Feeds

OpenDNS taunts Google with real-time directory

Quick fix for missing Swedish dot

Internet Security Threat Report 2014

In mid-October, Sweden's net authorities managed to boot the entire country from the interwebs when a routine maintenance script accidentally removed a rather important dot from its top level domain. The period was reinstated in less than an hour, but address problems persisted for who knows how long, thanks to cached DNS records at ISPs across the globe.

Clearly, the existing Domain Name System doesn't work quite as well as it should. But two familiar DNS outfits hope to change that, unveiling a new service that seeks to minimize the fallout from outages like the one that erased Sweden. Working in tandem with OpenDNS, Neustar has built what it calls the Real-time DNS Directory, designed to rapidly update service provider caches when corrections are made to DNS records.

In essence, the Directory bypasses the "time to live" (TTL) cache settings that can slow the distribution of corrections to ISPs and other "recursive" DNS providers along the lines of OpenDNS. The TTL tells the provider how long to use cache records before going across the net for fresh info. Domains typically set long TTLs, because it decreases the latency that ensues when you go looking for an update - not to mention the likelihood of a network snafu. But it also means that bad data can linger for much longer.

"There's a constant battle that one has with TTLs," Rodney Joffe, senior vice president and chief technologist at Neustar, tells The Reg. "Domains are constantly trying to make the TTL as long as possible so there's not the need to keep looking data up... But if an IP address is changed, it doesn't get updated soon enough."

When corrections occur, Neustar's Real-time DNS Directory is designed to update a service provider's records as soon as possible. If Sweden replaces a period, the period will reappear at the provider in, well, something approaching real-time.

"If a [DNS] change gets made, resolvers can effectively override TTLs," Joffe says. "It is a fundamental change in the way the traditional DNS works."

Of course, domains must feed the Directory, and recursive providers must use it. Neustar - an authoritative DNS provider - maintains the Directory, while OpenDNS is the first recursive provider to make real live use of it. OpenDNS founder David Ulevitch tells The Reg it's been in place for "about a month," but the service wasn't publicly announced until today.

"Whenever one of their customers makes a change, regardless of what the time live is for the record, they will automatically give us a notification to go re-fetch the authoritative record, which means our caches will be up to date," Ulevitch says.

Last week, as part of its plan to run its own internet, Google unveiled a free recursive service that competes directly with OpenDNS. Ulevitch wasn't shy about questioning Google's motives, and he was quick to point out that unlike Google, his service offers a kind of online dashboard that lets you control access to sites.

Naturally, he's now touting the Real-Time DNS Directory as another way that OpenDNS trumps the Mountain View Chocolate Factory. "We can now say declaratively that our caches are more up-to-date than Google's," he boasts. Won't Google follow suit? Ulevitch doesn't think so. "Google rarely - if ever - adopts things that are out in the open like this."

Asked if Google was in talks with Neustar about the Directory, Joffe declined to comment. ®

Internet Security Threat Report 2014

More from The Register

next story
YOU are the threat: True confessions of real-life sysadmins
Who will save the systems from the men and women who save the systems from you?
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Virgin Media struck dumb by NATIONWIDE packet loss balls-up
Turning it off and on again fixes glitch 12 HOURS LATER
Ofcom snatches 700MHz off digital telly, hands it to mobile data providers
Hungry mobe'n'slab-waving Blighty swallows spectrum
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.