by Des Nnochiri
The Domain Name System (DNS) catalog maps text-based URLs to their specifically-numbered host systems. As the phone book or Yellow Pages of the internet, DNS governs the speed with which websites and online resources may be located, so the speed and robustness of your DNS service can have a profound impact on your internet performance overall.
This can have an effect not only on the speed at which your staff may gain access to the information and resources they need, but also on the experience of your customers and supply chain partners, at their various touch points with your organization’s internet presence.
While many enterprises still rely on internal servers and infrastructure for their DNS provision, the option of shifting this function to the cloud is gaining traction. There are plus and minus points
to this approach, which we shall be considering in this article.
The Cloud DNS Advantage
DNS in the cloud is generally considered to be an Infrastructure as a Service (IaaS) solution. And like other cloud-based service offerings, hosted DNS provides a managed, off-site solution which benefits from the geographically dispersed and multi-faceted resources available to the service provider. These resources may typically be much more extensive than those which could be provided by the consumer.
Cloud DNS services are in most cases better able to ensure redundancy and fault tolerance in the infrastructure that they offer. Geographic dispersal of their servers allows for greater scope in DNS resolution between locations, which for the customer provides reduced latency and faster access to websites and online applications.
Cloud providers can improve on the performance possible with in-house DNS servers, by using their resources to ensure advanced traffic routing. The load-balancing capabilities and geographic spread of their servers allows for the deployment of routing policies such as simple failover, latency-based routing, round-robin, geographic DNS and geo-proximity routing.
Costs may be significantly reduced for the enterprise as well, since a cloud DNS deployment relieves subscribers of the burden of infrastructure purchasing, management, and maintenance. Subscription fees may also be significantly less than the equivalent costs of an in-house DNS set-up.
Security Benefits
Distributed Denial of Service (DDoS) attacks, where networks are bombarded with information requests, to overload the system, are a common menace for internet-dependent businesses. With their multiple servers and DNS infrastructure, cloud providers are better able than most organizations to provide resistance against this type of assault.
Malicious modification of information passing through DNS servers is another cause of great concern to businesses, as are other forms of attack which may compromise DNS operations, reduce or stop network availability, and negatively affect applications, internal processes, and customer-facing aspects of the business.
Cloud DNS providers that support Domain Name System Security Extensions (DNSSEC), an encryption technology capable of authenticating DNS records and guarding against many of the common DNS security issues, can reduce or eliminate this anxiety for their customers.
DNSSEC is a relatively new technology, and many organizations aren’t yet familiar with its workings and configuration. A cloud-hosted DNS service can provide the IT expertise necessary for deploying and managing this security system.
Maintenance and Monitoring Capabilities
Likewise, the “managed services” aspect of DNS in the cloud assumes the responsibility for maintaining and monitoring the infrastructure and servers. Under the terms of a typical Service Level Agreement (SLA), the cloud provider takes on the tasks of keeping active and redundant DNS servers patched, secured, scanned, and monitored.
Event reporting, performance information, and operational metrics can also be made available to business consumers for internal auditing and compliance purposes. Most providers will have custom scripts and software-programmable interfaces, for the automatic creation and updating of DNS records. They may also make application programming interfaces (APIs) available to subscribers, enabling businesses to configure dynamic alterations or additions to their own DNS resource records.
The Downside of Cloud DNS
Of course, it’s not all good news. The classic enterprise objection to cloud-hosted services (“We’d be entrusting our data/software/resources/infrastructure to a third party!”) holds for DNS in the cloud, as well.
Specifically, relying on an external provider to ensure that your DNS resolution and network availability are always on, can have dire consequences if their infrastructure goes down, or their company goes out of business.
There may be compensation or punitive damages available for provider outages written into the terms of your SLA, but there’s little guarantee that this will cover the financial losses suffered by your enterprise in the event of a serious cloud DNS disaster.
Proximity and Geolocation Issues
Having your DNS resolver as close as possible to its DNS client helps guard against latency in your network connections, and this is usually the case, with on-premises DNS deployment. With a cloud service, there’s no guarantee that the DNS resolver the provider makes available will be located nearby.
Problems with geo-location can create issues for international users (clients and staff) if Content Delivery Networks (CDNs) direct connections to a server that’s physically closer to the cloud host’s DNS resolver than to your actual location. This can cause delays and performance issues, including the alteration of expected content due to international or local restrictions.
A Lack of “Tightness”
DDI – the integration of DNS, DHCP (Dynamic Host Configuration Protocol, used in automatically providing and assigning IP addresses), and IPAM (IP Address Management) into a unified service – is easier, if all the resources required for its management reside on a single platform. This is often the case with on-premises DNS but may be harder to achieve with the distributed DNS infrastructure of a cloud service.
Well-integrated DDI functions make IP address usage highly visible to the enterprise, and facilitate the management of addressing resources. The looseness associated with a cloud deployment can deny businesses the benefit of this integration.
A Lack of Fine-Grained Control
Complete control of your DNS configuration may not be possible with some cloud providers. Organizations with highly complex environments to manage may not be fully served by the simplified web controls offered by some cloud DNS services.
Choosing a DNS Provider
If you’re in the market for a cloud DNS service, you should first identify and prioritize the features that your business will require. Then, assess the available alternatives based on whether:
· Is the service free, or subscription-based?
· Is there a web interface for comprehensive configuration?
· Does the provider have a redundant and scalable DNS server infrastructure, with high bandwidth dual-protocol connectivity?
· Are anycast addressing and dynamic routing pre-configured to the provider’s name services?
· Do they provide the security features you require, e.g., DDoS protection, anti-spoofing, or packet scrubbing?
· Will they implement DNSSEC for your domain, and configure your DNSSEC resource records?
· Does the service provide APIs and programmable interfaces for automation and in-house configuration?
Leading names in the DNS cloud market include Akamai, Amazon Route 53, Cloudflare DNS, ClouDNS, DNSMadeEasy, Google Cloud DNS, Infoblox, Microsoft Azure DNS, Oracle, and Verisign Managed DNS.
