Research from network intelligence firm ThousandEyes shows that many of the world’s leading firms are not adequately prepared for the next major DNS outage.
The domain name system (DNS) is an essential element of the internet’s infrastructure. It is essentially a system that maps domain names that humans can read as words to IP addresses. These mappings are serviced through hierarchically organised, distributed servers, working together to solve queries.
Resilience in this area is crucial for enterprises, as it ensures the availability of an organisation’s online presence.
A crucial infrastructural element
Outages can cause serious problems, as was seen with the attack on DNS service provider Dyn in 2016. Companies such as Netflix and Airbnb were effectively erased from the internet for a period as the attack progressed, as they relied on Dyn to host their DNS records.
Today (10 October), ThousandEyes released its Global DNS Performance Benchmark Report and it shows that leading enterprises and SaaS providers remain needlessly vulnerable. According to the report, 68pc of the top 50 companies in the Fortune 500 are not following best practices when it comes to DNS, using only a single provider to serve their DNS records. This leaves them open to attack if that service ever becomes unavailable.
The report said: “As a domain name owner, you’re responsible for defining where the records that point to your web properties will be stored. Your authoritative records may be self-hosted in your data centre, or you may choose to use one or multiple managed DNS providers in place of, or in addition to, self-hosting.
“If your brand has any value on the internet, it’s critical that your DNS deployment be scalable and resilient, so that your web or online service presence is always available to your users.”
44pc of the top 20 SaaS providers are also only using a single provider. The report notes Amazon as a good example of best practice. The company uses two external providers, Dyn and UltraDNS, and does not use its own DNS service, Route 53. It chooses architectural diversity instead, to reduce the risk of it being taken offline.
Which provider comes out on top?
ThousandEyes said that more attention needs to be paid to the measured performance of DNS resolver providers, as opposed to the brand or scope of the provider’s global footprint. Out of 15 measured public providers, Cloudflare was found to have the fastest overall performance, followed by Google and OpenDNS. The latter two improved their performance compared to last year’s ThousandEyes analysis.
Google was the top performer in the US, while the number-one spot in the UK went to Level 3, with Cloudflare coming out on top in the Japanese market.
“Without DNS, there is no internet. It’s how users find a company’s apps, sites and services on the internet. A DNS performance issue or attack can have a critical impact on customer experience, revenue and brand reputation,” said Angelique Medina, senior product marketing manager at ThousandEyes.
Craig Matsumoto, senior analyst at 451 Research, said: “Because digital experience is so central to a brand’s success these days, it’s critical that businesses understand that not all DNS infrastructures are created equal. Performance and risk exposure varies widely between providers and geographies, so they need to be aware and base decisions on data relevant to their market.”