Feeds

Q: Why pay for DNS?

A: It's cheaper than having your data nicked

  • alert
  • submit to reddit

Top three mobile application threats

Sysadmin blog How many people would pay for DNS? If you had asked this question during the late nineties, the answer would have been a very small number indeed. DNS is free; anyone can download a copy of BIND and set up a DNS server. Today, however, millions of companies pay good money for DNS hosting.

When I spoke to Rodney Joffe at UltraDNS, I asked him why. "The only time we matter in DNS is when there is a catastrophic failure,” he says.

For the average company, the main benefits of hosting your DNS with an outfit like UltraDNS are reliability and speed. These benefits derive in part from scale, but also from the use of technologies not available in the mainstream DNS servers, such as the ability to deliver different authoritative DNS answers to queries based on routing information such as ASPATH and ASORIGIN. Depending on the routing information available for your request, a visit to a site like Amazon.com will send you to a different geographical server than the same request from an individual on the other side of the world.

But beyond speed and reliability there is security. Very few people specialise in DNS. Even Fortune 500 companies are unlikely to have staff with a truly in-depth understanding of DNS - but recent developments make these skills essential.

Cache poisoning attacks have caused UltraDNS to move towards bringing intelligence to supplying recursive DNS. Neustar, UltraDNS’ parent company, has also recently brought out DDI (DNS, DHCP and IPAM) capabilities to track the use of corporate address space. Neustar also recently bought Webmetrics.

On April 18, 2010, a Chinese ISP leaked more than 10 per cent of the world’s routes onto the internet. For 17 minutes, all traffic to and from thousands of networks - including several important domains - was routed through China. Ask the CTOs of Fortune 500 companies if having all their data routed through China without their knowledge bothers them.

Joffe’s response: the attackers showed how trivial it was to announce a route, redirect traffic, and “have all of our expensive systems feel everything is okay.” When we move applications to the cloud, the problem gets worse. “What you really lose is visibility of what is happening to your information. In some small region of Europe, there will be some DNS cache poisoning that will siphon out 200 of your customers and clean out their accounts. Then another 200 and so on. All the while your IDS and IPS systems would think nothing is wrong.”

The problem is to know that you have a problem, which is why UltraDNS is building the ability to monitor this sort of thing globally. UltraDNS now has infrastructure with sensors that feeding data back to try to prevent localised attacks. Parent Neustar is responsible for ensuring that carrier class infrastructure and services like North American Numbering Plan actually function.

This is why DNS isn’t just another service that the IT department takes care of. It is now a part of critical infrastructure. ®

High performance access to file storage

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.