Here’s a challenge: talk about why Domain Name System (DNS) matters but avoid analogies like “phonebook of the Internet” or “cornerstone of web infrastructure.”
Impossible? Maybe, but it’s worth a shot—especially because these analogies don’t fully capture just how important DNS is.
In truth, DNS may be the most important part of your organization’s digital presence, security elements included. Sound unlikely? It’s not, and here’s why: Almost every bit of Internet traffic must stop at a DNS Checkpoint before it lands at its final destination.
As one of the oldest Internet protocols around, and because it stands at such a central point of human-web interactions, DNS has a storied history. Understanding that history will help us better understand why DNS is so important today.
Jon Postel, Paul Mockapetris, and Craig Partridge published RFC 882 in November 1983, effectively creating the fundamentals of DNS as they exist today. Eleven months later, RFC 920 created seven generic top-level domains (TLDs), laying the groundwork for the “dot-blank” format (.com, .net, .gov, .org, etc.) and establishing the domain landscape for corporations, non-profits, schools, networks, government offices, and the military. Fast-forward to the present day, and there are over 200 million active sites on the Internet, plus roughly 16.7 billion Internet-enabled devices, all connected in some way to a 41-year-old protocol that started with little more than 70 sites.
Today, teams trying to manage a portion of all this network traffic are faced with an interesting question: What to do with it? How can we know (and then respond to) what a user wants to do with an application or website?
On a basic level, the queries that DNS solutions handle indicate intent, regardless of how that DNS solution is being deployed to address a use case. That’s because everything starts with DNS. Whether it’s opening your favorite application, checking email, or booking a hotel, the first thing happening in the background is a DNS resolution. This is why leveraging a versatile DNS solution is crucial to creating efficient, effective, and secure user experiences. The more work that tool does, the better that interaction will be—simply because a DNS service is one of the first network elements a user encounters.
Because of where DNS sits in the flow of traffic, and how it interacts with that traffic, it’s often exposed to a lot of bad traffic. This bad traffic can be anything from DoS floods and man-in-the-middle attacks to malicious IP queries and malformed packets. DNS fronts every entity connected to the Internet, so anyone and everyone, regardless of motive, lands on its doorstep.
Because of that fact, and due to the fact that DNS is commonly targeted for attacks, a DNS solution must provide at least a degree of security for the virtual spaces it front-ends. Bad actors may attack DNS for any number of reasons: reputation damage, revenue disruption, or even data exfiltration. Therefore, simply giving teams the ability to handle DoS-style attacks and keep their services online has become table stakes across any expression of a DNS solution (SaaS, hardware, or otherwise). After witnessing triple-digit percent increases of DoS attacks, it’s not far-fetched to position a DNS solution as an integral part of a holistic security strategy, providing both app delivery and security functions for the teams that deploy them.
It doesn’t matter if you’re a service provider running telecom traffic for an entire state, an enterprise handling business-critical app traffic around the world and across data centers, or a niche software team looking for the most efficient way to front-end applications—DNS merits serious consideration. If DNS stops working, nothing works. And a DNS solution worth investing in needs to perform as more than just a passive directory for application traffic because that traffic represents real people. This is why F5 has been working hard to advance the DNS field since 1998. We offer DNS solutions across four different, versatile expressions to meet users and applications where they live. What does your “phonebook” do?
To learn more about F5’s expressions of DNS, contact us.