Customer Success Testimonial: Recovery is Everything

In mid-October, Sweden's net authorities managed to boot the entire country from the interwebs when a routine maintenance script accidentally removed a rather important dot from its top level domain. The period was reinstated in less than an hour, but address problems persisted for who knows how long, thanks to cached DNS records at ISPs across the globe.

Clearly, the existing Domain Name System doesn't work quite as well as it should. But two familiar DNS outfits hope to change that, unveiling a new service that seeks to minimize the fallout from outages like the one that erased Sweden. Working in tandem with OpenDNS, Neustar has built what it calls the Real-time DNS Directory, designed to rapidly update service provider caches when corrections are made to DNS records.

"There's a constant battle that one has with TTLs," Rodney Joffe, senior vice president and chief technologist at Neustar, tells The Reg. "Domains are constantly trying to make the TTL as long as possible so there's not the need to keep looking data up... But if an IP address is changed, it doesn't get updated soon enough."

When corrections occur, Neustar's Real-time DNS Directory is designed to update a service provider's records as soon as possible. If Sweden replaces a period, the period will reappear at the provider in, well, something approaching real-time.

"If a [DNS] change gets made, resolvers can effectively override TTLs," Joffe says. "It is a fundamental change in the way the traditional DNS works."

Of course, domains must feed the Directory, and recursive providers must use it. Neustar - an authoritative DNS provider - maintains the Directory, while OpenDNS is the first recursive provider to make real live use of it. OpenDNS founder David Ulevitch tells The Reg it's been in place for "about a month," but the service wasn't publicly announced until today.

"Whenever one of their customers makes a change, regardless of what the time live is for the record, they will automatically give us a notification to go re-fetch the authoritative record, which means our caches will be up to date," Ulevitch says.

Last week, as part of its plan to run its own internet, Google unveiled a free recursive service that competes directly with OpenDNS. Ulevitch wasn't shy about questioning Google's motives, and he was quick to point out that unlike Google, his service offers a kind of online dashboard that lets you control access to sites.

Naturally, he's now touting the Real-Time DNS Directory as another way that OpenDNS trumps the Mountain View Chocolate Factory. "We can now say declaratively that our caches are more up-to-date than Google's," he boasts. Won't Google follow suit? Ulevitch doesn't think so. "Google rarely - if ever - adopts things that are out in the open like this."

Asked if Google was in talks with Neustar about the Directory, Joffe declined to comment. ®

Ensure Ease of Recovery with Asigra’s Agentless Software