Feeds

Q: Why pay for DNS?

A: It's cheaper than having your data nicked

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Sysadmin blog How many people would pay for DNS? If you had asked this question during the late nineties, the answer would have been a very small number indeed. DNS is free; anyone can download a copy of BIND and set up a DNS server. Today, however, millions of companies pay good money for DNS hosting.

When I spoke to Rodney Joffe at UltraDNS, I asked him why. "The only time we matter in DNS is when there is a catastrophic failure,” he says.

For the average company, the main benefits of hosting your DNS with an outfit like UltraDNS are reliability and speed. These benefits derive in part from scale, but also from the use of technologies not available in the mainstream DNS servers, such as the ability to deliver different authoritative DNS answers to queries based on routing information such as ASPATH and ASORIGIN. Depending on the routing information available for your request, a visit to a site like Amazon.com will send you to a different geographical server than the same request from an individual on the other side of the world.

But beyond speed and reliability there is security. Very few people specialise in DNS. Even Fortune 500 companies are unlikely to have staff with a truly in-depth understanding of DNS - but recent developments make these skills essential.

Cache poisoning attacks have caused UltraDNS to move towards bringing intelligence to supplying recursive DNS. Neustar, UltraDNS’ parent company, has also recently brought out DDI (DNS, DHCP and IPAM) capabilities to track the use of corporate address space. Neustar also recently bought Webmetrics.

On April 18, 2010, a Chinese ISP leaked more than 10 per cent of the world’s routes onto the internet. For 17 minutes, all traffic to and from thousands of networks - including several important domains - was routed through China. Ask the CTOs of Fortune 500 companies if having all their data routed through China without their knowledge bothers them.

Joffe’s response: the attackers showed how trivial it was to announce a route, redirect traffic, and “have all of our expensive systems feel everything is okay.” When we move applications to the cloud, the problem gets worse. “What you really lose is visibility of what is happening to your information. In some small region of Europe, there will be some DNS cache poisoning that will siphon out 200 of your customers and clean out their accounts. Then another 200 and so on. All the while your IDS and IPS systems would think nothing is wrong.”

The problem is to know that you have a problem, which is why UltraDNS is building the ability to monitor this sort of thing globally. UltraDNS now has infrastructure with sensors that feeding data back to try to prevent localised attacks. Parent Neustar is responsible for ensuring that carrier class infrastructure and services like North American Numbering Plan actually function.

This is why DNS isn’t just another service that the IT department takes care of. It is now a part of critical infrastructure. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Linux? Bah! Red Hat has its eye on the CLOUD – and it wants to own it
CEO says it will be 'undisputed leader' in enterprise cloud tech
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Hey, what's a STORAGE company doing working on Internet-of-Cars?
Boo - it's not a terabyte car, it's just predictive maintenance and that
Troll hunter Rackspace turns Rotatable's bizarro patent to stone
News of the Weird: Screen-rotating technology declared unpatentable
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.