DNS as Single Point of Internet Failure
In a world that is connected 24/7, downtime or service slowdowns exact a high price in lost revenues and damaged reputation, but while there is a growing focus on cybersecurity and network resiliency, the failure or degradation of your gateway to the internet and all your online initiatives, Domain Name Servers (DNS), can put your digital business at risk. If your external DNS fails, so does your digital business. In an increasingly digital world, DNS provides the expertise, experience, and solutions to ensure your website and other online assets are always available.
DNS, essentially the phone book for Internet protocol (IP) addresses that maps the name used to locate a website or other online asset to a corresponding IP address, is under increasing attack. According to Managed DNS service provider Neustar, it should be outsourced to optimize security and availability, which can be further enhanced by having a primary/secondary strategy so that an attack will not cause significant disruptions to your internet connections.
The major point in having a secondary DNS service is to stay resilient and reliable in the event the primary DNS service handling the domain goes down. A secondary DNS service is always up — and ready to serve.
But it isn’t just a backup DNS: A secondary DNS also improves performance, balancing the load on the network by splitting DNS traffic between two trusted networks., updates can be performed automatically from the primary DNS, eliminating the need for manual updates.
“An externally sourced, managed and focused DNSaaS solution can be cost-effective, and offer greater resilience, reliability and performance, while evolving to keep pace with the needs of cloud and digital business applications,”
confirms Gartner analyst Bob Gill. DNS providers tend to be specialists with expertise in DNS, possess significant technical and personnel resources, and are ‘far more capable, secure, resilient, and lower cost’ than implementing DNS on your own.
Using managed DNS providers or services, according to Forrester Research, but most organizations rely on a single service, i.e. a single point of failure. And on October 21, 2016 the Mirai Botnet proved the vulnerability of that strategy, unleashing a devastating DDoS attack on a scale previously unseen, crippling a managed DNS provider and causing intermittent outages for brands that didn’t implement a secondary DNS service.
There are a number of approaches to protecting your authoritative DNS service, including implementing both a primary and secondary DNS solution, recommends Neustar, a leading provider of network security solutions with over 19 years of experience in the DNS security space. Organizations should first identify a secondary managed DNS service to shore up their DNS security, one that offers a dedicated in-house DDoS mitigation service for its managed DNS networks.
While not without its challenges, including concerns about vendor support and service, moving to a managed DNS service is quickly gaining momentum as organizations seek the benefits of more capable, secure, resilient, and lower cost alternatives to on-premise DNS. However, those benefits will fail to materialize in the face of escalating threats unless they have a dual-source DNS strategy to ensure their website and other online assets are always available.
Source | cso online