BLOG

One DNS Provider is not enough!

Nico Cartron Miniatur
Nico Cartron
Published July 26, 2021

The DNS (Domain Name System) is one of the most important protocols on the Internet — it’s often referred to as “the phonebook of the Internet” (although most DNS experts despise this description).

Put simply, DNS is a decentralized directory allowing to resolve resources. Say for instance, that you want to visit F5 website; rather than memorizing the physical address (IP address) of F5’s web server, you can just type in “www.f5.com" in your web browser, and DNS will take care of telling your operating system the IP address for F5 web site.

DNS is an interesting beast: it is an old protocol (the first RFC date back from 1987), did not change for a while, and got a lot of interesting changes in the recent years, aiming at securing it, with things like DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH).

It’s always DNS

Another well-known saying amongst DNS people is “It’s always DNS” — while it’s of course not always the case, what it means is that when DNS have hiccups, this is immediately noticed.

DNS outages

Recent DNS outages, such as the ones experienced by Akamai (July 23, 2021) or Cloudflare (July 2020, although it was a network-wide outage, but impacted DNS as well) clearly confirm that outages in general, and DNS outage in particular do happen, no matter how redundant systems are: should it be a routing issue, a software bug or a misconfiguration introduced by human, it is almost impossible to guarantee that a system will always be up and running.

How to prevent that?

The easiest way to prevent a DNS outage to completely take offline your online presence is to use multiple DNS providers.

DNS, as a protocol, has built-in mechanisms allowing easily adding so-called “Secondary DNS services”, by using zone transfers.

This means that whenever a change is performed on your main DNS provider, a notification (NOTIFY) message will be sent to your secondary provider(s), which in turn will ask for the latest changes.

Advantages of having multiple DNS providers

In addition to having a “plan B” whenever something happens on one of your DNS providers, having other DNS providers “under your belt” provides the below benefits:

  • Software diversity: provider B will likely use a different DNS software than provider A — if a bug hits A, it won’t (hopefully) affect B.
  • Network redundancy: DNS providers serve DNS requests out of their network, meaning that even if DNS is still up, a network outage will bring DNS down. Having a second DNS provider, using a different network/ASN (Autonomous System) helps mitigate that.
  • Latency: having a low latency is critical to get fast DNS answers; however some networks have better latencies in specific regions than others — having another provider can help with having good latency across the globe.

Wrapping Up

Don’t wait for the next outage of your DNS provider to investigate what you can do!

F5 offers Primary and Secondary DNS services through our Anycast network, protected behind our Silverline DDoS protection systems. Get in touch with us! email: sales@volterra.io