Feeds

Q: Why pay for DNS?

A: It's cheaper than having your data nicked

  • alert
  • submit to reddit

Application security programs and practises

Sysadmin blog How many people would pay for DNS? If you had asked this question during the late nineties, the answer would have been a very small number indeed. DNS is free; anyone can download a copy of BIND and set up a DNS server. Today, however, millions of companies pay good money for DNS hosting.

When I spoke to Rodney Joffe at UltraDNS, I asked him why. "The only time we matter in DNS is when there is a catastrophic failure,” he says.

For the average company, the main benefits of hosting your DNS with an outfit like UltraDNS are reliability and speed. These benefits derive in part from scale, but also from the use of technologies not available in the mainstream DNS servers, such as the ability to deliver different authoritative DNS answers to queries based on routing information such as ASPATH and ASORIGIN. Depending on the routing information available for your request, a visit to a site like Amazon.com will send you to a different geographical server than the same request from an individual on the other side of the world.

But beyond speed and reliability there is security. Very few people specialise in DNS. Even Fortune 500 companies are unlikely to have staff with a truly in-depth understanding of DNS - but recent developments make these skills essential.

Cache poisoning attacks have caused UltraDNS to move towards bringing intelligence to supplying recursive DNS. Neustar, UltraDNS’ parent company, has also recently brought out DDI (DNS, DHCP and IPAM) capabilities to track the use of corporate address space. Neustar also recently bought Webmetrics.

On April 18, 2010, a Chinese ISP leaked more than 10 per cent of the world’s routes onto the internet. For 17 minutes, all traffic to and from thousands of networks - including several important domains - was routed through China. Ask the CTOs of Fortune 500 companies if having all their data routed through China without their knowledge bothers them.

Joffe’s response: the attackers showed how trivial it was to announce a route, redirect traffic, and “have all of our expensive systems feel everything is okay.” When we move applications to the cloud, the problem gets worse. “What you really lose is visibility of what is happening to your information. In some small region of Europe, there will be some DNS cache poisoning that will siphon out 200 of your customers and clean out their accounts. Then another 200 and so on. All the while your IDS and IPS systems would think nothing is wrong.”

The problem is to know that you have a problem, which is why UltraDNS is building the ability to monitor this sort of thing globally. UltraDNS now has infrastructure with sensors that feeding data back to try to prevent localised attacks. Parent Neustar is responsible for ensuring that carrier class infrastructure and services like North American Numbering Plan actually function.

This is why DNS isn’t just another service that the IT department takes care of. It is now a part of critical infrastructure. ®

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Attack of the clones: Oracle's latest Red Hat Linux lookalike arrives
Oracle's Linux boss says Larry's Linux isn't just for Oracle apps anymore
THUD! WD plonks down SIX TERABYTE 'consumer NAS' fatboy
Now that's a LOT of porn or pirated movies. Or, you know, other consumer stuff
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.