March 22nd, 2017

Here’s How to Get The Most Out of Your DNS Day 1: DNS Complexity and Self-Management

Early in 2016, we wrote a blog asking if “DNS is the Rodney Dangerfield of Your Cybersecurity Strategy.” The blog, although a bit tongue-in-cheek, sought to raise awareness of DNS’ utility as it relates to improving cybersecurity and a company’s overall network performance.

Turns out the blog could have been beneficial to IT professionals in the United Kingdom.

According to a recent Quocirca study of 100 senior IT decision makers in the U.K., a whopping 92% of respondents have limited visibility of the impact DNS’s performance and availability has on their users. Since DNS is the cornerstone of Internet transactions and availability, we decided to dig a bit deeper into the findings.

Over the next three days, we’ll break down some key findings from the survey.

Today’s topic is DNS complexity.

In many respects, DNS is a victim of its own success. Designed back in the 1980’s, DNS is responsible for allowing Internet-connected devices to communicate with one another. And since the communication stream seems to just work, few people or companies wanted to learn how it works, just as long as it works.

As the survey states, “An unfocused approach to DNS management can impact incoming requests to access online resources…”In other words, every organization should have a solid foundation of what DNS does, what it’s capable of doing, and perhaps most importantly – know how DNS works. But according to the study, only 35% of respondents claimed their organization had in-depth knowledge of how to manage DNS.

With that in mind, we’ll examine some misnomers and attitudes about DNS in this blog. Specifically:

1. What Is DNS?  

2. How Are Survey Respondents Managing Their DNS?

3. Is DNS Self-Management Worth It?

1. What Is DNS?

The domain name system, or DNS, is a protocol that translates user understandable names (like domain names – for example, .co, .biz, .au) and labels (like website addresses – for example, into fixed numbers, called IP addresses, that are understood and accepted by computers and routers to connect devices.

There are two basic types of DNS servers, authoritative and recursive. Authoritative servers direct external traffic to your website, while recursive servers direct internal users (e.g., employees) to online assets inside and outside of the network. In an attempt to save some money, some companies opt to host their own DNS services in-house.

And how’s that working out for them? Well, it’s a mixed bag.

2. How Are Survey Respondents Managing Their DNS?

The study reveals that respondents seem to use something of a mix-and-match patchwork system to provision their DNS. By combining their internal (recursive) servers and appliances with a number of external (authoritative) services, the respondents have a DNS infrastructure that works, but not at its highest potential.


By creating a hodgepodge network of authoritative and recursive DNS servers, companies aren’t providing customers with the best possible security, performance and overall website experience.

As Quocirca writes in the report, “There are other specific benefits to be had from using the same provider for both recursive and authoritative DNS needs, that do not apply if either is managed separately. For example, query resolution between authoritative and recursive services will be resolved with near-zero latency when the servers for both networks are co-located.”

And with today’s Internet, there is no substitution for speed. Which brings us to the last point:

3. Is DNS Self-Management Worth It?

Unless you have a team that has full resources and a singular focus on proper DNS management, the answer is no, it isn’t worth it. Yes, your DNS may appear to function just fine right now, but as your company grows and attracts more customers, the strain on your network will begin to show, leading to waning customer satisfaction. DNS equates to performance.

The Quocirca report sums up the perils of personal management perfectly by saying: “Those not using a specialist provider at all have an even lower number of ways of poisoning DNS, but are more likely to be running DNS in-house and to not be benefiting from good DNS visibility, certain advance features, notably DNSSEC, and rapid updates from co-located authoritative DNS servers.”

Why chance it?

If you’re interested in learning how to get more from your DNS, here’s a page with additional resources.

In tomorrow’s blog, we’ll look at DNS traffic management – another benefit of outsourcing your DNS. 

Let's Connect

Find out how Neustar can help you succeed in the connected world.

Contact Us   Give us a call 1-855-898-0036