Welcome!

Virtualization Authors: Unitiv Blog, Dana Gardner, Pat Romanski, Roger Strukhoff, Elizabeth White

Related Topics: IoT Expo, Java, Linux, Cloud Expo, Security, SDN Journal

IoT Expo: Blog Feed Post

DNS Shrugged

DNS Anywhere and Everywhere

"In Greek mythology, Atlas (/ˈætləs/; Ancient Greek: Ἄτλας) was the primordial Titan who held up the celestial sphere. He is also the titan of astronomy and navigation." (Wikipedia, Atlas) How apropos, then, that DNS should be much like the Atlas of the Internet, responsible for guiding users to their digital destinations by resolving easy to remember names (like constellations) into IP addresses (like coordinates used in astronomy to locate the stars).

dns-supporting-the-iot What if DNS shrugged? Just for a moment?

The Internet, like the world, would fall over. Everything - from sensors, to computing devices to toasters and pens, from applications and business transactions would cease to function correctly.

We could deluge you with data points showing losses of advertising revenue in the publishing space, or the chain reaction of revenue losses that can occur when a major payment processing center experiences a DDoS attack targeting DNS, or the losses in productivity that is the inevitable result of a non-responsive or downed DNS server that prevents employees from accessing critical data.

But you already know all that, just as you know that IoT combined with increasing attacks are putting tremendous pressure on DNS not just to stay responsive, but stay up at all.

That's why it's important to evaluate your DNS infrastructure now and determine whether or not it will shrug in the face of the forthcoming deluge of data and attacks.

F5 Synthesis: DNS Anywhere and Everywhere

F5 takes DNS seriously. It's the underlying enabler of global server load balancing, which means it's also responsible for enabling hybrid, multi-site cloud architectures. It's critical to the 42.9% of respondents that rely on secondary sites as their primary DR strategy according to the 2014 Disaster Recovery Benchmark.

That means DNS needs to be fast and it needs to be flexible and it needs to be fluent.

One of the services included in F5 Synthesis Software Defined Application Services (SDAS) is, as you might have guessed, DNS. That service isn't just caching DNS to ensure availability and performance of existing DNS infrastructures, it is a fully functional and highly performance DNS resolver itself, providing the highest performance DNS Caching and Resolving solution as well as the highest performance DNS DDoS attack mitigation, with the added bonus of LDNS cache poisoning protection with DNSSEC.

When deployed on a full capacity F5 Synthesis  High Performance Services Fabric, F5 DNS services can resolve nearly 630 million queries per second. At that rate, it would take less than 2 seconds to resolve the address of every one of the 861 million sites on the Internet according to the Jan 2014 Netcraft Web Server Survey.

You may need think you don't need that kind of massive scalability, but with the increasing denial of service attacks on DNS, you will need that kind of scale if you're going to stay responsive. The reality is you can't stop someone from launching an attack because you don't control their actions. So you're going to be hit with thousands or millions of requests per second that you have to do something with. And if your DNS infrastructure can't scale to that capacity, the legitimate requests your customers, partners, and employees are waiting for are going to get lost. And that means lost revenue, lost trust, lost productivity.

You might be thinking about using cloud computing to mitigate the potential risk or as a disaster recovery option. f5 Synthesis can make that happen, too. Because f5 Synthesis High Performance Services Fabric takes advantage of a heterogeneous resource approach, it can be deployed on hardware, software, virtual machines or in the cloud, That means high performance, scalable and secure DNS anywhere.

replicate dns high performance in the cloud

Not only can F5 DNS replicate zones to cloud-hosted DNS services, but because it natively supports DNSSEC it can bring security to those environments that are not yet DNSSEC-enabled.

Migrating to an F5 Synthesis-based DNS infrastructure can also significantly reduce the CAPEX and OPEX associated with scaling traditional DNS infrastructures and enable more accurate and intelligent decisions regarding application routing by taking advantage of F5 integrated services such as geolocation and botnet identification.

No matter where you are in your DNS initiatives, take a minute to seriously consider what would happen if your DNS shrugged, and then take steps to avoid potential disaster.

For more information on Synthesis:

Read the original blog entry...

More Stories By Lori MacVittie

Lori MacVittie is responsible for education and evangelism of application services available across F5’s entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she conducted product research and evaluation focused on integration with application and network architectures, and authored articles on a variety of topics aimed at IT professionals. Her most recent area of focus included SOA-related products and architectures. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.