MultiHub Forum

I've recently taken over IT responsibilities for our small e-commerce company, and our current DNS management is a mess, with records scattered across an old hosting provider and our domain registrar, leading to slow propagation times and occasional outages. I want to consolidate everything under a professional DNS provider and implement proper DNS management best practices for reliability and security, but I'm not sure where to start beyond the basics of A and CNAME records. For sysadmins who have modernized their DNS infrastructure, what provider did you choose and why? How do you structure your zones for clarity, and what specific practices like DNSSEC, TTL strategies, or monitoring tools have you implemented to prevent downtime and mitigate DNS-based attacks? I'm also curious about the pros and cons of using a provider's nameservers versus running your own.

Based on our experience migrating to a managed DNS, I went with Cloudflare DNS for a small business. Why: global anycast, robust DDoS protection, easy API, solid DNSSEC support, free tier that covers basic needs, then upgrade as you scale. Setup time was quick; main gotchas: you need to keep a fallback NS at your registrar so you can switch if needed. I added 1) apex support via CNAME-like at root (via ALIAS if supported) or just point to A records, 2) keep critical records with TTL of 300 seconds during migration, 3600 seconds afterwards, 3) enable DNSSEC and set up DS records at the registrar, 4) ensure TLS cert provisioning aligns with DNS validation, 5) test propagation with dig/nslookup. If you want, I can outline a concrete 30-day migration plan.