DNS Does the Job

Imagine how much you'd use the internet if you had to remember dozens of number combinations to do anything.  DNS is arguably the primary technology enabling the Internet – translating the domain names people type into a browser into an IP address so the requested service can be found on the internet.  We always expect DNS to work and no one thinks about it until it breaks.

Every icon, URL, and all embedded content on a web page requires a DNS look up. Loading complex sites may require hundreds of DNS queries and even simple smart phone apps can require numerous DNS queries just to load. In the last five years, the volume of DNS queries on for .com and .net addresses has more than doubled, increasing to an average daily query load of 77 billion in the fourth quarter of 2012.   More than six million domain names were added to the Internet in the fourth quarter of 2012.  Future growth is expected to occur at an even faster pace as more cloud implementations are deployed and practically everything connected to the internet, including your future fridge, coffee machine and toilet will need a DNS entry

Over the last 5 years, there has been a 180% growth of active websites, 230% growth in active users, a 22% growth in software applications and 100% growth in DNS queries. Add to that, nearly 60% of web users say they expect a website to load on their mobile phone in 3 seconds or less. Organizations are experiencing rapid growth in terms of applications and the volume of traffic accessing those applications.

When a user requests a web page, the requests access local DNS services and these in turn communicate with the main DNS servers. This is not a problem until a traffic surge or a hacker floods the server with DNS query requests since it might be more than what the DNS servers can handle which in turn, can disable the main DNS server. The DNS server then stops responding and sites are unavailable, unreachable or even offline. Generally organizations have a set of DNS servers, each one capable of handling up to 150,000 DNS queries per second. High performance DNS servers are capable of handling around 200,000 queries per second. The bad guys can easily exceed that as exemplified by the recent DNS outages affecting NY Times, LinkedIn, Network Solutions and Twitter. DNS failures account for 41% of web infrastructure downtime so organizations must keep their DNS available. According to a survey by the Aberdeen Group, organizations lose an average of $138,000 for every hour their data centers are down.  Downtime has an impact on visiting customers, can lead to loss of revenue and can also impact employees trying to access their corporate resources.  To address DNS surges, companies add more DNS servers which are not really needed during normal business operations.

Instead of worrying about DNS outages and purchasing additional DNS infrastructure to combat surges, simply place BIG-IP in front of your primary DNS server. It’s a full DNS server and handles requests on behalf of your main DNS server.  BIG-IP can respond much faster to a DNS query request up to millions of queries per second. Whether it is a legitimate request or an attack, BIG-IP responds. The BIG-IP engine handles application requests at very high levels and it is that same engine that responds to DNS queries. So high, in fact, that even large surges of DNS requests (including the malicious ones) will not cripple your critical content. DNS is always available which is important to having good services for your users. Administrators enjoy the peace of mind that their site will respond to all DNS queries, keeping the site available.

 

If you have high volume DNS coming into your data center, it is more advantageous to respond to those queries from the DMZ rather than from deep within the infrastructure, potentially affecting the back end primary DNS servers along with other critical servers. Instead of responding from deep within the infrastructure, respond using BIG-IP from the DMZ so that no request touches the back end which greatly increases the primary server’s ability can scale. Offload DNS to BIG-IP. With these large scale capabilities, even if a site is flooded due to some unexpected event, DNS can respond to all queries, good or bad. This keeps all your critical web, application and database services available. Organizations can secure DNS while achieving high scale. There is less equipment to purchase, manage and support. Plus, BIG-IP offers easy DNS management that integrates with your existing infrastructure. Error checking, auto population of protocols and importation of zones help eliminate any downtime from DNS errors. Organizations can make their applications fast, available and secure but if DNS is not responding, it doesn’t really matter since no one can get to it anyway.

ps

Related:

 

Connect with Peter: Connect with F5:
       
Published Nov 06, 2013
Version 1.0
No CommentsBe the first to comment