Google Cloud DNS
So a few months ago I decided to stop paying over $25 a year for DNS hosting from my old provider, DynDNS, and move to something a little cheaper. The first place I choose to look was Google hosted DNS. This Google Cloud DNS service runs on the Google Compute Engine and was immensely cheap at $0.60 per month.Update: Google Cloud DNS is also well positioned to handle DDoS attacks with their massive infrastructure. Depending on the size of the attack, (number of queries) you may be charged a bit extra for absorbing all of that traffic. Although judging from these very low costs per BILLION hits, I don't think it would be very much of a worry. Also, for the security conscious administrators out there, Cloud DNS also has Alpha support for DNSSEC, along with the industry standard RSA. You can sign up for the Alpha here: https://groups.google.com/d/msg/cloud-dns-discuss/WXNHtB9W0bg/5xf6RXLdCQAJ
Cloudflare Managed DNS
Then this week I found out about Cloudflare. I've heard of them and seen in the news how they can protect web sites from DDoS attacks. I thought it was just a gateway of some sort. Now that I have visited their site I am a little more informed. Not only are they a managed DNS provider but they are a global CDN that has many security and optimization features. Best of all, they have a free tier that includes managed DNS and a handful of their most popular services. I really dig the fact I was given a free auto-renewing wildcard SSL certificate for my site. Check them out if you're looking for a free and feature packed option.Update: Cloudflare also supports DNSSEC using ECDSA and NSEC with white lies. I hear through the grapevine that this works most of the time, but some resolvers might not support this method. It should definitely be taken into consideration before rolling DNSSEC into production.
Also, digging a little deeper into the limitations of the free DDoS protection for your website. They are a little vague as to the specifics, saying "Basic DDoS protection is limited in our Free and Pro plans, and based on the attack's disturbance to our network." So who knows what the limit is!
