Despite its importance in ensuring the smooth running of apps, DNS remains one of the most underappreciated application services of today. Its failure is potentially catastrophic, and could bring the digital economy to its knees within minutes, so why is DNS not getting the attention it deserves?
DNS enables us to translate domain names to IP addresses – without it, apps would stop functioning all together. Since DNS effectively underpins the entire digital economy, it is no surprise that the State of Application Services 2019 reported it to be on the verge of entering the top five application services deployed today. When we narrow that view to telecommunications providers, we find a 10-point increase in deployment rates, rising from 68% of other industries to 79% of telecom providers.
DNS is provided to customers by their service providers, hence its prominent role in the industry compared to others. Other industries – and most consumers – in fact rely both directly and indirectly on service providers for their DNS services. That includes both mobile and cable operators.
We are assigned DNS entries by our service providers whether wired or mobile. It is those DNS services that make it possible for you to turn off the lights after you’ve left, or peek out the front door when someone approaches, or order up some dinner. Without DNS, the digital economy is dead in the water, unable to access the critical back-office apps that enable connected experiences – everywhere.
DNS: The critical component for app performance
Eighty to ninety per cent of applications today rely on the smooth running of DNS. Applications rely heavily on third-party components or are comprised of APIs that require server-side processing. This reliance means fast DNS resolution is vital to maintaining application performance. Every component that accesses a third-party resource requires a lookup, which means time on the wire and time to process. Slow responses can hinder performance and frustrate customers.
As noted in the 2018 Global DNS Performance Benchmark Report: In general, users in regions with decent Internet connectivity should expect a response in tens of milliseconds, rather than hundreds of milliseconds (ms). An overall delay of even 250ms for a site to begin loading will be noticeable to most users.
There is virtually no connected experience that is not impacted by the availability and speed of DNS. None. Not your toaster, not your navigation system, not your social media, and not your Netflix fix. For this reason, it’s surprising to find such a dearth of attention paid to it.
That’s particularly true when you consider the importance of SaaS to business today. According to the aforementioned report, nearly half (44%) of the top 25 SaaS providers rely on a single DNS provider. That means both their primary and secondary nameservers are hosted and managed by the same provider. That could spell disaster, as it did in 2016 when Dyn DNS experienced a series of DDoS attacks against its infrastructure. The attack left a significant number of prominent sites and services suffering poor performance and outright outages.
Giving DNS the limelight it needs
While DNS hijacking and cache poisoning are commonly mentioned as security risks, the reality is that the nature of DNS puts it at risk. It is – and must be – a publicly accessible service. It cannot be hidden behind access controls or other security services. That means DNS should and needs to garner more attention from both infrastructure and security teams when considering how to defend the business from attack.
Don’t let DNS fall off the radar. It should be on every business’s to-do list to evaluate its security and architecture on an annual basis and take steps to protect it. That includes securing against the latest DDoS attacks and protecting DNS query responses from cache-poisoning redirects. Look into how to better distribute DNS responsibilities across more than one provider and consider the role global server load balancing plays in keeping your digital presence alive in the face of an attack.
If you want to succeed and remain competitive in the digital economy, businesses simply can’t afford to ignore the impact and vitality of DNS.
Lori MacVittie is the principal technical evangelist for cloud computing, cloud and application security, and application delivery and is responsible for education and evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she authored articles on a variety of topics aimed at IT professionals. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University. She also serves on the Board of Regents for the DevOps Institute and CloudNOW, and has been named one of the top influential women in DevOps.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.