What DevOps Teams Need to Know About DNS
June 24, 2016

Jonathan Lewis
NS1

The domain name system was designed in the early days of the Internet – well before the web browser was invented and well before the Internet entered the commercial realm. At that time, every host on the Internet maintained a file containing the name and IP address of every other host. As the number of hosts grew and the rate of new hosts joining the Internet accelerated, it became apparent that this would soon be unworkable. The IETF went to work and came up with Domain Name System (DNS) – a distributed, hierarchical directory service containing the names and IP addresses of Internet hosts. This was circa 1980.

Implicit in the design of DNS were some assumptions:

■ Simple one to one (host to host) communication for a transaction.

■ One location (host) for a given piece of content or service.

Since its original release, DNS has had several updates, primarily focused on addressing issues of scale and security. These changes made maintenance and update of the records in the global DNS somewhat more efficient and helped preserve the integrity of the records. However, those improvements do not address the changing nature of how applications actually work in the modern Internet.

The Widening Gap Between the Modern Internet and Traditional DNS

Changes in infrastructure, applications, and increased demands for speed and scale have exposed areas where DNS is lagging behind:

1. Content and services are hosted in multiple locations. With the globalization of services and huge increases in demand, enterprises are hosting content on multiple CDNs, in multiple data centers and on multiple servers. Traditional DNS does not natively provide a mechanism for selecting the best performing destination for each end user.

2. A single transaction or rendering of a web page can involve assembling disparate content from multiple locations. The cumulative effect of multiple DNS lookups on performance can seriously impact user experience.

3. Ever lower tolerance for delay and unprecedented scale. Consider a globally available service with 30 million users. If the infrastructure delivers good quality of experience 98% of the time, then 600,000 users are not having a good experience. DNS was designed to be good enough at a time when good enough had an entirely different meaning.

4. Cloud infrastructure (network, compute and storage) is dynamic and automated. DNS was designed for a relatively static world where manually editing DNS text files could keep up with moves, adds and changes.

Most DNS implementations on the Internet and within private networks are based on traditional platforms such as BIND, djbdns, Power DNS, gdnsd and NSD. These include deployments by enterprises as well as managed DNS services. Many deployments are customized with non-standard additions that address some deficiencies in the basic platform.

As an example, base DNS does not offer a mechanism for detecting whether a site is up or down before directing the user to that site. Many providers have customized their implementations to support this functionality. However, applying after-market functionality to legacy platforms is complex and time-consuming. In addition, even with customizations, many capabilities that would improve performance and efficiency are simply out of reach using traditional platforms.

The Next Generation DNS

DNS is the first decision and most important point in the process of deciding where to direct an end user request, but most DNS implementations are not instrumented to optimize the answer. They typically are only able to direct the user to the geographically closest server that is not down. However, the geographically closest server may not be the best option for responding to the user request. The server may be overloaded, the network connection to that server may be heavily congested, or primary links may be down. There may be business considerations, such as the need to fulfill bandwidth commits or to avoid overages. A modern DNS supports the advanced routing capabilities to deliver optimized responses based on real-time network and server conditions, real user monitoring (RUM) data, as well as the capability to provide responses based on business logic.

Handling Security

Security vulnerabilities and patch management comprise a tax on IT organizations. A self-managed DNS is subject to that tax. Managing and patching vulnerabilities in a timely manner that is transparent and does not affect system availability is an operational challenge. This challenge is compounded where there is custom code built on top of Open Source.

Today, there are managed DNS solutions available, both for Internet and private, intranet-only services. Because they are fully managed, these solutions mitigate security exposure and reduce operational overhead. The DNS provider takes responsibility for security patches, updates, health monitoring and general support. They typically include full-time monitoring and promptly apply security fixes and patches to the underlying operating system and libraries without impacting system availability.

DNS and DevOps

In the last few years, there have been rapid changes in application development and deployment processes. As DevOps teams roll out applications into dynamic, software-defined environments, underlying services such as DNS need to be well integrated. Open Source DNS solutions were developed long before these changes came about. As a result, they lack the native API support needed to support modern DevOps environments and infrastructure automation. This adds overhead and can be a drag on new service velocity.

Modern DNS solutions are designed with an "API-first" approach that supports automated record management and service discovery, combined with single-pane-of-glass management across the infrastructure. This takes DNS off the critical path and allows organizations to focus scarce IT resources on activities that are core to their business.

DNS 2.0

DNS was designed when the Internet was less complex, infrastructure was relatively static and demands for speed and scale were orders of magnitude less than today. It is remarkable how well the original design has held up, but increasingly its limitations are emerging as the "long pole in the tent" in multiple areas. Leading edge online companies that depend on delivering their services with speed, scale and agility were the early adopters of advanced DNS solutions and now it is moving to the mainstream.

Jonathan Lewis is VP of Product for NS1.

Share this

Industry News

October 27, 2020

ThinkTank has released a suite of applications designed to keep distributed agile teams aligned and engaged, regardless of physical location.

October 27, 2020

Cloudify, a Service Orchestration and Automation Platform, announced its latest 5.1 product release which aims to take one step further to permanently remove silos and roadblocks that are consistently associated with migration to the public cloud.

October 27, 2020

WhiteSource announced its new native integration for Microsoft Azure DevOps services.

October 26, 2020

NetApp unveiled a new serverless and storageless solution for containers from Spot by NetApp, a new autonomous hybrid cloud volume platform, and cloud-based virtual desktop solutions.

October 26, 2020

GeneXus released GeneXus 17, a new version of its platform that empowers enterprises to create and evolve new applications at unprecedented speed.

October 26, 2020

Alcide announced the company’s security solutions are now integrated with AWS Security Hub, sending real-time threat intelligence and compliance information to Amazon Web Services (AWS) for easy consumption by Security and DevSecOps teams.

October 22, 2020

Puppet announced Puppet Comply, a new product built to work with Puppet Enterprise aimed at assessing, remediating, and enforcing infrastructure configuration compliance policies at scale across traditional and cloud environments.

October 22, 2020

Harness announced two new modules: Continuous Integration Enterprise and Continuous Features.

October 22, 2020

Render announced automatic preview environments which are essential for rapid and collaborative development of modern applications.

October 21, 2020

Conducto is launching a toolkit for simplifying complex CI/CD and data science pipelines, having raised $3 million in seed funding led by Jump Capital.

October 21, 2020

Snyk Intel vulnerability database will be integrated into IBM Cloud security capabilities to enhance security for enterprise workloads.

October 21, 2020

Accurics announced $20 million across seed and series A financing raised in the past six months, with Intel Capital leading the Series A and ClearSky leading the seed.

October 20, 2020

Splunk announced the Splunk Observability Suite, the most comprehensive and powerful combination of monitoring, investigation, and troubleshooting solutions designed to help organizations become cloud-ready and accelerate their digital transformation.

October 20, 2020

Tricentis announced Vision AI, the core technology that will now power Tosca.

October 20, 2020

MuseDev has extended its code analysis platform to deliver bug reports via Github's code scanning UI.