Our DNS Setup at cloudscale.ch
While data make their way through the Internet to their destination using numeric IP addresses, the Domain Name System ("DNS") ensures that these IPs remain concealed behind user-friendly domain names. Almost unnoticed in day-to-day processes, the DNS translates domain names into IP addresses and vice versa, which is why it is often compared to a telephone directory. Find out how we manage our part of this globally distributed database here at cloudscale.ch.
External view of our DNS servers
The authoritative name servers of cloudscale.ch are important for our customers in various situations. They make it possible, for example, for our own services to be found and then used. This includes access to our website and the cloud control panel via a browser, as well as sending requests to our API from client-side tools. In addition, the domain names of our Object Storages need to be resolved to IP addresses, also for visitors of third-party websites if static content from our Object Storages is embedded there. Furthermore, our name servers respond to what are known as reverse lookups: our customers can determine a reverse DNS name (PTR record) for their virtual servers and Floating IPs, which is then published via DNS and can be queried from our name servers.
If a DNS query is made for one of our IP addresses or domains, the DNS client (starting from the root zone and following the DNS hierarchy) first identifies our name servers and then asks them for the required information. We currently have three public name servers: we run
ns1.cloudscale.ch at our "RMA" cloud location in Rümlang (Canton Zurich) and
ns2.cloudscale.ch at our "LPG" location in Lupfig (Canton Aargau). Although we have taken numerous measures to protect our cloud locations against failure, including redundancy in terms of Internet connectivity and hardware, we additionally run
ns3.cloudscale.ch outside our own infrastructure. The three name servers are completely independent of each other and can respond to DNS queries directly without having to rely on a central component such as a joint database.
Concealed control infrastructure
The decisive data source for our public name servers is an internal DNS setup that cannot be reached from the Internet. This is also designed in a geo-redundant manner and constantly replicates its dataset between our two cloud locations. Changes to DNS entries are fed into this internal DNS setup in a first step. A special control service then tests, several times a minute, whether new or changed entries are present and initiates zone transfers where necessary, which enables the public name servers to update their copy of the data. Changes to DNS entries – most commonly new reverse DNS entries from the cloud control panel – generally become visible from the Internet within ten seconds.
The DNS protocol itself is already designed with a certain degree of fault tolerance. It is common (and in certain cases mandatory) to have two or more authoritative name servers for a zone, such as a domain. If a DNS client does not receive a response to a query, it shortly afterwards automatically tries again with another one of these name servers. However, a delay of this kind may have undesired effects, which is why, for our DNS setup at cloudscale.ch, we not only have a redundantly designed physical infrastructure, but also tried-and-tested software components and configurations to avoid failure wherever possible. And last but not least, the systems involved in the DNS are closely monitored here so that we can intervene in good time if necessary.
By the way, if you specify a "Fully Qualified Domain Name" (FQDN) as the server name when creating a virtual server, it is automatically recorded in our DNS setup as a reverse DNS entry to the IP addresses of this server (IPv4 and possibly IPv6). Floating IPs take over the reverse DNS of the virtual server that they are initially assigned to. You can adapt the reverse DNS of servers and Floating IPs at any time in order to ensure that they match the DNS entries in your own domain.
Even beyond web and email addresses, the Domain Name System is involved practically everywhere. Here at cloudscale.ch, it is important to us that the DNS resolution of our domains and IP addresses functions reliably, as this is essential for our customers to be able to manage their cloud resources via the cloud control panel and API as well as access our Object Storages. With a carefully designed geo-redundant DNS setup without single point of failure, we help to ensure that using our services is not only simple but also smooth.
This is what our (domain) name stands for!
Your cloudscale.ch team