Domain Name System (DNS) is the protocol used to convert regular names like www.dincloud.com (“A” records)into IP addresses and let the Internet know where other resources like email (“MX” records) etc. are. Denial of Service attacks on this key resource can result in even the largest of organizations going offline, resulting in significant loss of revenue and reputation.
TLD’s and DNS
When you register a new domain name like dinCloud.com or any other, you are required to point it to a minimum of 2 DNS servers and depending on the TLD (top level domain) like “.com” the maximum number you can have varies. For “.com” domains its 13 maximum. No matter how many DNS servers you have, they will all get queried in a round-robin fashion by other devices over the Internet looking to find resources in your domain to interact with you (web,email,etc). If a particular server is not reachable, the next one listed for your domain (at the registrar level) will be tried. However, if one server answers but you or an attacker have accidentally or maliciously blanked out the “zone” file which is the database matrix of names to IP’s and other useful DNS info, then no information is returned and the query is stopped because that server is considered “authoritative” for your domain. Therefore, anytime you had a DNS issue where the server went “sideways” vs. completely down, your business could be impacted.
DNS servers could be taken down maliciously in several ways. First, by exploiting an unpatched bug or backdoor directly on the server itself. Second, by attacking the Internet pipe that your DNS servers sit behind, filling the pipe with junk traffic as part of a distributed denial of service (DDoS) attack. In a DDoS attack, many machines send traffic to your DNS server’s IP’s or other destinations in your network, filling up your Internet pipe, and making all resources at your end subsequently unavailable/unreachable.
To Heck With It
For this reason, many people from SMB to Enterprise outsourced their DNS servers to experienced providers. Running such a key resources to the entire company where it could be so easily compromised, just wasn’t worth the hassle for most enterprise administrators much less SMB customers.
How dinCloud DNS Made Easy (DME) Protects Our Cloud DNS Worldwide
Our DNS servers sit in clusters of 5 servers (ns0,1,2,3,4,5) whose IPv4 and IPv6 addreses are advertised by BGP out of 15 datacenters worldwide (Los Angeles, San Jose, Chicago, Dallas, New York, Reston, Ashburn, Miami, Sao Paulo, London, Amsterdam, Frankfurt, Hong Kong, Sydney).
What makes this more robust than other DNS providers is the AnyCast Network design that this is done with. The IP addresses are identical at all datacenters and advertised equally to the Internet via BGP from all locations. Queries from the Internet are resolved by the datacenter closest to the request. If that datacenter goes down, the next nearest will reply, and so on. This provides not only a very high level of redundancy but a type of geographic quality of service (QoS) as it results in very fast replies from our DNS servers to queries made from anywhere in the world.
In addition to using this internally, dinCloud offers this service today to customers upon request along with the professional services to setup and manage it. However, we will soon build this into the customer web portal with dinManage so that customers can subscribe and manage this service entirely on their own.
Best wishes. –/\/\ike Chase EVP/CTO dinCloud.com