What DevOps Teams Need to Know About DNS
June 24, 2016

Jonathan Lewis
NS1

The domain name system was designed in the early days of the Internet – well before the web browser was invented and well before the Internet entered the commercial realm. At that time, every host on the Internet maintained a file containing the name and IP address of every other host. As the number of hosts grew and the rate of new hosts joining the Internet accelerated, it became apparent that this would soon be unworkable. The IETF went to work and came up with Domain Name System (DNS) – a distributed, hierarchical directory service containing the names and IP addresses of Internet hosts. This was circa 1980.

Implicit in the design of DNS were some assumptions:

■ Simple one to one (host to host) communication for a transaction.

■ One location (host) for a given piece of content or service.

Since its original release, DNS has had several updates, primarily focused on addressing issues of scale and security. These changes made maintenance and update of the records in the global DNS somewhat more efficient and helped preserve the integrity of the records. However, those improvements do not address the changing nature of how applications actually work in the modern Internet.

The Widening Gap Between the Modern Internet and Traditional DNS

Changes in infrastructure, applications, and increased demands for speed and scale have exposed areas where DNS is lagging behind:

1. Content and services are hosted in multiple locations. With the globalization of services and huge increases in demand, enterprises are hosting content on multiple CDNs, in multiple data centers and on multiple servers. Traditional DNS does not natively provide a mechanism for selecting the best performing destination for each end user.

2. A single transaction or rendering of a web page can involve assembling disparate content from multiple locations. The cumulative effect of multiple DNS lookups on performance can seriously impact user experience.

3. Ever lower tolerance for delay and unprecedented scale. Consider a globally available service with 30 million users. If the infrastructure delivers good quality of experience 98% of the time, then 600,000 users are not having a good experience. DNS was designed to be good enough at a time when good enough had an entirely different meaning.

4. Cloud infrastructure (network, compute and storage) is dynamic and automated. DNS was designed for a relatively static world where manually editing DNS text files could keep up with moves, adds and changes.

Most DNS implementations on the Internet and within private networks are based on traditional platforms such as BIND, djbdns, Power DNS, gdnsd and NSD. These include deployments by enterprises as well as managed DNS services. Many deployments are customized with non-standard additions that address some deficiencies in the basic platform.

As an example, base DNS does not offer a mechanism for detecting whether a site is up or down before directing the user to that site. Many providers have customized their implementations to support this functionality. However, applying after-market functionality to legacy platforms is complex and time-consuming. In addition, even with customizations, many capabilities that would improve performance and efficiency are simply out of reach using traditional platforms.

The Next Generation DNS

DNS is the first decision and most important point in the process of deciding where to direct an end user request, but most DNS implementations are not instrumented to optimize the answer. They typically are only able to direct the user to the geographically closest server that is not down. However, the geographically closest server may not be the best option for responding to the user request. The server may be overloaded, the network connection to that server may be heavily congested, or primary links may be down. There may be business considerations, such as the need to fulfill bandwidth commits or to avoid overages. A modern DNS supports the advanced routing capabilities to deliver optimized responses based on real-time network and server conditions, real user monitoring (RUM) data, as well as the capability to provide responses based on business logic.

Handling Security

Security vulnerabilities and patch management comprise a tax on IT organizations. A self-managed DNS is subject to that tax. Managing and patching vulnerabilities in a timely manner that is transparent and does not affect system availability is an operational challenge. This challenge is compounded where there is custom code built on top of Open Source.

Today, there are managed DNS solutions available, both for Internet and private, intranet-only services. Because they are fully managed, these solutions mitigate security exposure and reduce operational overhead. The DNS provider takes responsibility for security patches, updates, health monitoring and general support. They typically include full-time monitoring and promptly apply security fixes and patches to the underlying operating system and libraries without impacting system availability.

DNS and DevOps

In the last few years, there have been rapid changes in application development and deployment processes. As DevOps teams roll out applications into dynamic, software-defined environments, underlying services such as DNS need to be well integrated. Open Source DNS solutions were developed long before these changes came about. As a result, they lack the native API support needed to support modern DevOps environments and infrastructure automation. This adds overhead and can be a drag on new service velocity.

Modern DNS solutions are designed with an "API-first" approach that supports automated record management and service discovery, combined with single-pane-of-glass management across the infrastructure. This takes DNS off the critical path and allows organizations to focus scarce IT resources on activities that are core to their business.

DNS 2.0

DNS was designed when the Internet was less complex, infrastructure was relatively static and demands for speed and scale were orders of magnitude less than today. It is remarkable how well the original design has held up, but increasingly its limitations are emerging as the "long pole in the tent" in multiple areas. Leading edge online companies that depend on delivering their services with speed, scale and agility were the early adopters of advanced DNS solutions and now it is moving to the mainstream.

Jonathan Lewis is VP of Product for NS1.

Share this

Industry News

October 06, 2022

Platform.sh announced it has partnered with MongoDB.

October 06, 2022

Veracode announced the enhancement of its Continuous Software Security Platform to include container security.

This early access program for Veracode Container Security is now underway for existing customers.

The new Veracode Container Security offering, designed to meet the needs of cloud-native software engineering teams, addresses vulnerability scanning, secure configuration, and secrets management requirements for container images.

October 06, 2022

Mirantis announced that Mirantis Container Runtime – latest generation of the Docker Enterprise Engine, the secure container runtime that forms the foundation of Mirantis Container Cloud and Mirantis Kubernetes Engine and is used at the heart of many other Kubernetes deployments – is now available in the Microsoft Azure Marketplace.

October 05, 2022

Perforce Software announced enhanced support for automated testing with the release of Helix ALM 2022.2.

October 05, 2022

Parasoft announced the latest releases of its API and microservices testing tools, including SOAtest, Virtualize, CTP, and Selenic.

October 05, 2022

Vaadin announced the release of four Acceleration Kits designed to make it faster and easier to build and modernize Java applications for enterprise use.

October 04, 2022

Pegasystems announced the latest release of Robot Studio, the robotic process automation (RPA) low-code authoring environment for Pega's intelligent automation platform.

October 04, 2022

EvolveWare announced the Agile Business Rules Extraction (Agile BRE) solution on its Intellisys platform.

October 04, 2022

Mabl announced new features that empower quality professionals to easily validate APIs as part of their integrated end-to-end tests.

October 03, 2022

Spectro Cloud announced a major new release of its Palette Edge platform.

October 03, 2022

Arcion announced agentless change data capture (CDC) for all of its supported databases and applications.

September 29, 2022

CloudBees announced the acquisition of ReleaseIQ to expand the company’s DevSecOps capabilities, empowering customers with a low-code, end-to-end release orchestration and visibility solution.

September 29, 2022

SmartBear continues expanding its commitment to the Atlassian Marketplace, adding Bugsnag for Jira and SwaggerHub Integration for Confluence.

Bugsnag developers monitoring application stability and documenting in Jira no longer need to interrupt their workflow to access the app. Developers working in SwaggerHub can use the macro to push API definitions and changes directly to other teams and business stakeholders that work within Confluence. By increasing the presence of SmartBear tools on the Atlassian Marketplace, the company continues meeting developers where they are.

September 29, 2022

Ox Security exited stealth today with $34M in funding led by Evolution Equity Partners, Team8, and M12, Microsoft's venture fund, with participation from Rain Capital.

September 29, 2022

cnvrg.io announced that the new Intel Developer Cloud is now available via the cnvrg.io Metacloud platform, providing a fully integrated software and hardware solution.