Feeds

Q: Why pay for DNS?

A: It's cheaper than having your data nicked

  • alert
  • submit to reddit

Protecting against web application threats using SSL

Sysadmin blog How many people would pay for DNS? If you had asked this question during the late nineties, the answer would have been a very small number indeed. DNS is free; anyone can download a copy of BIND and set up a DNS server. Today, however, millions of companies pay good money for DNS hosting.

When I spoke to Rodney Joffe at UltraDNS, I asked him why. "The only time we matter in DNS is when there is a catastrophic failure,” he says.

For the average company, the main benefits of hosting your DNS with an outfit like UltraDNS are reliability and speed. These benefits derive in part from scale, but also from the use of technologies not available in the mainstream DNS servers, such as the ability to deliver different authoritative DNS answers to queries based on routing information such as ASPATH and ASORIGIN. Depending on the routing information available for your request, a visit to a site like Amazon.com will send you to a different geographical server than the same request from an individual on the other side of the world.

But beyond speed and reliability there is security. Very few people specialise in DNS. Even Fortune 500 companies are unlikely to have staff with a truly in-depth understanding of DNS - but recent developments make these skills essential.

Cache poisoning attacks have caused UltraDNS to move towards bringing intelligence to supplying recursive DNS. Neustar, UltraDNS’ parent company, has also recently brought out DDI (DNS, DHCP and IPAM) capabilities to track the use of corporate address space. Neustar also recently bought Webmetrics.

On April 18, 2010, a Chinese ISP leaked more than 10 per cent of the world’s routes onto the internet. For 17 minutes, all traffic to and from thousands of networks - including several important domains - was routed through China. Ask the CTOs of Fortune 500 companies if having all their data routed through China without their knowledge bothers them.

Joffe’s response: the attackers showed how trivial it was to announce a route, redirect traffic, and “have all of our expensive systems feel everything is okay.” When we move applications to the cloud, the problem gets worse. “What you really lose is visibility of what is happening to your information. In some small region of Europe, there will be some DNS cache poisoning that will siphon out 200 of your customers and clean out their accounts. Then another 200 and so on. All the while your IDS and IPS systems would think nothing is wrong.”

The problem is to know that you have a problem, which is why UltraDNS is building the ability to monitor this sort of thing globally. UltraDNS now has infrastructure with sensors that feeding data back to try to prevent localised attacks. Parent Neustar is responsible for ensuring that carrier class infrastructure and services like North American Numbering Plan actually function.

This is why DNS isn’t just another service that the IT department takes care of. It is now a part of critical infrastructure. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Wanna keep your data for 1,000 YEARS? No? Hard luck, HDS wants you to anyway
Combine Blu-ray and M-DISC and you get this monster
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
US boffins demo 'twisted radio' mux
OAM takes wireless signals to 32 Gbps
Apple flops out 2FA for iCloud in bid to stop future nude selfie leaks
Millions of 4chan users howl with laughter as Cupertino slams stable door
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Students playing with impressive racks? Yes, it's cluster comp time
The most comprehensive coverage the world has ever seen. Ever
Run little spreadsheet, run! IBM's Watson is coming to gobble you up
Big Blue's big super's big appetite for big data in big clouds for big analytics
Seagate's triple-headed Cerberus could SAVE the DISK WORLD
... and possibly bring us even more HAMR time. Yay!
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.