SERVICES

What is BuddyNS and how is it different?

BuddyNS is a free secondary DNS service. When you register a domain name and run the DNS yourself, you use BuddyNS to replicate your DNS service.

BuddyNS has a history committed to raising the bar for DNS:

BuddyNS is not a public DNS cache such as OpenDNS. BuddyNS is meant to assist domain name owners, not end users.

What are BuddyNS' main features?

BuddyNS strives for ease of use and reliability. Here are the features in a nutshell:

  • world's fastest synchronization of DNS changes
  • highly-available, low-latency global DNS infrastructure
  • administrator-friendly tooling and notifications
  • dual security, with co-existing DNSCurve and DNSSEC
  • full support for Internationalized Domain Names (IDN)
  • outstanding security and reliability, 100% uptime since inception
  • outstanding IPv6 support: AAAA records, DNS lookups, WWW, AXFR
  • unlimited domains, records, and updates allowed
  • free of charge up to 0.3 Million queries/month
  • BuddyBoard for monitoring configuration and state of your zones
  • friendly, competent and responsive support

How do the account types differ?

BuddyNS offers a basic DNS replication service (secondary DNS) for free for both personal or commercial use. Users who require additional features or produce high volumes of traffic are required to subscribe for a paid account.

BuddyNS offers multiple plans to accommodate all needs. Here are the details for each account type:

Free User
  • free of charge for personal and commercial use
  • up to 0.3 Million queries/month total traffic (per-account)
  • strong, drop-in DNS security with DNSCurve
  • no support — bring your own know-how
Pro User
  • 10x larger traffic quota
  • priority zone updates
  • delegation through *.pro server names
  • low-priority Level-2 support (technical)
Astronaut User
  • Anycast
  • Dual DNS security with DNSCurve and DNSSEC
  • Encrypted zone transfers
  • Multi-factor authentication
  • High-priority Level-2 support
Enterprise User
  • private, own cluster
  • self-selected server locations
  • uncapped traffic
  • oAuth integration
  • Level-3 support (engineering team)

For a detailed comparison, see our plans.

Why is BuddyNS free?

External secondary DNS services sucked for decades. We keep our fundamental service free to make it available to as many users as possible and set a new standard in DNS.

Our revenues come from paying users, who are professionals, companies or private individuals enjoying premium services or simply willing to support BuddyNS.

Why BuddyNS instead of another?

Better DNS consistency
BuddyNS dramatically improves the consistency of your domain data by ensuring your secondary DNS servers are always updated shortly after you perform any modification at the primary DNS.
Better geographical presence
BuddyNS runs a global DNS infrastructure, with locations strategically determined to serve your users' queries fastest across the globe. Don't settle for vendors with a beefy two-site infrastructure!
Easy to use
BuddyNS is built with the ease of use in mind. Check out the BuddyBoard for a taste.
Great support
All inquiries to support@buddyns.com get answered by people who know what they're talking about.

Do you limit Domains? Records? Traffic? Updates?

BuddyNS offers free accounts for all users, personal and commercial use, regardless of number of zones, records, or monthly updates.

Our free accounts are limited to 0.3 Million queries per month. If you operate an account totalling more than this traffic, we require you to open a paying user account to support our operation.

Can I use BuddyNS for Dynamic DNS?

BuddyNS is not designed for Dynamic DNS or variable master.

Because of its blazing fast syncs, some users choose to use BuddyNS for this purpose anyways; This use is not trivial and not supported.

They setup a script to run whenever their IP address is changed, and use our API to automatically update this data on BuddyNS. Don't do this unless the primary is always available on one address or the other.

Notice that while removing and re-adding a zone through our API, the zone might go unserved for a couple of minutes.

Also, notice that we may delay or cancel your account if you make unfair use of our resources, e.g. by sending hundreds of sync requests a day. We do so to prevent few careless users from spoiling service of many other users. See our Terms of Use.

Can I use BuddyNS as primary as well?

We do not offer a web panel where you can edit the records of your domain, because our current focus is improving DNS replication (secondary DNS) over the Internet.

However, you can still use all-and-only BuddyNS servers to serve your domain: you just need to provide your zone to BuddyNS via AXFR.

SECURITY

Do you support Multi-factor authentication?

We support MFA (2FA) in our Astronaut and Enterprise plan, using TOTPs for best security and usability.

What does BuddyNS do for DNS security?

DNS security is central at BuddyNS. We serve it in two ways:

  1. BuddyNS is the world's only DNS service to provide dual security for DNS.
  2. BuddyNS offers strong link-lever DNS security free for all.

We proceed by delivering easy-to-use, free DNS security to all, thanks to a custom-built DNS cluster.

To find out more about our security concept, check out our DNS security page.

What is "dual security"?

BuddyNS offers dual security by natively supporting two security technologies in one service: DNSCurve and DNSSEC.

DNSCurve provides link-level security, similarly to HTTPS for the web. It requires no extra setup, infrastructure or training, and it is fully backwards compatible. DNSCurve is easy for developers to integrate, trivial for administrators to deploy, and extremely lean on infrastructure. DNSCurve is the best mean to bring DNS security to the masses, and BuddyNS offers it for free on all plans.

DNSSEC provides data-level security, similarly to S/MIME for e-mail. It empowers organizations — such as banks, TLDs and ISPs — to deliver trusted DNS data when they can't trust their DNS infrastructure. DNSSEC requires some extra setup and maintenance burden on the administrator side, and some extra load on the infrastructure, and it's available in our Astronaut and Enterprise plans.

To find out more about our security concept, check out our DNS security page.

What is DNSCurve and why does it matter?

DNSCurve is a technology to secure DNS transport, similarly to what HTTPS is for the web. It is based on elliptic curve cryptography, a modern crypto-tech that is both more efficient and more secure than tradition cryptos. DNSCurve includes a mechanism for smart public-key distribution.

Here's why DNSCurve matters:

  • It delivers adequate security for most organizations for free.
  • Its effectiveness and ease of use make it a great mean to spread DNS security to vast portions of the Internet.

When should I get DNSSEC?

Use DNSSEC when you cannot trust your DNS infrastructure, e.g. BuddyNS.

DNSSEC enables you to ensure end-to-end control of your DNS data. Leveraging this requires maintaining some cryptographic signatures of your DNS data. The step itself is not a big deal, but it does incur some setup and maintenance effort, and introduces some risks. You need discipline and processes to do it right. Use it for a cause, and when you know what you're doing.

We recommend DNSSEC to organizations where a temporary DNS take over incurs a substantial risk of permanent business failure. This includes banks, insurances, TLDs, and privacy-centered sites such as medical organizations.

Look at your website as a meter of reference: if security is a ground to require you to host it on-premises, then you likely need DNSSEC.

Disclaimer: this is spontaneous, general advice. You are solely responsible to adopt the security policy best suited to your context.

FEATURES

Why are my domains more consistent with BuddyNS?

Traditional service providers use software off-the-shelf. BuddyNS employs an ad-hoc infrastructure designed from scratch exclusively for fast zone synchronization. This tackles three improvements:

  1. more efficient update checks
  2. distributed system
  3. separate DNS updaters, checkers, and publishers

Here's how it works. Inside BuddyNS, multiple checkers poll domains for updates. Each can issue hundreds of checks per second, so domains can be checked frequently. Checkers relay which domains need update to two transfer systems. These fetch up-to-date zone data and transfer such data to publishers. Publishers are only concerned with answering client queries about your zone.

BuddyNS splits a traditionally all-in-one system in three levels, and optimizes each individually. This dramatically improves robustness and performance.

Where are your servers located and why?

Our infrastructure page will show you that BuddyNS is a global cluster with presence in all of these regions:

  • Asia & South East Asia
  • Europe
  • Middle East
  • North America
  • Oceania

How do we select each location?

We manage geographical presence as a strategic asset, assessing factors including latency, peering, continuity, and political stability.

Latency is a crucial factor in the planning. Users have ephemeral patience for loading time, and all the time you save on DNS is more room for your web servers to generate valuable content: simple improvements on DNS save you otherwise substantial costs in development and infrastructure. It won't make much difference if DNS latency is 5, 10 or 25ms, but growing latency past 100ms surely does.

Most DNS resolvers today select the DNS server to query based on best response time, so having points of presence nearby can reduce latency substantially. Our locations are planned with the goal to offer sub-30ms response time to densely populated areas and sub-70ms to most of the world's connected areas.

Why haven't we deployed to South America and Africa? South America generally lacks intra-regional peering, so that most traffic between South American countries goes through Miami and back, making local deployments mostly useless. Africa's ring backbone has a similar challenge.

For users to whom jurisdictional borders are relevant, notice that BuddyNS provides you with this information explicitly.

Which locations should you use? For our Free and Pro plans, delegate your zones to 3-5 BuddyNS servers. This improves reliability and resolution time, since most Internet resolvers pick their destination based on response time.

Our Astronaut plans include Anycast, which internally routes your clients' queries to the nearest available server from our DNS cluster.

What is and how do I use SyncNOW! ?

SyncNOW! is your way to manually request immediate update for your zones.

Log into your BuddyBoard and push the SyncNOW! button. SyncNOW button logo BuddyNS will start a synchronization procedure shortly for all zones configured in your account. If your account hosts many zones, push the little SyncNOW! icon next to the specific zone you want to update, so your update will go through more quickly!

With SyncNOW! BuddyNS cuts DNS synchronization habits from many hours to minutes or seconds! In its simplicity, this fixes a problem that annoyed DNS administrators for two decades.

Does BuddyNS support NOTIFY (rfc-1996) ?

Yes it does!

With NOTIFY, your master DNS server sends a special message to all secondary servers for zone X when you change zone data for X. This message informs all secondary servers that a change occured, inviting them to synchronize the new DNS data without waiting until the next polling.

BuddyNS supports NOTIFY notifications:

  • All servers of the BuddyNS cluster understand NOTIFY requests. No constrains when choosing which ones to use as secondaries for your zones.
  • Actual zone transfers are delayed up to 60 seconds after NOTIFY for security reasons.

For the geeks: some DNS implementations at your primary might report an error after sending NOTIFY requests to BuddyNS. You can safely ignore these: BuddyNS servers won't give an answer to these requests, but transfers will be initiated with the random delay.

What DNS service extensions do you support?

Internationalized Domain Names (IDN)
BuddyNS supports IDNs natively.
DNS notify
BuddyNS supports NOTIFY invocations. Transfers are initiated with a random delay up to 60 seconds for improved security.
DNSCurve
BuddyNS supports DNSCurve for integrity, authenticity and confidentiality for free on all plans. See our DNS Security page for details.
DNSSEC
BuddyNS supports DNSSEC for Astronaut and Enterprise users. See our DNS Security page for details.
TSIG
TSIG-enabled zone transfers are available to users on Astronaut and Enterprise plans. Contact our support to enable TSIG on your account.
IPv6
BuddyNS has all-round support for IPv6: DNS AAAA records, DNS queries, AXFR transfers, NOTIFY, WWW — they all just work on BuddyNS.
Outward AXFR
Since BuddyNS is a secondary-only service (you cannot edit your zone from BuddyNS), you already have an AXFR in your control.
Anycast DNS
BuddyNS offers Anycast to Astronaut and Enterprise users. See our DNS plans page for details.
RFC2317-style classless reverse delegation
BuddyNS will reject domain names that contain '/' characters as recommended by RFC2317. Multiple articles ([1], [2], [3]) explain why that's a bad idea. We recommend you delegate individual addresses (as in [3]) or use the '-' symbol as range separator.
CAA, RFC-6844 Certification Authority Authorization
BuddyNS supports CAA records. Simply add them to your zone and hit the SyncNOW button.

Do you offer DDoS protection?

DDoS protection is included in Astronaut and Enterprise plans — see table below.

DDoS protection ensures a degree of continuity when a domain is hit by DDoS attacks:

  • UDP floods
  • UDP fragmentation
  • DNS amplification
  • various other resource exhaustion attacks

The DDoS filter classifies incoming requests as legitimate or abusive and discards the latter before hitting the final DNS application. This keeps the service transparently available for most of the users even during the strike.

The filter is built to handle traffic volumes in the range of terabits per second.

Notice that during a DDoS attack, the portion of traffic that hits our end-servers is actually counted in your traffic amount. Not counting it would not only provide free-riding for resource costs which our infrastructure actually has to take — but also only serve to become a free heaven for high-risk organizations.

Free Pro Astronaut Enterprise
DDoS protection No No Yes Yes

Can I use BuddyNS with cPanel and WHM?

Yes. In fact, we maintain a cPanel-BuddyNS integration plugin for you to replicate your DNS with BuddyNS while controlling your domains exclusively from your cPanel/WHM interface. No extra infrastructure or complexity.

User

I have no DNS skills, can I use BuddyNS?

BuddyNS strives for ease of use. If you understand basic DNS concepts, BuddyNS guides you through a copy/paste configuration procedure, and helps you troubleshoot and fix arising problems with the BuddyBoard. For several configuration mistakes at the primary, BuddyNS will send you automatic notification e-mails with a problem brief and fixing instructions.

If you have no idea what DNS is — e.g. you don't know that DNS is organized as a tree — BuddyNS will likely be a waste of time for you. Look for Managed DNS services.

Does BuddyNS work with DynDNS, Route 53, or XYZ ?

All DNS services that support AXFR (standard DNS zone transfer) are compatible with BuddyNS. Services that do not support AXFR cannot be used with any secondary DNS service, because the service won't be able to get your DNS data to replicate.

Amazon's Route 53 does not support AXFR, so you are unable to use Route 53 with any secondary service. DynDNS lacks this feature as well.

Some providers that do support AXFR are:

  • Conexim
  • DNSMadeEasy
  • GoDaddy
  • Linode
  • XName (contact support)
  • Zerigo
  • ZoneEdit

If your provider is not in this list, contact their support and inquire about AXFR. Since it's a standard DNS service, it's possible that they'll enable it just for you. And if you don't get it, at least they'll get to know that people care about it.

How do I get a Pro or Astronaut account?

Always start with a Free account by activating a domain on BuddyNS. After your first login, you can upgrade from your BuddyBoard (your control panel).

If you upgrade Free → Pro (aka Advanced), you do not need to change your zones' delegation. All improvements, such as faster AXFR, are applied automatically by BuddyNS behind the scenes. If you would like the cosmetic change, you are allowed to change your delegation from *.free.ns.buddyns.com to *.pro.ns.buddyns.com. See Pro setup for that.

If you upgrade from Free (or Pro) → Astronaut, you must update your delegation to *.ast.ns.buddyns.com, since you switch to a different DNS cluster with Anycast and DNSSEC. See Astronaut setup.

You may want to upgrade for a variety of reasons. If you upgrade to get one of the perks of paid plans, you can do so anytime from your BuddyBoard.

If your domains's popularity produces traffic beyond a free account, you will receive an automatic e-mail explaining you when and how to upgrade.

Users on paid plans enable us to maintain a great service level and to keep offering Free plans for the masses.

Can I activate many, many domains in bulk?

Sure! Find the bulk activation form within your BuddyBoard. Paste as many zones as you wish in the text area, enter the master for them, and hit Add zones. BuddyNS will proceed to register each zone.

You need to have an account for this. If you're a new user, create one by registering the first zone manually.

You may also build a simple script to automate this operation from your server using our API. Here's an example for BIND on a UNIX system:

# extract blank-separated list of zones
zones=`ls /var/named/*.db | while read zf; do basename $zf .db ; done`
# address of master DNS server (replace yours)
master="192.168.100.200"
# authentication et al parameters (replace your API token)
curlpar="-XPOST -H 'Authorization: Token abc123abc' -Fmaster=$master"
# iterate to add each zone in list
for z in $zones ; do
    echo "Adding zone '$z'..."
    eval curl $curlpar -Fname=$z https://www.buddyns.com/api/v2/zone/
done

Can I set multiple primary/master servers?

Some users asked us if they can add IP addresses for multiple primary DNS servers in their BuddyNS account, so that if their "primary primary" dies, BuddyNS can still retrieve their zones from other ones.

We do not support this and warn you of the conceptual and technical risks that such architecture introduces.

Here's a simple, healthy way to handle the problem. If your master fails for a short time, relax about BuddyNS: your downtime can stretch 30 straight days (or more, contact us) and BuddyNS will keep running your zones undisturbed.

The case where you must unavoidably edit your zones during downtime of your primary are hard to imagine. Assuming they happen, just enter your BuddyNS account and update the IP of your primary to your intended "backup" server. BuddyNS will re-sync with the new primary within 2 minutes.

Downtimes of your primary long enough to justify such handling should be more unique than rare.

What are your e-mail and opt-out policies?

Our general policy is to minimize e-mails.

Our systems contact you automatically only about events essentials to your service. For example, you're e-mailed when your traffic quota is close to running out or when major issues are detected at your primary server.

Our team sends you e-mails relevant to your account. For example, we may e-mail you if your account mostly runs brazilian domain names and we launched a new Point of Presence in South America. These occur with minimal frequency.

We never e-mail you, for example, about new offers or new services.

Opt-out — your zone replication relies on automated notifications: to stop receiving them, log into your BuddyBoard and press the big red "DELETE ACCOUNT" button (this terminates DNS replication for your zones). If you forgot your password, find it in your account creation e-mail (Subject: "Hello from BuddyNS: your BuddyBoard account"), or use password recovery if you changed it.

I lost access to my email. Can I recover my account?

We get out of our way to emphasise the importance of a reliable contact. Take a minute to trace back why this happened and how you can prevent it from happening again. Did you choose a disposable e-mail contact? Did you use a personal contact for a role?

You have 2 options for recovering your account:

  • If you associated a mobile phone number to your account, we can text you a new password there. Contact our support team This is the most secure and efficient way. If you are a Free User, this is also your only option.
  • if you need to recover access from an admin who left your company, contact her and ask to log into the BuddyBoard and replace her e-mail address with yours. If you have this option, this is the simplest and quickest way. Once the account is associated with your e-mail address, you can use password recovery to set a new password.
  • if you no longer have access to the former account, we can forcibly set the e-mail address for you only after we could authenticate you as owner of the zones hosted in the account. This task requires our Level-2 support team and is therefore exclusively available to users on any paid plan, and not to Free Users.
    In order to do this, add a record "bdns-YYYYMMDD.yourzone.com" (replace with current date) for each of the zones you want to reclaim access for. Then write to our support: include the list of zones to take over, and the new email address you want to access them with. We'll send you the relevant login data.

All of these options require intervention of our Level-2 support, so they are only available with any of our paid accounts.

Domain names are sensible assets. The cumbersomeness of this process is what it takes to protect them. We hope you appreciate our taking your security seriously.

Paying user

Do you allow Vanity DNS?

In essence, Vanity DNS suggests you can rely on specialized DNS while pretending fully owned infrastructure. Our policy on Vanity DNS is as follows:


Free

Pro

Astronaut

Enterprise
Allowed
DNS cluster deploys zones that use Vanity DNS.
No Yes Yes Yes
Supported
Our team notifies you and responds about Vanity DNS.
No No Yes Yes
Recommended
We advise using Vanity delegation.
No No No No

A decade experience in DNS makes us recommend you against Vanity DNS. Why? Vanity DNS poses and extra maintenance burden and major security risk in return for negligible business value. It's just not worth it.

Regarding value: What fraction of your users will actually go and look up your domain delegation? 1%? 1‰? Even those who do, they'll discover long cryptographic keys. If they get to the end of it, they'll realize they are operated by a specialized, high-security DNS network. So what? That tiny fraction of technical Sherlock Holmes will find out that you take your DNS seriously.

Regarding risk: whenever an IP address changes, e.g. for network or location optimizations, you must accurately, timely update your delegation. Miss that, and you'll inadvertently empower unknown third parties to control your most sensitive Internet asset. What could happen? Lose ownership of your domain name, get a website defaced, leak your clients' access credentials and more. We've seen enough distractions with delegation already.

Additionally, delegating with Vanity prevents you from leveraging the security provided by our native cryptographic DNS, which requires nameservers including the cryptographic keys to function.

So, is it worth sticking with Vanity? If so, see setup for Vanity DNS, then open a ticket, so we put you on the notify list you whenever an IP change occurs.

If not, proceed with standard delegation, let us handle the network and keep your zen.

How can I get an invoice for my account?

BuddyNS automatically generates invoices for each payment incoming if your billing data is available, and lists them in your BuddyBoard. If you need invoices, be sure to enter your billing data in the BuddyBoard (see "Settings") prior to activating your subscription.

If your organization is based in the European Union, we encourage you to enter your VAT number in VIES-compatible format, e.g. FR12345 as opposed to 12345.

What payment methods & currencies can I use?

What payment methods can I use?
You can pay with Credit Card (Mastercard & Visa), and, in certain cases, Bank transfer. You find each option in your BuddyBoard.
When can I use bank payments (wire transfers)?
We accept payments via bank transfer (wire transfers) for amounts over 100$ or 80€. They are normally free of charge within the European Union, and expensive from the rest of the world. Confirm with your bank if they support SEPA (we do). If your bank does charge anything, such costs are up to you, so make sure to correct the transfer amount correspondingly. E-mail us at support@buddyns.com with your BuddyNS username and your payment needs for further details. We do not accept payments via cheques as they are overly complex to handle internationally.
Custom payment schedule
The BuddyBoard allows you to pay monthly or yearly. If your subscription is < 9 $/month, BuddyNS automatically increases the periodicity to 2 or 3 months until this value is reached. If you wish to pay with different schedules, e-mail us at support@buddyns.com and mention your BuddyNS username and desired schedule. We'll prepare the schedule for you; it will appear as a Custom Offer in your BuddyBoard, when you press the Subscribe button.
Payments in other currencies
We natively support USD ($), EUR (€) and CHF, meaning we offer native-currency payments to 26 countries and over 80% of our users. We automatically determine what currency to present you based on the Billing Address you provided, or the country you're browsing from if you haven't provided any.
If your native currency is none of those, we'll present you with the currency you most often deal with (for example, USD for Mexicans, EUR for Polish), and our payment gateway will automatically perform a currency conversion for you. Visit our blog post on currencies for more details.

How do I change my credit card on file?

BuddyNS does not store your Credit Card information. Because of that, if you want to switch your existing subscription to a different Credit Card, you need to create a new BuddyNS subscription altogether.

To create a new subscription with the new Credit Card, proceed as usual:

  1. Log into your BuddyBoard.
  2. Press button Your billing planChange plan.
  3. Proceed to checkout.

Activating a new subscription automatically terminates the previous one.

How do I terminate an paying user account?

Log into your BuddyBoard, and click button Terminate subscription.

BuddyNS will downgrade your account to Free User after the expiration of your last payment period. Notice that Vanity DNS is not available for Free Users, so you need to reconfigure the delegation of your zones with BuddyNS own names. If not, BuddyNS will keep stop fetching new versions of your zones until this is fixed.

If you wish to terminate your account altogether, log into the BuddyBoard and use the Delete account button.

How do I upgrade or change service options?

To change your service options, simply click the Subscribe button inside your BuddyBoard, choose your new options, and proceed to checkout. This will create a new recurring payment profile, and BuddyNS will take care of blocking the old ones.

You can both upgrade and downgrade your options. Changes take effect immediately. For example, if you upgrade because you ran out of traffic, your traffic will be restored within seconds.

Traffic quotas

I don't know my traffic; which quota should I get?

BuddyNS helps you with that in two ways:

  • with traffic consumption notifications;
  • with BuddyBoard's Estimated traffic predictor;

The former just hit your specified e-mail automatically when 60%, 90%, 100% of your traffic quota is reached.

For the latter, just set up your zones and keep an eye on the Estimated traffic predictor in your BuddyBoard, "Account" pane.

This predictor gives you a linear projection of your latest traffic onto the whole month. Because DNS traffic floats (lower overnight and in week-ends), longer periods give a more accurate estimation. Two weeks is usually good.

After you accurately determined your estimated traffic, get a traffic quota that's between 1.5x and 2x that value.

You can change your quota anytime, just re-subscribe for the new value. The change takes effect immediately.

Why do I get so much traffic?

Here's some hints if your DNS traffic looks suspiciously high:

  • Check for setup issues (monitoring systems, spam filters, scripts gone mad etc).
  • Check if one of your domains just got a publicity exposure (slashdotting).
  • Most DNS caches pick destination servers based on best response time.
  • DNS resolvers first contact destinations given by the parent's glue.
  • You may trade traffic with longer TTL values, especially on NS records.
  • You may trade traffic with reliability by delegating less BuddyNS servers.
  • If using DNSSEC, check for potential issues in key rotation.

If you have reasons to exclude these, you have probably been targeted by a network scan or spam attack. These last few hours to a few days, and generate many tens of thousands of traffic.

BuddyNS implements logic to curb traffic incurred by scans and attacks, but since they are extremely hard to distinguish from regular traffic, some do get through.

If your normal traffic is well beneath your quota, these are unlikely to deplete it. If your normal traffic is over half your quota, and you want to prevent these from making you deplete it, you need to subscribe for a larger quota.

GeoStats help you early detect these cases. On exceptional need such as forensics, you can request us your traffic logs for your own analysis (availability is not guaranteed). We restrict these requests to paying users as the volumes of traffic we deal with make the operation extremely time-consuming on our side.

Can I control how much traffic to give BuddyNS?

As it's designed, the DNS system treats all nameservers a zone is delegating to as peers: equivalent and indistinguishable. So DNS doesn't give you a way to control priority or failover of nameservers: all nameservers get some DNS traffic all the time. However, these technical tweaks may get you some results:

  • Change your TTL (time-to-live) values to affect the total amount of DNS traffic for your domains. Increase TTLs of all your DNS records, especially NS records, to reduce DNS traffic. This will cost you longer propagation times for future DNS changes. We recommend to avoid TTLs longer than 1 day (86400 seconds). In some cases, depending on your traffic patterns, changing TTLs will not significantly affect your traffic.
  • Change the ratio of BuddyNS servers you delegate to. If you delegate your zones to 6 servers, 3 of which from BuddyNS, then statistically BuddyNS gets 50% of your total traffic (3 out of 6). Give up one BuddyNS server and BuddyNS gets 40% only (2 out of 5). Several factors can skew this, e.g. many DNS resolvers choose servers by performance instead of randomly.

Which one of my domains incurs most traffic?

Activate GeoStats to answer this question.

They allow you to investigate your traffic dynamics, including type and geographical origins.

GeoStats are cost-effective and can be enabled selectively for one or few months. Simply create a new subscription from your BuddyBoard with your desired number of GeoStats zones to track. When you're done with your analysis, create a new subscription without.

If a paid account is out of your reach, please investigate the problem on your side. Most resolvers select which DNS server to query based on response time, so you should temporarily remove delegation to BuddyNS servers to ensure that all traffic comes to your server — if you want an accurate picture. Make sure you perform this delegation change both on your zone (master) and registry!

See also sources of traffic and how to control your traffic. Were you looking for traffic logs instead?

Can I get logs for my traffic against BuddyNS?

We do not collect query logs in any of our DNS clusters, so we cannot deliver this data after the fact.

We have the possibility to take a live sample of your traffic, but doing so from all live nodes in a way that does not interfere with their availability and performance is a relative time-consuming process on our side.

The associated labor costs in Switzerland are sizable. As a result, we reserve this option for Astronaut users in critical cases, such as:

  • You were affected by a security breach and need the data for forensic analysis.
  • Authorities requested such data for a cybercrime investigation.
  • You were hit by a DDoS and need evidence to pursue legal action.

If you do find yourself in those circumstances, contact our support and provide some context to substantiate your need around those circumstances.

Are you only looking to determine which of your zones produces most traffic instead?

Can you filter my traffic to BuddyNS?

The short answer is: we already do for the extent possible, so we cannot filter any tighter.

If you are a Pro or Astronaut user and require fine-grained traffic filtering, e.g. blocking traffic from certain regions or netblocks, you can upgrade to an Enterprise account where we're able to build custom solutions for your specific profile.

We otherwise occasionally get this question from Free users who saw a sudden spike in traffic, suspect it to be spurious (spam or network scan) and expect that BuddyNS take care of purging it.

Before you do jump to that conclusion, check reasons for unexpected traffic. In approximately half the cases, the excess traffic is actually legitimate, such as from new services or some misconfigured service.

If you do establish that your traffic is generated by malicious third parties, then such attacks typically subside in few days, and are unlikely to repeat soon. It's simply anti-economical for them to obsess on one organization.

If your traffic rate has not subsided after 2-3 days, that's strong indication that your traffic is organic, and there to stay. Even if you have received traffic abuse notifications from BuddyNS, don't worry: we are friendly and we won't mark you as abuser for excess traffic one month alone. We only do upon repeated breaches, and you'll receive additional warnings before that happens.

If you feel like we should “tighten our firewalls” to ensure that only the traffic you deem legitimate is accounted for, please consider a couple of fallacies of such demand. We already employ such filters, to the broadest extent that does not interfere with legitimate traffic. This traffic did hit our infrastructure — who should bear the costs? If we tailored our filters around your specific scenario, what would that mean for traffic for other users in different industries and geographies?

If you are a Free user past quota, excess traffic has an easy solution: upgrading account takes a minute and spare change, and you can revert any time. You can also opt for GeoStats to get deeper insight into your traffic.

The BuddyNS engineering team is supported by paying users. We're grateful to them for "running the show" and wouldn't be fair if using their contributions to build custom solutions for Free users.

Our free offering is a friendly side perk we offer the community. It comes as-is and do-your-own support, and we're happy if you enjoy it as it is. If you doesn't suit your needs, consider upgrading or finding a Free vendor that better does.

What happens if I run out of my traffic quota?

BuddyNS stops responding to incoming queries for your zones once your traffic quota is used up. Depending on your setup, this results in:

  • Delays or timeouts when accessing services associated with your domains.
  • Global unreachability of associated services if your primary DNS becomes unavailable.
  • Global unreachability for domains delegating exclusively to BuddyNS.

BuddyNS takes great care in keeping you informed on traffic consumption. You receive notifications when your traffic reaches certain relevant thresholds, and you additionally receive a free notification via SMS as well if you do run our of quota (that's why we recommend registering a mobile phone number in your BuddyBoard).

Your traffic gets automatically unlocked as soon as you upgrade to a suitable traffic quota.

We have an additional process for outstanding circumstances of DNS abuse. If you ignore all notifications, run out of your quota, and your account continues to produre traffic past 250% of your quota, we send you a final abuse notification, with instructions and a few days time to address the problem. If no action is taken before the deadline, and you don't establish contact with our support, we initiate a case of Internet abuse and null-route your zones, answering all queries for them with 127.0.0.1 and making associated services appear as unavailable.

cPanel integration

Is cPanel DNSONLY supported?

Yes, the plug-in installs and runs fine on both cPanel/WHM full and cPanel DNSONLY.

Can I use multiple cPanel servers?

Yes. Starting with v2016060601 of our integration plug-in, you can point multiple cPanel servers to the same BuddyNS accounts, which serves all their zones collectively.

You can also run "mixed" BuddyNS accounts with some zones being controlled by cPanel/WHM servers, and some controlled manually.

Can I select which zones to handle with cPanel?

You can tell your cPanel integration plug-in to exclude some zones from synchronization. These zones will be not removed if only found at BuddyNS, and not be added if only found on cPanel.

See Selecting which zones to synchronize for more details.