Secondary DNS: Do You Have a Back-Up Plan?
According to the 2018 Global DNS Performance Benchmark Report, the state of DNS resiliency among enterprises and top SaaS providers is poor, with 60% relying on a single source for their authoritative nameservers.1 In this article, we’ll explore the necessity of having a secondary DNS service.
Your DNS service is like the dial tone of a landline (remember those?). You don’t pick up the phone with your fingers crossed in hopes of hearing a dial tone, just like you don’t hold your breath every time you enter a website URL, hoping the page will load. The dial tone signifies your phone’s connectedness to the broader phone system; your DNS service is a user’s link to your applications. Suddenly, the fact that your apps are highly available on the cloud doesn’t matter so much—if your DNS service is down, no one can reach them anyway.
WHAT’S THE RISK?
Attacks targeting DNS services and providers are getting bigger and more costly.2 Take the 2016 Dyn attack. A DDoS attack aimed at Dyn managed to cut off access to websites such as Amazon. com, Reddit, CNN, Netflix, and many others for the better part of a day. Though those websites were secure and operational, users could not access them. The financial impact was significant for both Dyn and its customers.
SECONDARY DNS CONSIDERATIONS
Organizations these days need to be as risk averse as possible. Will your users accept extended downtime, patiently waiting for you to come back online? The 2018 Global DNS Benchmark Report states that users expect a response in tens of milliseconds (ms), rather than hundreds. Even a delay of just 250 ms for a page to begin loading is noticeable to most users.
A secondary DNS gives you built-in peace of mind—if your primary DNS goes down, your secondary will keep traffic moving, without disrupting performance.
SIMPLE, COST EFFECTIVE SOLUTIONS: CLOUD-BASED DNS
“What about the added expense, and the maintenance burden?” F5 addressed this by launching application delivery services in SaaS consumption models, that can be easily provisioned and configured for cloud-native applications and microservice environments. As an example, the F5 DNS Cloud Service is a globally available secondary DNS service that balances the benefits of cloud services with our in-depth DNS expertise in an easy-to-configure solution solution with built-in security. Your team can provision, configure, and manage a DNS service without needing a specialized skillset.
This service is pay-as-you-use, so you only pay for it when you need it. There’s also a free tier that includes one zone and 3,000,000 queries per month (roughly one query a second). This is a great option for organizations that want the added security and performance protection without sinking a ton of time, money, and resources into a failsafe.
All in all, having a secondary DNS service just makes sense. "You can’t afford to ignore DNS if you want to succeed in the digital economy," says Lori MacVittie, Principal Tech Evangelist, F5.
It’s a relatively low time and resource commitment and in an era where app security can never be fully guaranteed, you can’t ask for much more than low-cost peace of mind.
Ready to get started? Check out F5's secondary DNS offering or start your free trial with AWS.