DNS remains one of the least appreciated application services in existence. Its role is so important, that its failure is considered catastrophic. If every DNS system stopped answering queries, it would bring the digital economy to its knees within minutes.
Without the ability to translate domain names to IP addresses, apps would simply stop working. The system was designed, after all, because we simply can't remember IP addresses as easily as we do "something" dot com.
When we look at responses from the State of Application Services 2019, it is no surprise to find DNS threatening to enter the top five application services deployed today. When we narrow that view to telecommunications providers, we find a 10 point increase in deployment rates, rising from 68% of other industries to 79% of telecom providers.
The prominent role of DNS in telecom is no surprise since many other industries - and most consumers - rely both directly and indirectly on service providers for their DNS services.
DNS is provided to customers by their service providers. That includes both mobile and cable operators. I'm assigned DNS entries by my service provider whether wired or mobile. It is those DNS services that make it possible for you to turn off the lights after you've left, or peek out the front door when someone approaches, or order up some dinner. Without DNS, the digital economy is dead in the water, unable to access the critical back-office apps that enable connected experiences - everywhere.
DNS and Application Performance
DNS is also a critical component of application performance. Because 80-90% of applications today rely on third-party components or are comprised of APIs that require server-side processing, fast DNS resolution is vital to maintaining application performance. Every component that accesses a third-party resource requires a lookup, which means time on the wire and time to process. Slow responses can hinder performance and frustrate customers.
As noted in the 2018 Global DNS Performance Benchmark Report:
In general, users in regions with decent Internet connectivity should expect a response in tens of milliseconds, rather than hundreds of milliseconds (ms). An overall delay of even 250 ms for a site to begin loading will be noticeable to most users.
There is virtually no connected experience that is not impacted by the availability and speed of DNS. None. Not your toaster, not your navigation system, not your social media, and not your Netflix fix.
That's why it's always disconcerting to find such a dearth of attention paid to DNS. That's particularly true when you consider the importance of SaaS to business today. According to the aforementioned report, nearly half (44%) of the top 25 SaaS providers rely on a single DNS provider. That means both their primary and secondary nameservers are hosted and managed by the same provider.
That could spell disaster, as it did in 2016 when Dyn DNS experienced a series of DDoS attacks against its infrastructure. The attack left a significant number of prominent sites and services suffering poor performance and outright outages.
DNS and the Digital Economy
While DNS hijacking and cache poisoning are commonly mentioned as security risks, the reality is that the nature of DNS puts it at risk. It is - and must be - a publicly accessible service. It cannot be hidden behind access controls or other security services. That means DNS should garner a bit more attention from both infrastructure and security teams when considering how to defend the business from attack.
Don't forget about DNS. Make it a point to evaluate its security and architecture on an annual basis and take steps to protect it. That includes securing against the latest DDoS attacks and protecting DNS query responses from cache-poisoning redirects. Look into how to better distribute DNS responsibilities across more than one provider and consider the role global server load balancing plays in keeping your digital presence alive in the face of an attack.
You can't afford to ignore DNS if you want to succeed in the digital economy.
About the Author
Related Blog Posts
The everywhere attack surface: EDR in the network is no longer optional
All endpoints can become an attacker’s entry point. That’s why your network needs true endpoint detection and response (EDR), delivered by F5 and CrowdStrike.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.