Feeds

Q: Why pay for DNS?

A: It's cheaper than having your data nicked

  • alert
  • submit to reddit

7 Elements of Radically Simple OS Migration

Sysadmin blog How many people would pay for DNS? If you had asked this question during the late nineties, the answer would have been a very small number indeed. DNS is free; anyone can download a copy of BIND and set up a DNS server. Today, however, millions of companies pay good money for DNS hosting.

When I spoke to Rodney Joffe at UltraDNS, I asked him why. "The only time we matter in DNS is when there is a catastrophic failure,” he says.

For the average company, the main benefits of hosting your DNS with an outfit like UltraDNS are reliability and speed. These benefits derive in part from scale, but also from the use of technologies not available in the mainstream DNS servers, such as the ability to deliver different authoritative DNS answers to queries based on routing information such as ASPATH and ASORIGIN. Depending on the routing information available for your request, a visit to a site like Amazon.com will send you to a different geographical server than the same request from an individual on the other side of the world.

But beyond speed and reliability there is security. Very few people specialise in DNS. Even Fortune 500 companies are unlikely to have staff with a truly in-depth understanding of DNS - but recent developments make these skills essential.

Cache poisoning attacks have caused UltraDNS to move towards bringing intelligence to supplying recursive DNS. Neustar, UltraDNS’ parent company, has also recently brought out DDI (DNS, DHCP and IPAM) capabilities to track the use of corporate address space. Neustar also recently bought Webmetrics.

On April 18, 2010, a Chinese ISP leaked more than 10 per cent of the world’s routes onto the internet. For 17 minutes, all traffic to and from thousands of networks - including several important domains - was routed through China. Ask the CTOs of Fortune 500 companies if having all their data routed through China without their knowledge bothers them.

Joffe’s response: the attackers showed how trivial it was to announce a route, redirect traffic, and “have all of our expensive systems feel everything is okay.” When we move applications to the cloud, the problem gets worse. “What you really lose is visibility of what is happening to your information. In some small region of Europe, there will be some DNS cache poisoning that will siphon out 200 of your customers and clean out their accounts. Then another 200 and so on. All the while your IDS and IPS systems would think nothing is wrong.”

The problem is to know that you have a problem, which is why UltraDNS is building the ability to monitor this sort of thing globally. UltraDNS now has infrastructure with sensors that feeding data back to try to prevent localised attacks. Parent Neustar is responsible for ensuring that carrier class infrastructure and services like North American Numbering Plan actually function.

This is why DNS isn’t just another service that the IT department takes care of. It is now a part of critical infrastructure. ®

Best practices for enterprise data

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
VMware builds product executables on 50 Mac Minis
And goes to the Genius Bar for support
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
Microsoft says 'weird things' can happen during Windows Server 2003 migrations
Fix coming for bug that makes Kerberos croak when you run two domain controllers
Cisco says network virtualisation won't pay off everywhere
Another sign of strain in the Borg/VMware relationship?
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?