DNS is Not the First Thing that Comes to Mind in a Crisis

F5

For many companies, the coronavirus is in the process of redefining business continuity. The mass shift to enable teleworking has been one of the most notable ways companies like F5 are moving quickly to make sure customers are up and running. But as this shift accelerated industry-wide, we started seeing reports of various networking traffic issues, like too many VPN users, remote-meeting software crashes, and team collaboration software that couldn’t keep up with demand. The strain on the infrastructure was simply “too much, too quickly.” Fortunately, the tech world is also adept at rapid response, and those issues are getting better day by day. (Note: If you are having VPN issues, please read this article on keeping remote workers connected and secure; and if you’re dealing with network load issues, check out how to optimize your app performance.)

So, what’s next? What other problems might we soon face? One possible concern is the opportunity for bad actors to create more chaos through activities like distributed denial of service (DDoS) attacks on the DNS infrastructure. With everyone working from home, your DNS infrastructure is more important than ever—and unfortunately the bad guys know that, too. As more people are reaching out to you digitally, your digital operations depend on DNS. Imagine a company struggling with all the turmoil and uncertainty surrounding COVID-19, dealing with the impacts on business and employees, to then be hit with a DDoS attack. (This recently happened to a German food delivery website and the US Department of Health and Human Services website.)

If you’re already aware this might be an area of need, we’re here to help with a variety of low-cost DNS offerings (including a free tier) that can help your business effectively deal with what’s happening to all of us. If you’re not sure, the considerations below highlight the types of questions and issues we’re helping other customers address right now in navigating unprecedented IT demand and global readiness efforts.

The Essential Nature of DNS

As we continue to weather this crisis together, validating DNS preparedness is a key piece of the puzzle. Consider these points:

• What did you anticipate as your daily average for DNS traffic, and what bursting capacity did you build into your existing infrastructure? Can the bursting capacity be sustained, and for how long?
  
  
• Is it possible that your on-prem DNS is under-provisioned given the change in activity of your users? If you aren’t sure, are you leveraging cloud scale just in case?
  
  
• Where does the majority of your traffic originate, and do you have enough load balancing diversity across those regions locally and globally? Do you have auto-scale capabilities built into your infrastructure, and what penalties do you pay to support the dynamic changes that are happening right now?
  
  
• What is your security posture? Is your DNS infrastructure, which is already overtaxed by this new working-from-home dynamic, protected from threats, such as DDoS attacks?
  
  
• Do you have a backup, should your primary DNS go down, whether due to attack or legitimate excess traffic?

DNS and the Cloud

The tech industry has been touting the value of cloud solutions for years—a shared set of infrastructure and services that is resilient to single points of failure. We’ve seen this model succeed on a small scale by allowing for redundancy in areas hit by disasters and political crises. People, applications, and services can continue to function because of a shared infrastructure. Now we need to make sure we’re using that same model to protect our shared DNS infrastructure so that we can keep our global community connected. Here are best practices to make sure your infrastructure is prepared to continue to serve the public during this pandemic:

• Consider adding a cloud-based global load balancer to your DNS infrastructure for certain applications that have high global demand but need to be served locally, like VPN. It can help ease the burden by geo-routing traffic based on its origination, while simultaneously building in an automated redundancy plan.
  
  
• Select a secondary DNS provider separate from your primary DNS provider. This way you’ll have fail-over whether the problem is attack, saturation, or any other situation that brings down your primary DNS.
  
  
• Add a cloud-based secondary DNS that can automatically scale up or down to support your customer load. It’s important to understand that we’re living in unchartered territory and, thus, we’re beyond predictive modeling for the compute environment. It’s prudent to assume that no one knows what to expect next.
  
  
• Select a cloud-based DNS service that can provide global coverage at magnitude—not just a couple of local points of presence, but in-region assets. This means your customers, employees, and partners, in any region of the globe, get geo-based performance and DNS load sharing.
  
  
• Choose a cloud-based secondary DNS and DNS load balancing solution that builds in other capabilities like automatic failover, built-in DDoS protection, and TSIG authentication to securely maintain your application’s availability—and that way you don’t get nickeled and dimed trying to piece together all of the different features.

During difficult times, it’s important to make sure we remain connected to and supportive of our communities. Similarly, stabilizing your DNS and global load balancing infrastructure is a critical component in keeping Internet traffic moving. We’re happy to help address items like those called out above so you can focus on what matters most. Stay safe as we look out for one another.

Additional Resources

• More information on F5 DNS Cloud Service
• More information on F5 DNS Load Balancer Cloud Service
• Contact an F5 representative

About the Author

F5

More blogs by F5