Global Network – Security Practices

PTRDNS operates a network of authoritative nameservers hosted on separate networks and geographically disperse locations to mitigate the consequences of natural disasters and connectivity issues.

All nameservers are reachable on IPv4 and IPv6, and are DDoS-protected. The current locations are:

NameserverLocationNetwork Provider
tempoAshburn (VA, US)Hetzner
nylonSpokane (WA, US)Crunchbits
danubeAmsterdam (NL)Hybula
sharpSydney (AU)FlowVPS

The nameservers are delegated on 3 different domains, which are registered at 3 separate registrars. Customers can use any combination of ns.ptrdns.net/org/eu for their own zones.

PTRDNS supports inbound and outbound AXFR to improve redundancy and resiliency. Securing zone transfers with TSIG keys is strongly recommended, rather than authorizing IP addresses.

PTRDNS operates also a staging cluster for testing of security and software updates.

Security

All servers run a recent version of the Linux operating system. Security updates are applied weekly, with a rolling update strategy executed on the staging cluster and then on the production cluster. The maintenance window is scheduled every Friday between 1630 and 1730 UTC.

Critical security updates are applied on the staging cluster within 24 hours from the moment the packages are made available, and then within a further 24 hours on the production cluster.

Monitoring

Services are continuously monitored for availability and performance. Our status page records outages and incidents, and provides a snapshot of the most recent performance data.

PTRDNS does not commit to a specific availability metric at this time, but strives to achieve at least 99.5% on a monthly basis.