this question may have already been discussed. However, I can’t seem to find it in searches so perhaps the naming of previous discussion has been different to my train of thinking.
It would be good if there was a single place where all of this information could be found and applied to help others in building their own webservers.
I have been running a cloud vps for over a year now (on Google Cloud) hosting a few client websites as a trial after moving over from reseller hosting.
At present, I have not used my own nameservers…instead requiring clients to point an A record at the ip address of my cloud server on which their website (e.g. Virtualmin virtual server) is located.
As we all know, one significant problem with having clients use A records to point to hosting…if hosting provider wishes to alter the IP address of my VPS (for whatever reason) then all clients DNS A records have to be manually changed to reflect the new webserver IP address.
Most of the tutorials talk about setting the primary web server as primary nameserver too, however, is this really a good idea for someone who is going to be likely offering shared webhosting services to clients?
- what is a good model to use when setting up the infrastructure for a startup web hosting business (or someone moving away from reseller hosting), your own nameservers or have clients point A records at webserver IP address?
- If the nameserver model…almost all of the server setup tutorials i have followed aim to educate one to set the webhosting server as primary nameserver ns1 (is this really a good idea when one is likely providing “shared hosting”)
- Considering a “startup hosting business” is trying to get up and running on a budget and needs to set the main webserver as ns1, what options are available that can shield that server from dns attacks that are likely to take both it and client websites on it offline?
- Adding to Question 3, if that dns attack shielding is going to cost additional money, would it actually be cheaper to setup independant nameservers so one can hopefully limit the dns attacks to specific ip addresses rather than the main hosting server itself?
- In thinking about Q4, what principles are utilised to help shield hosting servers ip addresses from being attacked in the first place (for example, can we hide/mask their ip addresses?)