Benjamin Franklin brilliantly said, “By failing to prepare, you are preparing to fail.” Even the best laid-out plans can be derailed. When that happens, strategically organized backup plans prove to be more successful than on-the-fly, reactive ones. Nowadays, it seems like you need alternate plans for everything. For example, if you have car problems that prevent you from getting to work on time, then there goes your plan A (at least until you get your car fixed). If you don’t have a plan B, you would need to find other means of transportation.
End-user queries need alternative means of transportation as well.
A backup strategy for DNS is not only important—it’s a necessity. DNS services can have outages or even experience lag. For instance, a massive fire destroyed OVHcloud data centers in Europe on March 9, 2021. This devastating event resulted in an outage for millions of websites and data loss for some that, unfortunately, did not have backup servers.
What is Secondary DNS?
Secondary DNS allows your domain zone file to be backed up automatically and stored on a secondary server. If one provider is unreachable, the other will systematically step in to answer the queries.
Essentially, you can configure two DNS providers to handle your domain traffic, versus just one. That way you double your authoritative nameserver sets for your domains for extra resiliency.
Common Use Cases for Secondary DNS
Secondary DNS can be required by some domain registrars, it is now best practice in the industry to configure a second service provider (SP). And it’s the best approach for a reason.
As previously mentioned, the main use case for this configuration is to provide extra resilience for your domain. Having a supporting set of automatically updated zone files assists in bypassing misconfigurations, natural disasters, and targeted attacks such as distributed denial-of-service (DDoS) attempts.
Benefits of Secondary DNS
Secondary DNS adds an additional lifeline for your resources. It is a mission-critical strategy that will boost your domain’s uptime by utilizing more than one server to host your valuable resources.
It also assists in load balancing by distributing traffic based on configurations.
Traditional DNS services follow standards that are established in the DNS Request for Comments, or RFCs (RFC-2182, RFC-8499, RFC-7719, etc.). This allows for an automated process that will transfer a zone, or domain, from one name server to another name server. The name server that originates the DNS information is called “primary” and the one that receives this information is called the “secondary” name server.
In solutions where the traditional primary/secondary DNS relationships are not possible (due to DNS hacks and undefined RFC answers), engineers have designed other solutions to transfer your data from one system to another. DNS Made Easy specializes in primary/secondary DNS configurations to assist in these types of data exchanges.
DNS Made Easy’s traditional primary/secondary configurations allow the primary name server to automatically update the secondary via AXFR/IXFR transfers. Hidden Primary can be established for security purposes to discreetly send updates to the secondary DNS name server, maintaining privacy for the first.
Our sister company Constellix offers a primary/primary configuration that allows two DNS providers to be established as primaries. This permits a second DNS service to be added for extra redundancy. Integrated tools, such as Terraform and octoDNS, update both DNS name servers easily through API calls.
The Pitfalls of Configuring One DNS Provider
We’ve all heard the saying about the repercussions of “Putting all of your eggs in one basket.” There is a reason a cliché saying is cliché and there’s no exception to this pearl of wisdom.
If you put all of your efforts and resources into one resource provider, you can lose everything.
DNS is a service that many people take for granted. You only realize how crucial it is when there’s an outage. DNS providers suffer from interruptions of service quite frequently. Without secondary DNS configured, there is no backup plan in place to keep business running as usual.
The most recent example happened Wednesday, March 10, 2021. Dyn suffered an outage that left 1,053 of the top 1 million domain names in the dark for approximately an hour and a half. Oracle lists the reason for the most recent outage on their Incident History section of their official website as “a configuration issue that resulted in DNS query failures.”
This is not the first incident that they experienced this year. They have seven occurrences detailed in their Incident History, with three for March 2021 alone.
Who Still Has One Primary DNS Provider Nowadays?
With secondary DNS being an industry standard, you might be surprised to know that there are top brands that still use an antiquated configuration. Yes, there are thousands of heavy hitters in e-commerce that archaically only use one SP.
A total of 1,053 domains that use Dyn do not have secondary DNS in place:
- Pfizer, the multinational pharmaceutical corporation behind the COVID-19 vaccine uses only Dyn as their single DNS provider. In the midst of the coronavirus pandemic, they have no secondary DNS to secure their global websites.
- Indeed, the 75th most visited site on the web, according to Alexa (not to mention one of the biggest job seeker platforms), also uses Dyn as their sole provider.
A whopping 107,559 domains use Cloudflare as their single SP. Their client base includes Fiver, Discord, Medium, Quizlet, Glassdoor, and WebMD (another critical website during a pandemic). Cloudflare has had several DNS outages, with two occurring last year alone, yet they have a substantial amount of domains that lean solely on them to stay up and running.
Amazon Route 53 has 28,669 domains that use them as a single DNS provider, including Netflix, Reddit, Instagram, Zoom, Twitch, CNN, and Zillow. Some of the 1,234 NS1 exclusive domains are Wix, time.com, Priceline, and Imgur.
These are just a few major brands that are exclusively relying on a single DNS service provider. These SPs have historically suffered downtime, and when they are down, the domains that rely on them also fail their end-users.
Cover your assets with a strong DNS strategy
Constellix and DNS Made Easy specialize in services and features that can be added to any organization’s toolbox to further enhance domain performance and secure uptime. Secondary DNS is one of the tools that we offer that will save you the headache, degrading customer reputation, and loss of revenue.
And let me tell you, the financial losses are substantial. It can be as high as $540,000 an hour for top brand domains with some SPs. Let’s say that your domain is out for an entire hour (which we all know is common) the average cost of downtime is $5,600 per minute. I want to emphasize that this is an average of all domains, not just enterprise-level businesses.
If you don’t have redundancy in your DNS infrastructure, you might as well start doing the math and plan for these types of service disruptions in your budget because outages don’t just happen to top brands. They can happen to anyone and shouldn’t be chalked up as a part of doing business online. Outages should not be tolerated. Period.
DNS Made Easy was the target of a 500+ Gbps worldwide DDoS attack last year. Our infrastructure was able to thwart this attack without any impact on our customers.
We have designed a global network that delivers fast, reliable DNS queries and continues to optimize our bandwidth for unmatched uptime and performance.
Set Up Secondary DNS as Part of Your Emergency Plan
Putting all your trust in one provider can be detrimental to your services and end-users when that SP experiences an outage. Nowadays, it’s not a matter of if the service provider will have an outage, but when—except for us.
Constellix and DNS Made Easy have the most reliable network in the industry, with a 10-year 100% uptime history. Why lean on one provider when you can count on another for double the security and reliability in providing your end-users with exemplary service?
DNS Made Easy can establish a worry-free disaster recovery plan for your business to ensure your domain’s accessibility. We service 38K+ clients that require unique DNS product configurations, so we can customize any solution that will best fit your organization’s needs. Book a free demo to learn more about a tailored DNS strategy.
You work hard to nurture your brand. Let us help secure it. Put your trust in us to maintain your connections.
Here are some recommended reads: