What DevOps Teams Need to Know About DNS
June 24, 2016

Jonathan Lewis

The domain name system was designed in the early days of the Internet – well before the web browser was invented and well before the Internet entered the commercial realm. At that time, every host on the Internet maintained a file containing the name and IP address of every other host. As the number of hosts grew and the rate of new hosts joining the Internet accelerated, it became apparent that this would soon be unworkable. The IETF went to work and came up with Domain Name System (DNS) – a distributed, hierarchical directory service containing the names and IP addresses of Internet hosts. This was circa 1980.

Implicit in the design of DNS were some assumptions:

■ Simple one to one (host to host) communication for a transaction.

■ One location (host) for a given piece of content or service.

Since its original release, DNS has had several updates, primarily focused on addressing issues of scale and security. These changes made maintenance and update of the records in the global DNS somewhat more efficient and helped preserve the integrity of the records. However, those improvements do not address the changing nature of how applications actually work in the modern Internet.

The Widening Gap Between the Modern Internet and Traditional DNS

Changes in infrastructure, applications, and increased demands for speed and scale have exposed areas where DNS is lagging behind:

1. Content and services are hosted in multiple locations. With the globalization of services and huge increases in demand, enterprises are hosting content on multiple CDNs, in multiple data centers and on multiple servers. Traditional DNS does not natively provide a mechanism for selecting the best performing destination for each end user.

2. A single transaction or rendering of a web page can involve assembling disparate content from multiple locations. The cumulative effect of multiple DNS lookups on performance can seriously impact user experience.

3. Ever lower tolerance for delay and unprecedented scale. Consider a globally available service with 30 million users. If the infrastructure delivers good quality of experience 98% of the time, then 600,000 users are not having a good experience. DNS was designed to be good enough at a time when good enough had an entirely different meaning.

4. Cloud infrastructure (network, compute and storage) is dynamic and automated. DNS was designed for a relatively static world where manually editing DNS text files could keep up with moves, adds and changes.

Most DNS implementations on the Internet and within private networks are based on traditional platforms such as BIND, djbdns, Power DNS, gdnsd and NSD. These include deployments by enterprises as well as managed DNS services. Many deployments are customized with non-standard additions that address some deficiencies in the basic platform.

As an example, base DNS does not offer a mechanism for detecting whether a site is up or down before directing the user to that site. Many providers have customized their implementations to support this functionality. However, applying after-market functionality to legacy platforms is complex and time-consuming. In addition, even with customizations, many capabilities that would improve performance and efficiency are simply out of reach using traditional platforms.

The Next Generation DNS

DNS is the first decision and most important point in the process of deciding where to direct an end user request, but most DNS implementations are not instrumented to optimize the answer. They typically are only able to direct the user to the geographically closest server that is not down. However, the geographically closest server may not be the best option for responding to the user request. The server may be overloaded, the network connection to that server may be heavily congested, or primary links may be down. There may be business considerations, such as the need to fulfill bandwidth commits or to avoid overages. A modern DNS supports the advanced routing capabilities to deliver optimized responses based on real-time network and server conditions, real user monitoring (RUM) data, as well as the capability to provide responses based on business logic.

Handling Security

Security vulnerabilities and patch management comprise a tax on IT organizations. A self-managed DNS is subject to that tax. Managing and patching vulnerabilities in a timely manner that is transparent and does not affect system availability is an operational challenge. This challenge is compounded where there is custom code built on top of Open Source.

Today, there are managed DNS solutions available, both for Internet and private, intranet-only services. Because they are fully managed, these solutions mitigate security exposure and reduce operational overhead. The DNS provider takes responsibility for security patches, updates, health monitoring and general support. They typically include full-time monitoring and promptly apply security fixes and patches to the underlying operating system and libraries without impacting system availability.

DNS and DevOps

In the last few years, there have been rapid changes in application development and deployment processes. As DevOps teams roll out applications into dynamic, software-defined environments, underlying services such as DNS need to be well integrated. Open Source DNS solutions were developed long before these changes came about. As a result, they lack the native API support needed to support modern DevOps environments and infrastructure automation. This adds overhead and can be a drag on new service velocity.

Modern DNS solutions are designed with an "API-first" approach that supports automated record management and service discovery, combined with single-pane-of-glass management across the infrastructure. This takes DNS off the critical path and allows organizations to focus scarce IT resources on activities that are core to their business.

DNS 2.0

DNS was designed when the Internet was less complex, infrastructure was relatively static and demands for speed and scale were orders of magnitude less than today. It is remarkable how well the original design has held up, but increasingly its limitations are emerging as the "long pole in the tent" in multiple areas. Leading edge online companies that depend on delivering their services with speed, scale and agility were the early adopters of advanced DNS solutions and now it is moving to the mainstream.

Jonathan Lewis is VP of Product for NS1.

Share this

Industry News

May 16, 2022

Red Hat announced new capabilities and enhancements across its portfolio of open hybrid cloud solutions aimed at accelerating enterprise adoption of edge compute architectures through the Red Hat Edge initiative.

May 16, 2022

D2iQ announced a partnership with GitLab.

May 16, 2022

Kasten by Veeam announced the new Kasten by Veeam K10 V5.0 Kubernetes data management platform.

May 12, 2022

Red Hat introduced Red Hat Enterprise Linux 9, the Linux operating system designed to drive more consistent innovation across the open hybrid cloud, from bare metal servers to cloud providers and the farthest edge of enterprise networks.

May 12, 2022

Couchbase announced version 7.1 of Couchbase Server.

May 12, 2022

Copado added Copado Robotic Testing to Copado Essentials.

May 11, 2022

Red Hat announced new advancements within its Red Hat Cloud Services portfolio, delivering a fully-managed and streamlined user experience as organizations build, deploy, manage and scale cloud-native applications across hybrid environments.

May 11, 2022

JFrog introduced a new Docker Desktop Extension for JFrog Xray that allows organizations to automatically scan Docker Containers for vulnerabilities and violations early in the development process.

May 11, 2022

Progress announced a series of updates in Progress Telerik and Progress Kendo UI.

May 11, 2022

Vultr announces that Vultr Kubernetes Engine (VKE) is generally available.

May 10, 2022

Docker announced new features and partnerships to increase developer productivity. Specifically, the company announced Docker Extensions which allow developers to discover and add complementary development tools to Docker Desktop.

May 10, 2022

Red Hat announced the general availability of Red Hat Ansible Automation Platform on Microsoft Azure, pairing hybrid cloud automation with the convenience and support of a managed offering.

May 10, 2022

The Fedora Project, a community-driven open source collaboration sponsored by Red Hat, announced the general availability of Fedora Linux 36, the latest version of the fully open source Fedora operating system.

May 10, 2022

Progress announced the release of Progress Chef Cloud Security, extending DevSecOps with compliance support for native cloud assets and enabling end-to-end management of all on premise, cloud and native cloud resources.

May 10, 2022

Platform9 announced new platform capabilities in Platform9 5.5 that make it easier for cloud-native development and operations teams to build, scale, and operate apps and Kubernetes clusters in the cloud, on-premises, and at the edge.