The domain name system is fundamental infrastructure required for the Internet to work and therefore fundamental to a lot of activities that an IT organization has to support. To do so, they need a strong authoritative DNS that is well maintained.
Because of CIRA’s role as the .CA registry we spend a lot of time thinking about it. To test the authoritative DNS resiliency, we queried over 100,000 authoritative servers for .CA domains and found that 93% of them failed to respond at least once during the testing period.
But what does a failed response mean? If you are running your DNS on the same network resources then maybe it means your entire site appears offline because of a router issue. If you are running multiple DNS server locations then maybe one is down for maintenance and the others can pick up the slack (with some added latency to the end user). If you are under DDoS then maybe everything is down. What is important is that with a well architected anycast DNS service there need never be a situation where a server appears offline. Combining globally dispersed nodes with redundant servers at each node allows maintenance on one server at a time while offering a faster and more resilient DNS.
Think you don’t need a “perfect” DNS? Let’s look at what departmental activities can be impacted during an outage to your external DNS:
- Primary website
- Marketing campaign websites
- Email servers
- Customer support websites
- Online resource libraries
- Inside sales web portals
- Multi-tier web applications
- P2P resources
- Databases
- Multiplayer games
- External Webmail access
- VPN access to some resources
- Customer resource management (CRM) mail and landing pages using CNAME
- Marketing automation email and landing pages using CNAME
- 3rd party mass email tools and services using CNAME
- Online meeting services
- Webinar services
- Instant messaging tools
- IoT applications using the DNS (i.e. beacons)
- Brochures and datasheets with links
- More…
It is a long list and if you put your mind to it there are probably other tools and applications that require the DNS to function. In addition to better performing websites and applications protecting the DNS with a strong secondary service like Anycast DNS can pay for itself. Even if you exclude the revenue and reputational risks associated with outages and low performance the ROI is strong and calculable. If it saves your team the operational and meeting time with the above departments due to a DNS outage then the service can pay for itself many times over.
