Comment by evolve2k
8 hours ago
I’ve mainly been using cloudflare for the very excellent (and free) premium DNS offering.
Easy upload of bind test files Flattened CNAME to support naked domains Robust free role based permissions to add other ppl
Anyone have suggestions for moving a stack of domains, many being little community and hobby projects away from cloudflare for a small overall price. Agency pricing like migadu offers for email on custom domains is what I have in mind.
I've tested just about every DNS provider I could find. Self-hosting and Bunny aside, my needs are especially well met by CloudDNS and LuaDNS.
https://www.cloudns.net/premium/
https://www.luadns.com/pricing.html
I've found every other offering to be lacking. Some examples: Cloudflare is alright but has settings footguns if you're not used to Their Way of Doing It™ (e.g., before using DNSControl, I had to manually flip switches to turn off proxying every time I updated my zones). deSEC is free and okay, but sometimes quite slow to propagate and its UI+API are unwieldy. DNS Made Easy is often pushed on social media, but it's ridiculously pricey for what you get if you don't need a SLA. DNSimple seemed nice but IIRC I couldn't get a different API token per zone (?).
I'm currently relying mainly on LuaDNS. For me, it functions as a "dumb" DNS host (i.e., not using their Lua configuration-as-code system). Their API is oddly designed, but it's been passable since a recent-ish update, which has allowed me to safely port my zone files to DNSControl.
https://dnscontrol.org
I should add a friend has recommended DNsimple.com and I’ve previously found their service to be excellent.
https://dnsimple.com/
50 cents per domain per month 10 cents per million queries
That’s prob cheap enough to support lots of little hobby sites and bigger traffic sites likely have some budget.
Thanks for recommending us, I (and the rest of the team) appreciate it.
I used them in the past (many years ago) and was very surprised when my DNS was affected by a cloudflare outage. Turns out (back then) they relied on the cf network for DoS protection against their resolvers[1]. I was surprised to learn that and honestly thought that if I already take a dependency on cloudflare I might as well have them host my zones directly for free.
[1] Not completely sure but I think this was the incident https://blog.dnsimple.com/2020/07/incident-dns-resolution/
At one point we were using Cloudflare's DNS Firewall product for our entire edge network. We have since moved half of our edge network to our own infrastructure and are currently in the process of expanding our edge network further, so at this point an outage at Cloudflare should be at least partially mitigated for our customers due to our separate edge network, and eventually it should be completely independent.
Second DNSimple. Cheap to start and lots of nice features/support if you grow e.g. terraform provider, an acme.sh plugin, Okta support etc.
I make a point of using a dedicated service provider for each distinct service. YMMV but I'm happy with DNSMadeEasy (DNS), IWantMyName (registrar) and Fastmail (email).
Try desec.io, I use them and am very happy. Free DNSSEC, which some other DNS hosters want to charge you for (IONOS, looking at you).
You can use Bunny for DNS-only, it works well