Five Tips for Enhanced DNS Reliability and Security
For many IT professionals, the task of ensuring website availability and security is a concern that can keep you up at night.
In our rapidly growing digital economy, website performance is now intrinsically linked with a company’s financial and reputational success. This fact places IT professionals on a critical path; at the frontline of business operations and integrated into the sales and marketing processes.
A Neustar whitepaper, produced in collaboration with Network World, identified that 74 percent of IT professionals say they are extremely or very concerned about the prospect of a website outage, with a further 60 percent extremely or very concerned about a security breach.
The survey of IT decision makers, conducted by IDG, demonstrates that IT pros are well aware of the pivotal role played by DNS in website performance, as well as the threats DNS services face at the hands of malicious hackers who launch distributed denial-of-service (DDoS) and phishing attacks.
These issues trump cost and complexity, likely because DNS performance has a direct impact on the business. Poor customer experience and damage to reputation are the top two concerns with regard to DNS security threats. For IT managers, the stakes for delivering strong website performance are high.
IT professionals are certainly aware of their vulnerability to DNS attacks. But only half of the survey respondents were very or extremely confident about their level of protection.
That lack of confidence is not misplaced. More than one quarter (26 percent) of respondents say they have definitely or likely experienced issues due to DNS security vulnerabilities. Perhaps even more unsettling is the uncertainty about past attacks, as 43 percent say they are not sure if they’ve experienced an outage or other DNS security issues.
Consistent with concerns about uptime, service availability is the most important factor to IT decision makers when evaluating DNS providers.
Ninety-six percent describe it as critical or very important. Other critical drivers are DNS response time (88 percent) and security (86 percent).
Given those results, and the importance of DNS performance to customer experience and reputation, it’s no longer a matter of choice to invest in your DNS infrastructure – the business imperatives are just too great.
Unfortunately, the survey also suggests that some IT professionals are overlooking DNS as a solution to these concerns. The survey found most IT decision-makers are not planning any radical departures from their current approach to DNS performance.
Despite the constantly evolving threat of DNS attacks, it appears many are taking a status quo approach to DNS security and performance, which could be costly.
Enhanced DNS Reliability and Security
There are some simple steps IT professionals can take to address DNS reliability and security. Here are our five tips for increasing confidence and reducing the risk of website availability and security issues:
- Globally distributed DNS nodes. It’s critically important that your DNS network has a large number of DNS nodes distributed around the world. Should one node be overburdened, suffer a failure, or be the target of an attack, traffic can be routed to any of the remaining nodes. Thus, a large number of nodes creates a margin of safety.
- Monitored load balancing. When a DNS service monitors loads across the servers to which it directs traffic and detects high traffic or degraded response times or performance for those servers, traffic can be routed to other, less busy servers in that customer’s infrastructure.
- Geography-based routing. When customers seek access to a website, they are routed to the site that is nearest to them, resulting in faster response times. To deliver a quality user experience for your customers, you need to have geographic-based routing.
- DDoS mitigation capability. DDoS attacks are on the rise and the ability to detect and keep them from bringing down a server further improves reliability.
- Name server segmentation. In some DNS networks, name server record addresses are shared by many, or sometimes all, customers on the network. Having customers in separate or segmented Name Server addresses helps to eliminate residual impacts of attacks against a customer on the network and allows for more highly targeted and effective DDoS mitigation.
In the rapidly growing digital economy, website uptime is becoming increasingly important to all businesses.
As the IDG survey suggests, IT professionals certainly understand the critical role that DNS plays for their company—and the potential impact on the business if their website is compromised.
Taking a status quo approach to DNS security is no longer acceptable. Sophisticated threats require equally sophisticated solutions.