There’s a saying that if there is a dangerous intersection, don’t wait for an accident to put up a stop sign, because for at least one party, it will be too late. When it comes to your DNS infrastructure, likewise, don’t wait for an outage or attack to put in place a secondary strategy. In the case of the stop sign, if there IS an accident, and the authorities fail to install a stop sign, over time, people will forget about the danger until it happens again. This is exactly what has happened to most enterprises and their DNS infrastructure. After the highly publicized DDOS attack that took down DNS provider DYN in 2018 (and the websites of its customers), talking about establishing a secondary DNS system or an outage mitigation strategy was all the rage. Unfortunately, like our Stop sign installation failure, most enterprises still have not done anything to secure their DNS. In fact, a well-known networking telemetry provider recently noted that only 40% of SaaS providers even have a secondary strategy! You’d think they would know better. This is an accident (or a blackout!) waiting to happen.
Why should we care? The Domain Name System, or DNS, is what maps understandable names, such as “gartner.com”, to the actual TCPIP address where the resource, such as an application or website, actually resides. Think of it as the “phone book” of the internet. Unlike a phone book though, few if any internet users or applications remember or use the actual TCPIP addresses. In other words, if the DNS goes down, your resource essentially disappears from the internet. Access to your website, or application to application resources, simply disappear! Your world becomes silent and pitch black.
What does resiliency, or a “secondary strategy” mean? Just as we use multiple availability zones to improve the resiliency and availability of cloud-based resources, sophisticated users may employ several DNS providers, with explicit rules on how the DNS tasks are shared, or switched to one specific provider in the case of a failure. Some DNS providers have even deployed more than one network, to address the possibility that one of the DNS networks may be attacked or may simply fail. Much like running the fire drills that we all remember from school, having a plan in place before an outage simplifies the task of establishing a new DNS in the event of an attack or failure, allowing an enterprise to come back on line in seconds or minutes, rather than hours or even days.
Every Digital Enterprises relies heavily on a healthy and resilient DNS. Understanding the risks and how to mitigate them is absolutely critical to reliable operations. In an upcoming blog and soon-to-be-published research, we will describe DNS resiliency approaches in detail, including advice on how to assess the risks, how to get started, and the various approaches that are recommended. Stay safe!