What DevOps Teams Need to Know About DNS
June 24, 2016

Jonathan Lewis
NS1

The domain name system was designed in the early days of the Internet – well before the web browser was invented and well before the Internet entered the commercial realm. At that time, every host on the Internet maintained a file containing the name and IP address of every other host. As the number of hosts grew and the rate of new hosts joining the Internet accelerated, it became apparent that this would soon be unworkable. The IETF went to work and came up with Domain Name System (DNS) – a distributed, hierarchical directory service containing the names and IP addresses of Internet hosts. This was circa 1980.

Implicit in the design of DNS were some assumptions:

■ Simple one to one (host to host) communication for a transaction.

■ One location (host) for a given piece of content or service.

Since its original release, DNS has had several updates, primarily focused on addressing issues of scale and security. These changes made maintenance and update of the records in the global DNS somewhat more efficient and helped preserve the integrity of the records. However, those improvements do not address the changing nature of how applications actually work in the modern Internet.

The Widening Gap Between the Modern Internet and Traditional DNS

Changes in infrastructure, applications, and increased demands for speed and scale have exposed areas where DNS is lagging behind:

1. Content and services are hosted in multiple locations. With the globalization of services and huge increases in demand, enterprises are hosting content on multiple CDNs, in multiple data centers and on multiple servers. Traditional DNS does not natively provide a mechanism for selecting the best performing destination for each end user.

2. A single transaction or rendering of a web page can involve assembling disparate content from multiple locations. The cumulative effect of multiple DNS lookups on performance can seriously impact user experience.

3. Ever lower tolerance for delay and unprecedented scale. Consider a globally available service with 30 million users. If the infrastructure delivers good quality of experience 98% of the time, then 600,000 users are not having a good experience. DNS was designed to be good enough at a time when good enough had an entirely different meaning.

4. Cloud infrastructure (network, compute and storage) is dynamic and automated. DNS was designed for a relatively static world where manually editing DNS text files could keep up with moves, adds and changes.

Most DNS implementations on the Internet and within private networks are based on traditional platforms such as BIND, djbdns, Power DNS, gdnsd and NSD. These include deployments by enterprises as well as managed DNS services. Many deployments are customized with non-standard additions that address some deficiencies in the basic platform.

As an example, base DNS does not offer a mechanism for detecting whether a site is up or down before directing the user to that site. Many providers have customized their implementations to support this functionality. However, applying after-market functionality to legacy platforms is complex and time-consuming. In addition, even with customizations, many capabilities that would improve performance and efficiency are simply out of reach using traditional platforms.

The Next Generation DNS

DNS is the first decision and most important point in the process of deciding where to direct an end user request, but most DNS implementations are not instrumented to optimize the answer. They typically are only able to direct the user to the geographically closest server that is not down. However, the geographically closest server may not be the best option for responding to the user request. The server may be overloaded, the network connection to that server may be heavily congested, or primary links may be down. There may be business considerations, such as the need to fulfill bandwidth commits or to avoid overages. A modern DNS supports the advanced routing capabilities to deliver optimized responses based on real-time network and server conditions, real user monitoring (RUM) data, as well as the capability to provide responses based on business logic.

Handling Security

Security vulnerabilities and patch management comprise a tax on IT organizations. A self-managed DNS is subject to that tax. Managing and patching vulnerabilities in a timely manner that is transparent and does not affect system availability is an operational challenge. This challenge is compounded where there is custom code built on top of Open Source.

Today, there are managed DNS solutions available, both for Internet and private, intranet-only services. Because they are fully managed, these solutions mitigate security exposure and reduce operational overhead. The DNS provider takes responsibility for security patches, updates, health monitoring and general support. They typically include full-time monitoring and promptly apply security fixes and patches to the underlying operating system and libraries without impacting system availability.

DNS and DevOps

In the last few years, there have been rapid changes in application development and deployment processes. As DevOps teams roll out applications into dynamic, software-defined environments, underlying services such as DNS need to be well integrated. Open Source DNS solutions were developed long before these changes came about. As a result, they lack the native API support needed to support modern DevOps environments and infrastructure automation. This adds overhead and can be a drag on new service velocity.

Modern DNS solutions are designed with an "API-first" approach that supports automated record management and service discovery, combined with single-pane-of-glass management across the infrastructure. This takes DNS off the critical path and allows organizations to focus scarce IT resources on activities that are core to their business.

DNS 2.0

DNS was designed when the Internet was less complex, infrastructure was relatively static and demands for speed and scale were orders of magnitude less than today. It is remarkable how well the original design has held up, but increasingly its limitations are emerging as the "long pole in the tent" in multiple areas. Leading edge online companies that depend on delivering their services with speed, scale and agility were the early adopters of advanced DNS solutions and now it is moving to the mainstream.

Jonathan Lewis is VP of Product for NS1.

Share this

Industry News

January 26, 2023

Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available.

January 26, 2023

Mirantis, freeing developers to create their most valuable code, today announced that it has acquired the Santa Clara, California-based Shipa to add automated application discovery, operations, security, and observability to the Lens Kubernetes Platform.

January 25, 2023

SmartBear has integrated the powerful contract testing capabilities of PactFlow with SwaggerHub.

January 25, 2023

Venafi introduced TLS Protect for Kubernetes.

January 25, 2023

Tricentis announced the general availability of Tricentis Test Automation, a cloud-based test automation solution that simplifies test creation, orchestration, and scalable test execution for easier collaboration among QA teams and their business stakeholders and faster, higher-quality, and more durable releases of web-based applications and business processes.

January 24, 2023

Harness announced the acquisition of Propelo.

January 23, 2023

Couchbase announced its Couchbase Capella Database-as-a-Service (DBaaS) offering on Azure.

January 23, 2023

Mendix and Software Improvement Group (SIG) have announced the release of Mendix Quality & Security Management (QSM), a new cybersecurity solution that provides continuous deep-dive insights into security and code quality to immediately address risks and vulnerabilities.

January 23, 2023

Trunk announces the public launch of CI Analytics.

January 23, 2023

Panaya announced a new Partnership Program in response to ongoing growth within its partner network over the past year.

January 23, 2023

Cloudian closed $60 million in new funding, bringing the company’s total funding to $233 million.

January 19, 2023

Progress announced the R1 2023 release of Progress Telerik and Progress Kendo UI.

January 19, 2023

Wallarm announced the early release of the Wallarm API Leak Management solution, an enhanced API security technology designed to help organizations identify and remediate attacks exploiting leaked API keys and secrets, while providing on-going protection against hacks in the event of a leak.

January 19, 2023

ThreatModeler launched Threat Model Marketplace, a cybersecurity asset marketplace offering pre-built, field-tested threat models to be downloaded — free for a limited time — and incorporated into new and ongoing threat modeling initiatives.

January 18, 2023

Software AG has launched new updates to its webMethods platform that will simplify the process by which developers can find, work on and deploy new APIs and integration tools or capabilities.