or solve..
But what if they would now try to logon your GoDaddy account and use the “forgot my password” feature? Worse: if they’d try to transfer your domain out; it is also not unthinkable that the attackers will get all the automated messages which are sent to you so that you can confirm that the domain really needs to be moved..
Obviously I’m not going into too much (technical) details here, but I do hope you’ll realize that there is much more at stake when you’re “simply” going to use your own DNS servers.
Don’t forget that DNS was never setup with security into mind; the main idea was a simple one: to provide means to change a name into an IP address, nothing more or less.
In the end GoDaddy’s ‘total dns control’ has evolved a lot over the years. A lot of things which weren’t possible back then are easily done now. And as an extra bonus you can be sure that GD also takes extra care when it comes to securing their server and services.
In the end you won’t gain much advantages, only much more stuff to worry about. DNS server software is something which has its shares of bugs too, as such regular updates are also being made available and should be applied.
So remember.. there is much more to running your own DNS server then merely installing the software, setting up domain information and flicking the virtual ‘on’ switch.
And there you have it..