infoTECH Feature

August 29, 2016

Modern Choices for Overcoming DNS Challenges

By Special Guest
Nate Lindstrom, VP of Solutions Engineering, NS1

Back in the day, families had one TV in their homes. There were only a handful of channels to choose from. Entertainment was simple and easy, and that one set was the hub for the whole family. Today, the average U.S. household has 2.8 TVs, with potentially hundreds of channels via satellite, cable and online sources.

This scenario provides an interesting parallel to how Domain Name Service (DNS) providers used to run their service. One data center was all they needed, and they would put their DNS servers inside it without concern, since a DNS server wasn’t of any use if the whole data center went down.

Just as TV options have changed, so have those for DNS. Enterprises now run multiple data centers, sometimes in multiple countries, not to mention cloud regions and highly distributed networks. Consequently, your DNS needs to be just as highly distributed as your content. After all, what good is a Disaster Recovery site if you have no way to direct your users to it?

What enterprises need today are highly resilient networks with multiple anycast groups and hundreds of servers spread out around the world. That is what top-notch DNS providers today offer. However, the hard reality is that impairments, outages and massive Distributed Denial of Service (DDoS) attacks can and do happen. To truly bulletproof your distributed infrastructure against an issue where your users cannot resolve your domain, you might very well consider hosting your DNS records with two providers.

Just like the differences between satellite and cable TV, details make the difference when choosing a DNS solution. Prior to today’s next-generation DNS solutions, you basically had three choices. First, you could run one DNS provider as primary and the second as the replicated slave. Second, you could run two DNS providers, both as primary, and (carefully) make your record changes in each. Third, you could run two DNS providers, both as primary, and code your own middleware application that is capable of understanding a requested DNS change and pushing that change to each provider’s unique API.

Option one leaves you without the RUM-based telemetry, traffic management features and powerful geographic routing that some top-tier providers offer. The use of the zone transfer (XFR) technology condemns you to using only the most basic, plain-vanilla DNS records.

Option two leaves plenty of room for human error. If you don’t painstakingly keep two different providers in perfect sync, you will end up with traffic routing problems that are shockingly difficult to troubleshoot.

Option three requires you to expend substantial time and resources to write your own DNS management software, with in-depth integration with each of your DNS providers. You lose all the advantages of your providers’ portals and dashboards and will have to roll your own interpretation layer to keep one provider’s advanced features in approximate synchronization with the next provider’s.

The good news is that next-generation DNS solutions have arrived. Dedicated DNS solutions today allow you to place real or virtual servers anywhere you want them: in your office, in your data centers, inside your DMZs, behind your firewalls – literally anywhere that makes sense for your infrastructure.  You can then install a DNS software stack on them and turn them into fully managed DNS delivery nodes that are dedicated to you. Through the same portal and API as you use right now to manage your DNS on a managed DNS anycasted world-wide platform, you can choose which domains you want to also serve from your dedicated DNS nodes.

The end product gives you all the resiliency of two DNS providers with the ease of management through a single portal and API.  All your advanced traffic management and intelligent Filter Chain configurations work exactly the same, too.  And if something were to happen to any part of the managed DNS infrastructure, your dedicated DNS nodes would be unaffected and would continue to happily serve DNS. Once they re-established contact with the “mothership,” they would push their queued query statistics upstream and apply any pending record changes.

Dedicated DNS nodes serve several important purposes. In addition to being authoritative DNS servers, they also support recursion, so you can point all your DNS clients (laptops, servers, EC2 instances, etc.) at them. This results in all your DNS needs being met and queries directed at your own domains and records being resolved in single-digit millisecond time. You can also leverage advanced Filter Chain capabilities to intelligently direct traffic within your own data centers and achieve greater performance, failover and resiliency between server or application tiers.

The days of the single-TV family are over, as are the days of the single-data center enterprise. However, the complexity of running two DNS providers is difficult and potentially disastrous. Today, enterprises can lessen the likelihood of disaster and minimize headaches by joining managed DNS with dedicated DNS solutions, offering the best of both worlds.

About the author:

Nate Lindstrom is the VP of Solutions Engineering for NS1, an intelligent DNS and traffic management platform with a data driven architecture purpose-built for the most demanding, mission-critical applications on the Internet. He has significant experience building, operating and securing cloud environments, and has put his expertise to work at companies including Yahoo! and Salesforce.  As an evangelist, public speaker and consultant he enjoys helping companies get the most bang for their buck with AWS and other cloud computing solutions.




Edited by Alicia Young
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers