DNS is key to connected customers

Telecoms.com periodically invites third parties to share their views on the industry’s most pressing issues. In this piece Lori MacVittie, Principal Threat Evangelist at F5 Networks, talks up the importance of the domain name system in telecoms.

DNS remains one of the least appreciated application services in existence. Its role is so important, that its failure is considered catastrophic. If every DNS system stopped answering queries, it would bring the digital economy to its knees within minutes.

Without the ability to translate domain names to IP addresses, apps would simply stop working. The system was designed, after all, because we simply can’t remember IP addresses as easily as we do “something” dot com.

When we look at responses from the State of Application Services 2019, it is no surprise to find DNS threatening to enter the top five application services deployed today. When we narrow that view to telecommunications providers, we find a 10 point increase in deployment rates, rising from 68% of other industries to 79% of telecom providers.

The prominent role of DNS in telecom is no surprise since many other industries – and most consumers – rely both directly and indirectly on service providers for their DNS services.

DNS is provided to customers by their service providers. That includes both mobile and cable operators. I’m assigned DNS entries by my service provider whether wired or mobile. It is those DNS services that make it possible for you to turn off the lights after you’ve left, or peek out the front door when someone approaches, or order up some dinner. Without DNS, the digital economy is dead in the water, unable to access the critical back-office apps that enable connected experiences – everywhere.

DNS and Application Performance

DNS is also a critical component of application performance. Because 80-90% of applications today rely on third-party components or are comprised of APIs that require server-side processing, fast DNS resolution is vital to maintaining application performance. Every component that accesses a third-party resource requires a lookup, which means time on the wire and time to process. Slow responses can hinder performance and frustrate customers.

As noted in the 2018 Global DNS Performance Benchmark ReportIn general, users in regions with decent Internet connectivity should expect a response in tens of milliseconds, rather than hundreds of milliseconds (ms). An overall delay of even 250 ms for a site to begin loading will be noticeable to most users. 

There is virtually no connected experience that is not impacted by the availability and speed of DNS. None. Not your toaster, not your navigation system, not your social media, and not your Netflix fix.

That’s why it’s always disconcerting to find such a dearth of attention paid to DNS. That’s particularly true when you consider the importance of SaaS to business today. According to the aforementioned report, nearly half (44%) of the top 25 SaaS providers rely on a single DNS provider. That means both their primary and secondary nameservers are hosted and managed by the same provider.

That could spell disaster, as it did in 2016 when Dyn DNS experienced a series of DDoS attacks against its infrastructure. The attack left a significant number of prominent sites and services suffering poor performance and outright outages.

DNS and the Digital Economy

While DNS hijacking and cache poisoning are commonly mentioned as security risks, the reality is that the nature of DNS puts it at risk. It is – and must be – a publicly accessible service. It cannot be hidden behind access controls or other security services. That means DNS should garner a bit more attention from both infrastructure and security teams when considering how to defend the business from attack.

Don’t forget about DNS. Make it a point to evaluate its security and architecture on an annual basis and take steps to protect it. That includes securing against the latest DDoS attacks and protecting DNS query responses from cache-poisoning redirects. Look into how to better distribute DNS responsibilities across more than one provider and consider the role global server load balancing plays in keeping your digital presence alive in the face of an attack.

You can’t afford to ignore DNS if you want to succeed in the digital economy.

 

Lori-MacVittieLori MacVittie is the Principal Technical Evangelist at F5 Networks Inc. since June 2014. Lori is responsible for education and evangelism of application services available across F5’s entire product suite.

DNS Threat Intelligence vs. AI Network Security

Domain Name System (DNS) is a protocol dictating how computers exchange data on the Internet. It turns a user-friendly domain name into an IP address that computers use to identify each other. DNS protocol is unencrypted by default.

Most security vendors still heavily rely on signature-based detection, such as DNS firewalls and DNS blacklisting. It essentially performs DNS query checks of known bad domains.

In 2-3 years, all DNS traffic will be encrypted. Analyzing DNS traffic will not help to spot and stop malicious activity on the network.

It brings numerous challenges to network operators. They can solve them by implementing security measures powered by Artificial Intelligence.

This white paper discusses why DNS blacklisting is not an effective security control anymore.

Please fill in the short form below to receive a copy of this whitepaper.

Security-as-a-Service in the Carrier Cloud: How CSP’s Can Capture the SMB Opportunity

With limited IT budgets and lack of security expertise, small businesses are highly vulnerable to today’s cyberthreats. And unfortunately, cybercriminals take advantage of this. The good news, however, is that CSPs are well-positioned to protect their business customers from cyberattacks, by offering cloud-based security-as-a-service.

By leveraging their existing DNS infrastructure, CSPs can offer an in-network security solution that is fully automated and requires minimal hands-on maintenance from SMB end users. The combination of DNS, big data analytics, and data science and machine learning makes for a powerful approach to security services that enables CSPs to grow revenues while maintaining control of their network and online traffic – while generating a fast ROI. Download this paper from Heavy Reading to learn more about how CSPs are utilizing DNS and network infrastructure to stay steps ahead of cybercriminals, keeping their networks and SMB customers protected.

Please fill in the short form below to receive a copy of this whitepaper - Fields labelled with * are mandatory. By downloading this whitepaper you agree to be subject to the Third Party Disclosure section of our privacy policy available here and consequently we may share your details with sponsors of this whitepaper and use your information to send you targeted telecoms.com promotions. You can opt out of these at any time.