It has now been a week since many top domains were downed on the East Coast due to a DNS provider outage. In the days following, we have been asked by many clients if there are ways to avoid downtime even if your DNS provider goes down. In short, this is something we have been stressing for years, encouraging all of our clients dependent on the Internet to use a Secondary DNS provider.
Over the past few days, we have seen many major tech publications sharing similar advice, urging clients to use as many points of redundancy as possible.
“In many ways, the internet attack is a wakeup call for organizations to configure DNS for optimal resiliency. More specifically, that means using two (or more) DNS providers and listing multiple nameservers for added resiliency. It’s also yet another wakeup call for IoT security as the risk of default passwords and unsecured devices is no longer a theoretical one.” Source: eWeek
According to our research, 36% of the top domains outsource their DNS to a management provider. We weren’t surprised by this number, as many of these larger domains require complex configurations that are sometimes better managed in-house. While this may be the preferred solution for tech giants like Google and Facebook, this method lacks the redundancy and scalability of a cloud provider. During our study, we started to notice a shift toward adoption of a hybrid architecture, which uses a domain’s in-house network combined with the scalability of the cloud. This kind of network is preferable, as it allows a cloud-based provider to take over the traffic load if the in-house network fails or is unable to handle all of the traffic.
Of the 36% of domains that outsourced their DNS, a whopping 58% of these domains were only outsourcing their DNS to one provider. Even after the massive outage last week, we thought this number would surely be lessened. However, we noticed that only a select few of these domains have added a secondary provider during the days following. New reports are starting to call out the downed brands, claiming they could have prevented the outage by using secondary DNS,
“Twitter, Amazon Web Services, PayPal and others could’ve been better prepared too, two security experts told me: anyone running a site should consider a secondary, back-up DNS provider.” Source: Forbes
It has been proven time and time again that these “single-homed” solutions can fail. This made us wonder, how many more big brands have to suffer downtime before Secondary DNS becomes a common practice?
Also published on Medium.