I have my DNS with a cloud provider that I want to stop using, and was considering where to move it (a few domains with a handful entries each). At some point I was wondering if I should run it myself. I have two VPS' in different data centers with fixed IP addresses, and I read up a bit - seems like this is doable.
I am not set on what software to use. I would like it to run in a container. Does anybody have any recommendations, positive or negative?
It's super achievable - I've run my own DNS for ages, there are a few common pitfalls but overall it's pretty low maintenance.
Personally I use PowerDNS, but you could also use something like BIND. I find PDNS to be a little easier to configure
Make sure you are looking at the docs for PowerDNS Authoritative, not PowerDNS recursor
You install PDNS Authoritative on bother servers, then designate one as a primary (/master) and the other as a secondary (/slave/replica). You create records on the primary, and configure it to replicate the records to the secondary using AXFR
I'd recommend using one of the database backends for PDNS - personally I use Postgresql. Sqlite is simpler to set up, but I've had issues where making multiple updates over the API causes errors due to locking
DNSSEC is a bit fiddly to set up initially, but doesn't add much operational overhead once it's running
Take a looks at glue records if your want to host the domain that the nameservers themselves use
Once you've got things running, consider something like https://ns-global.zone as a backup
Feel free to ping me if you have questions or need help getting things set up
Kudos for mentionning powerDNS, it's an amazing software :)
One thing I love with powerDNS is the various backends available, notably the postgreSQL and mariaDB/mysql ones. Only the primary powerdns instance modifies the database records, the secondary instances just read from database (master or replicas). Thus, no real need for AXFR: as soon as you added/modified a record on the primary, the secondary pdns servers will see it in the database.
The pdnsutil CLI tool is also really convenient, and the powerDNS API is a godsend when you need to automatise stuff for thousands of domains and hundred of thousands of records. There's also a nice third-party webUI (powerdns-admin, docker image: pdnsadmin/pda-legacy). Bonus, Terraform does have a powerdns provider.
At work we use dnsdist (from powerDNS too) to load-balance between our powerdns instances (with caching!), and to filter out/rate-limit/temporary ban bad actors (dns laundering, records enumeration and such for example).