DNS Overview: up-to-date, factual, and independent.


Managed DNS

Managed DNS is a service whereby another party hosts your DNS records on their servers. Due to economies of scale, focus, and sometimes decades of experience, the quality of their service often exceeds that of an in-house built solution.

Most of the providers offer the same basic set of services next to serving DNS records. These additional services often include some form of failover functionality with endpoint health monitoring. A use case for this would be an automatic failover to a secondary site if the primary goes down. The other common feature offered is the ability to steer traffic based on the geographic origin of the traffic. A use case for this functionality would be to send traffic from Germany to your hosting location in Amsterdam, the Netherlands while traffic from Canada is send to a hosting location in the United States. These functionalities are  sometimes available for free, or a limited amount is free, and sometimes an additional fee is charged.

Functionality wise, it’s possible to position managed DNS providers in 3 distinct groups.

First, there’s the group that offers the ability to host your DNS records on their infrastructure.

Second, there’s the group that offers to host your records on their servers but in addition also offers the ability to change the response to queries. Most providers allow routing based on geographic origin but others allow you to run elaborate scripts while processing the query. The data used as input for these scripts is not provided by the DNS provider but has to come from some other place. For example a monitoring service like Catchpoint can provide you with both synthetic data about performance as well as real user performance data (RUM).

 

Finally, there’s the group of providers that not only serve DNS requests and provide a way to manipulate the requests, they also offer data to use in your decision making process. This data is often (unattended) gathered by end-users and send to a centralised location for processing. The data provided can offer insight into the performance of an endpoint like a hosting location or CDN.

Dynamic DNS (DDNS)

Dynamic DNS is a service based on DNS that provides the functionality to automatically update one or more DNS records when the router is assigned a new IP address by the Internet Service Provider (ISP).
A lot of home connections receive a new IP address every time the router reboots or even just periodically. If, for example, there’s a VPN service running on an internal network. This service is made accessible from the internet by the router and a DNS record is created for vpn.example.com to point to current ip 82.1.1.100. Once the router reboots and receives ip 82.1.1.152, the VPN service is no longer reachable via vpn.example.com. The former ip address might actually be assigned to some other customer.
The solution Dynamic DNS services provide is simple:

  • Check the current IP address, store it locally, and update the DNS record
  • Check the IP address on a regular basis, for example every hour
  • Compare the current IP address with the one stored locally
  • If they are the same do nothing, if they differ update the DNS record.

Most of the older Managed DNS providers started as Dynamic DNS providers and a lot of them still offer the service. Sometimes paid, sometimes for free. It’s often free when using a second level domain provided by the company. Using custom domains often comes at a cost.

Building a Dynamic DNS service yourself is quite simple. The 2 main things needed are an NS1 account and a shell script like this one. Add the required information in the script, setup to run it as a cronjob and done.

Secondary DNS

Secondary DNS, as opposed to primary DNS, nowadays means a second set of DNS servers, often but not always provided by another provider. Sometimes this is also referred to as master (primary) and slave (secondary) nameservers, or secondary DNS is simple called backup DNS.
The secondary provider will receive information about zone changes via a so-called DNS zone transfer. Specifically, for a full zone that’s an AXFR query while incremental updates are of the IXFR type.

The role of DNS is such a critical one that having a single DNS provider is more and more often no longer an option. A single DNS provider is a Single Point Of Failure (SPOF): when your single DNS provider’s servers no longer respond to queries you have a full outage. Secondary DNS solves this problem by allowing domain owners to add additional nameservers to the domain configuration. For example a whois for amazon.com results in the following:

$ whois amazon.com

Name Server: NS1.P31.DYNECT.NET
Name Server: NS2.P31.DYNECT.NET
Name Server: NS3.P31.DYNECT.NET
Name Server: NS4.P31.DYNECT.NET
Name Server: PDNS1.ULTRADNS.NET
Name Server: PDNS6.ULTRADNS.CO.UK

Amazon thus is using Dyn as primary DNS and UltraDNS as secondary DNS provider.
In case of an outage of one of them, the resolver will receive a timeout for that particular name server and try one of the other servers provided. Modern DNS resolvers will also greylist non-responsive nameservers which helps with this method of providing additional resilience on the DNS level.
However, the system does not work perfectly. If one of either DNS providers has issues, there will be timeouts. It could be argued that the amount of timeouts is less than with just a single provider and that may be true but introducing a second provider also doubles your chances that one of them will be hit by an outage. That means that the best DNS strategy is not clear cut and depends on your situation.