Move DNS Servers away from namespro.ca

[IanEdington]

Currently, our DNS provider takes forever to update DNS records. I've been waiting for 6 hours for an update and I'm still getting DNS_PROBE_FINISHED_NXDOMAIN.

1. Is it safe to make all these records public: https://docs.google.com/spreadsheets/d/1jnRH_oRdwL9xDTbHa9Cz9uPLryUNtzq5-JD3xhk8jEs/edit?gid=0#gid=0

2. Does it matter what DNS provider we use? I've heard good things about CloudFlare and Route 53. I'm partial to CloudFlare's application firewall. Would that impact this decision?

[rsalmond]

In theory the Time To Live setting on a DNS record should control how long it takes for changes to make their way from authoritative nameservers into recursive resolvers, but in practice many nameservers seem to ignore the TTL values and just cache old records for however long they want for performance reasons.

1. requested access

2. Both cloudflare and route53 are pretty bullet proof, have great terraform support, and the I believe the cloudflare WAF should work regardless of where we host our DNS.

The only other thing I generally consider when setting up DNS records is to make sure that the DNS provider is separate from the registrar. That way if there are problems with the registrar, you can still update DNS, and if there are problems with DNS you can go to the registrar and change the authoritative nameservers to some other DNS provider. But if your registrar IS your DNS provider and they have a problem, you're screwed.

[IanEdington]

ok awesome. I've given you access to the doc.

It's been ~30 hours since I updated the record and they still haven't propagated. I've checked and double-checked and I'm sure I did it right.

I'm planning on working on this today to unblock our CiviCRM contractors.