[sgjohnson]

> Will for example, 1.1.1.1 still resolve my domain correctly, even if my providers nameserver is down for an hour?

1.1.1.1 is virtually impossible to DDoS, because it’s anycasted in _a lot_ of places, and Cloudflare has the capacity to mitigate the largest of DDoS attacks.

> - Is it a good idea to setup my own nameserver which basically just "copies" the entries from my current provider and specify it (wherever that may be). By doing this I won't have to maintain 2 different NS, only the one from the provider since the 'secondary' will simply be a copy of the primary?

This would be a caching NS. It's not a bad idea, especially if it can automatically forward to a different service provided one is down, but you might as well just use 1.1.1.1. I've never seen 1.1.1.1 down.

[sybercecurity]

I've seen some do this "stealth secondary" architecture before and it's helpful for local zones. Sometimes they make the local recursive resolver be a secondary of the local zone, but don't include the recursive resolver in the NS set of the zone. That way the recursive resolver has a full copy of local zones for responses and doesn't have to ask an authoritative server (technically it is one, but only known to hosts that use it as their local recursive resolver). This only works if you don't use public resolvers.

[leo8]

Actually this is a much better idea than hosting my own namserver.

[sgjohnson]

Yes. The most important thing here is that 1.1.1.1 is announced in seriously a lot of places. I just went to Hurricane Electric's looking glass, several times picked 3 routers at random and put in 1.1.1.1 as the destination. All of them returned it as the 2nd hop, meaning it's most likely announced in the same exact datacenter as where HEs router is located.

That gives you all the redundancy you'll ever need. Of course, you need to rely on Cloudflare to not mess it up. But you're not going to do better than CF.