fear of cloud dns

Will migrating to the cloud affect my DNS performance?
If I am migrating from on prem DNS, will I lose control over my domains?
Is there downtime associated with cloud migration?

Migrating to the cloud has been a hot topic for a few years now. From DevOps to SysAdmins, the internet is abuzz with horror stories and trepidations about cloud migration. But fear not! We are going to address the common myths and concerns associated with moving your domains to the cloud.

First things first, what’s so special about Cloud-based DNS? Cloud DNS providers (like DNS Made Easy) use Anycast technology to power their networks. Anycast networks propagate DNS information instantly across dozens of name servers around the world in the blink of an eye. To put this in perspective, Unicast or on-premises DNS networks can take up to two days to propagate DNS changes.

Unicast

unicast

Anycast

anycast

Performance Changes

If anything, your DNS performance will more than likely improve when you move to a cloud DNS service. Changes are instantaneous and end-users’ queries are responded to in a fraction of the time. Anycast networks have multiple points of presence, each with multiple name servers, in critical peering locations around the globe. Whenever an end-user queries your domain, they will be answered by the nearest possible set of name servers.

 

Managed DNS providers also offer performance enhancing services such as DNS Failover, location-based traffic direction, and some can even automatically route queries based on current traffic conditions.

Out of Control

While it’s true that some of the top companies and retailers still run their own DNS infrastructure… Studies have shown that cloud-based DNS easily outperforms in-house systems. Over the years we have talked to many admins who have expressed their reasons for staying in-house. The main reason tends to be a concern for loss of control when migrating DNS out of house.

If having your own name servers is your reason why (like ns1.yourdomain.com) then use cloud DNS with Vanity name servers.

Other admins have cited security reasons or desires to use their own interface to manage their DNS. But neither of these rule Cloud DNS out. Most major DNS providers offer the use of an API (Application Program Interface) which allows you to create your own GUI and programmatically update as many domains or records as you want. This is best for organizations that don’t want to manually update records one by one.

When it comes to security, cloud providers tend to have the upper hand. DNS software like BIND is constantly being updated and patched for bugs. In the past, failure to update has led to vulnerabilities that allowed for DNS exploits and system crashes. Updates and patches can be difficult to stay on top of, which makes using a reliable provider paramount when it comes to security concerns.

Go Hybrid

If you are truly determined to keep using your own infrastructure, we recommend using a hybrid configuration. All you need to do is add a cloud DNS service as a secondary provider. This can actually boost your domain’s performance! Resolving name servers will develop an affinity for the better performing provider and automatically route clients to the faster network. You can learn more about this in our recent webinar and the 3 different kinds of secondary DNS configurations.

secondary

Downtime is a Thing of the Past

When you move from one provider or on-prem network to a cloud-based DNS network, you should never experience downtime. Cloud-based networks will propagate your DNS information instantly once you move your domain over to the new name servers. You can learn even more about how this works here.

To be safe, after you have transferred your domain to your new provider we recommend running a quick test to make sure things have run smoothly. Use your command line tool to run a quick dig test.

$ dig ns1.dnsmadeeasy.com yourdomain.com

You can even check for specific records.

$ dig ns2.dnsmadeeasy.com yourdomain.com A

You can also see the top six name servers that are authoritative for your domain. Your result should look like this:

yourdomain.com. 86400 IN NS ns1.dnsmadeeasy.com.
yourdomain.com. 86400 IN NS ns3.dnsmadeeasy.com.
yourdomain.com. 86400 IN NS ns8.dnsmadeeasy.com.
yourdomain.com. 86400 IN NS ns4.dnsmadeeasy.com.
yourdomain.com. 86400 IN NS ns2.dnsmadeeasy.com.
yourdomain.com. 86400 IN NS ns0.dnsmadeeasy.com.

(PS: this works for secondary DNS configurations, too. Just look for both provider’s name servers)

Very Important!

Do not delete your records or deactivate your account with your old provider! Keep everything the same for a few days. This gives the resolving name servers enough time to flush their caches and TTL’s to expire for your old records.

DNS Made Easy is a subsidiary of Tiggee LLC, and is a world leader in providing global IP Anycast enterprise DNS services.

Also published on Medium.

Leave a Reply

Your email address will not be published. Required fields are marked *

Category

Blog