Feeds

OpenDNS taunts Google with real-time directory

Quick fix for missing Swedish dot

SANS - Survey on application security programs

In mid-October, Sweden's net authorities managed to boot the entire country from the interwebs when a routine maintenance script accidentally removed a rather important dot from its top level domain. The period was reinstated in less than an hour, but address problems persisted for who knows how long, thanks to cached DNS records at ISPs across the globe.

Clearly, the existing Domain Name System doesn't work quite as well as it should. But two familiar DNS outfits hope to change that, unveiling a new service that seeks to minimize the fallout from outages like the one that erased Sweden. Working in tandem with OpenDNS, Neustar has built what it calls the Real-time DNS Directory, designed to rapidly update service provider caches when corrections are made to DNS records.

In essence, the Directory bypasses the "time to live" (TTL) cache settings that can slow the distribution of corrections to ISPs and other "recursive" DNS providers along the lines of OpenDNS. The TTL tells the provider how long to use cache records before going across the net for fresh info. Domains typically set long TTLs, because it decreases the latency that ensues when you go looking for an update - not to mention the likelihood of a network snafu. But it also means that bad data can linger for much longer.

"There's a constant battle that one has with TTLs," Rodney Joffe, senior vice president and chief technologist at Neustar, tells The Reg. "Domains are constantly trying to make the TTL as long as possible so there's not the need to keep looking data up... But if an IP address is changed, it doesn't get updated soon enough."

When corrections occur, Neustar's Real-time DNS Directory is designed to update a service provider's records as soon as possible. If Sweden replaces a period, the period will reappear at the provider in, well, something approaching real-time.

"If a [DNS] change gets made, resolvers can effectively override TTLs," Joffe says. "It is a fundamental change in the way the traditional DNS works."

Of course, domains must feed the Directory, and recursive providers must use it. Neustar - an authoritative DNS provider - maintains the Directory, while OpenDNS is the first recursive provider to make real live use of it. OpenDNS founder David Ulevitch tells The Reg it's been in place for "about a month," but the service wasn't publicly announced until today.

"Whenever one of their customers makes a change, regardless of what the time live is for the record, they will automatically give us a notification to go re-fetch the authoritative record, which means our caches will be up to date," Ulevitch says.

Last week, as part of its plan to run its own internet, Google unveiled a free recursive service that competes directly with OpenDNS. Ulevitch wasn't shy about questioning Google's motives, and he was quick to point out that unlike Google, his service offers a kind of online dashboard that lets you control access to sites.

Naturally, he's now touting the Real-Time DNS Directory as another way that OpenDNS trumps the Mountain View Chocolate Factory. "We can now say declaratively that our caches are more up-to-date than Google's," he boasts. Won't Google follow suit? Ulevitch doesn't think so. "Google rarely - if ever - adopts things that are out in the open like this."

Asked if Google was in talks with Neustar about the Directory, Joffe declined to comment. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.