WordPress Site Management At Scale: Part 1 – The DNS Silo

By 20th July 2017 April 21st, 2020 Shield Security

You manage WordPress websites. Perhaps just 1 or 2; perhaps 1 or 200.

Regardless of how many you control, certain principles remain at the heart of a well-oiled site management machine.

Sure, iControlWP can play a great role in this machine, but some things are simply beyond its scope.

We’ll outline 1 fundamental principle that forms the basis for everything we do here at iControlWP. You’ll see it in Shield Security, iControlWP, and all our future services…

Let’s kick off with…

… Silos – Functional Separation and Isolation

You’ll have heard of silos in farming – if it helps to picture these as an illustration of where we’re going. We’re talking about the isolation of certain processes from others to increase reliability, security, scalability, and recover-ability.

Let’s start with web hosting. Circa.. 1998, as web hosting was starting to kick off, folk like us and yourselves were getting into website hosting. It was a wonderful time. A simpler time.

Unfortunately, as humans, we take a long time to let some things go. One of these is web hosting, and our legacy approach to it.

Many of us still hold on to 2 ideas that hold us back, because we just can’t see the harm (yet):

  1. Web hosting should do everything, or at the least, most things.
  2. Web hosting should be as cheap as we can make it.

I’m going to address #1 and leave an-already-flogged horse well alone in #2.

Back in the day our web hosting used to be all these things:

  • DNS server
  • email server
  • web + webmail server
  • MySQL/<insert DB> server
  • file server and storage
  • directory/contacts server
  • ‘whatever else we can squeeze on there’ server

It would seem that not much else has changed for many people. Is this a problem?  Yes it is.

The more server/services you have running in the same place, the more susceptible you are to all manner of issues. This includes security, but is by no means limited to that.

It creates a massive Single Point of Failure. If any one of these services crash, the rest of the services are directly or indirectly impacted.

For example, if you have to repair or restore from a backup, how easy is it to achieve and how granular can you be in the restoration? If you restore certain facilities and you need to reboot your server, all services are impacted at one stage or another.

The more services you have running in the one place, the more likely that something will go wrong in that place.

So the solution, in broad terms, is to separate and isolate your different services wherever possible.

Of course, there is the question of costs in terms of money, time, and expertise. But there are some quick wins to be had at very little cost – the biggest cost will be your time.

Any time invested at this stage will, however, be paid back to you in buckets further down the line.

The #1 Most Important Silo: DNS

If you create only 1 silo in your organisation, it ought to be DNS.

DNS is core and critical to every service you operate.  If DNS is offline, then you are offline.  Your email, website, FTP… the whole lot.

A couple of things to think about:

  • All requests for all web services on a domain lookup your DNS first. Absolutely everything goes to DNS first.
  • You want your website to be super-uber fast so you optimize everything on the page. What about the very first request that visitors must make to access your site?
    The 1st request is always DNS. Your site loading speed will only ever be as fast as your DNS resolution. If you’re relying on your web hosting server to answer DNS queries, how fast do you think your site can ever be?
  • If your web server is hosting your DNS and your email is hosted elsewhere, you probably think you’re doing great. To be fair, this is a great setup. But if your web + DNS server goes offline, then your email is offline too. DNS resolution is critical to email delivery. What will happen to your client’s incoming emails when the website is offline?
  • (D)DoS attacks are often pitted against DNS. If in the unlikely event somebody wants to bring down your DNS… how many resources does your server have on-hand to withstand that?
  • What about IPv6 – are you setup to handle this appropriately? Do you know how to set this up if necessary?

DNS is the key stone to the proper running of a domain. Whether it’s servicing email or web, or whatever else you have running.

We understand DNS, we know how to set it up, configure it, debug it etc., but that doesn’t mean we want to manage it. So if you also don’t want to manage it, what do your options look like?

Some DNS Hosting Options For Your First Silo

The most important thing to realise is this: get DNS hosting off your web server.

Start today with 1 domain. Do another one each day/week. Start with your least critical domains, so you can flesh out a reliable process as you get more comfortable with it.

First you must chose a DNS service provider.  A quick Google search for ‘dns hosting service’ will yield many results. Some are free, free tier, and/or paid.

One thing you can consider is your domain registrar. Often these domain registrars will supply a DNS service for you, and most people move away from this and setup their own custom name servers.

There are probably a few reasons for this, but likely they’ve built up a reputation for unreliability in the past. The only way to know is to test it. Try it with a few domains and see how it works.

Our preferred choice: cloudflare.com

If you haven’t tried CloudFlare you may have a few objections:

  • It’s not free!
    It IS free.
  • I don’t want their website caching
    You don’t have to use any of their services if you don’t want to. You can turn off all CloudFlare services on your domains with them but retain DNS hosting
  • They’ll slow my site because they sit between my visitors and my servers
    As with the previous objection, if you believe they will slow your site, you can turn off all services
  • I don’t like CloudFlare
    For all we know they may not like you either. But your feelings don’t negate the fact that CloudFlare consistently provides the fastest DNS in the world. You don’t have to marry them, just get them to host your DNS.

Recap – Why Silo?

You can use iControlWP to help you manage your sites better. This saves you time you’d spend on repetitive tasks – it scales.

But you need to scale the rest of your infrastructure. Sure you may have a handle on it for the moment, but as you grow, you want to mitigate for potential disasters further down the road. As you know, disaster have an uncanny ability to strike when you are least capable to handle it. (that’s partly why they’re called disasters).

Our goal is to reduce the time you spend on repetitive tasks and fire fighting/disaster recovery is just one of these. By separating your services into independent units, especially core functions like DNS, you reduce your risk to disaster later on and improve your overall performance.

Conclusion and next steps

If you haven’t done so already, it’s time to start thinking about Silos – functionality independent services and provisions for critical services associated with your domains.

Of course, changing these is a big job, but it’s a wonderful investment in your future.

Next step: start building your DNS silo.  Free time and peace of mind await you on the other side.

iControlWP provides a platform for optimising and reducing the time you spend on WordPress management. But it can’t do all things for you. Silos and separation of responsibility is just one part of the complete picture that makes up scalable site management.

Comments?  You know the drill – hit me up below.

Join the discussion 7 Comments

Leave a Reply

x Logo: ShieldPRO
This Site Is Protected By