The Domain Name System (DNS) is one of the cornerstones of the Internet today. It is, in effect, the “phone book of the Internet.”
However, despite its critical role, it’s also the least appreciated aspect of delivering an online user experience, and the most overlooked chink in an IT enterprise’s armour.
Its importance can’t be understated. It’s actually the first step in how we connect to online brands because it’s the Internet infrastructure that translates human-readable domain names to routable Internet protocol (IP) addresses. This means that without DNS, there is no digital experience.
DNS services are assigned by an Internet service provider (ISP), meaning they may not always be the best choice available to a technology company. Slower DNS servers can actually create lag before websites start to load. In worst case scenarios, the Internet can’t function because, if the DNS record of a website is unavailable, then the service is unreachable to users. Also, critically, ISPs may lack sufficient encryption mechanisms, leaving DNS query traffic vulnerable to attack.
- We've also highlighted the best free and public DNS servers
Two years on from Dyn
Many reputable third parties, including Google, offer DNS services and these third parties really matter because, just two years ago, Amazon, Comcast, Twitter and Netflix were effectively taken off the Internet for multiple hours by a distributed denial of service (DDoS) attack because they all relied on a single DNS provider – Dyn, in their case.
This DDoS attack saw a network of computers infected with special malware, known as a “botnet”, which coordinated into bombarding the provider with Internet traffic until it collapsed under the strain and meant that large swathes of users in Europe and North America couldn’t access major internet platforms and services.
Can it happen again?
According to the 2018 ThousandEyes Global DNS Performance Report (opens in new tab), 72% of companies on the Financial Times Stock Exchange (FTSE) 100 are still at risk, as well as 68% of the top 50 companies in the Fortune 500. Two years after the Dyn DDoS attack, you’d think technology companies would have learned their lesson, but apparently not so.
As shown by this research, many of the biggest companies on the planet, who also happen to be some of the digitally mature organisations in the world – as well as 44% of the top 25 software as a service (SaaS) providers – don’t have a fallback DNS server option. That means that a single outage or DDoS attack could completely take their businesses off the Internet.
The need for awareness of DNS has grown as more businesses than ever rely on digital experiences in their revenue generation. According to Gartner, CIOs report that 37% of their revenues (opens in new tab) will have a digital footprint by 2020. If DNS is the first step in every digital experience, then not getting that step right can be incredibly costly.
Diversifying your DNS
As for the lack of enterprise DNS resiliency, consider this analogy. Most IT professionals would never consider building a data center without backup power or redundant telecom or Internet connections. Further, most know that redundant connectivity isn’t truly redundant unless there is a diversity of physical cable routes and facilities.
Despite this, too many are just using a single DNS service. If that DNS “power” gets cut, it doesn’t matter how much you spend on your content delivery network (CDN) or your regional cloud hosting, your brand will be offline and you’ll be scrambling.
DNS is still a bit of a “dark art” that many IT practitioners and leaders pay little attention to, not understanding that its performance and security can significantly impact digital experience.
In many cases, it’s simply a lack of awareness of best practice. Companies often think that they’re resilient because they have more that one nameserver, when in fact they are not.
What must be understood about the DNS is that technology firms can take control of this part of the IT infrastructure. Third parties who offer DNS services, often have superior speed and security. True DNS resilience means that your authoritative DNS records are served from diverse networks, facilities and routed prefixes. It’s certainly possible to do this on your own. Not only this, it’s typically easier (and less costly) to outsource your authoritative DNS to one or more third-party service.
Being unprepared is no longer an option.
Angelique Medina, Senior Product Marketing Manager at ThousandEyes (opens in new tab)