Telecoms.com periodically invites third parties to share their views on the industry’s most pressing issues. In this piece Lori MacVittie, Principal Threat Evangelist at F5 Networks, talks up the importance of the domain name system in telecoms.
DNS remains one of the least appreciated application services in existence. Its role is so important, that its failure is considered catastrophic. If every DNS system stopped answering queries, it would bring the digital economy to its knees within minutes.
Without the ability to translate domain names to IP addresses, apps would simply stop working. The system was designed, after all, because we simply can’t remember IP addresses as easily as we do “something” dot com.
When we look at responses from the State of Application Services 2019, it is no surprise to find DNS threatening to enter the top five application services deployed today. When we narrow that view to telecommunications providers, we find a 10 point increase in deployment rates, rising from 68% of other industries to 79% of telecom providers.
The prominent role of DNS in telecom is no surprise since many other industries – and most consumers – rely both directly and indirectly on service providers for their DNS services.
DNS is provided to customers by their service providers. That includes both mobile and cable operators. I’m assigned DNS entries by my service provider whether wired or mobile. It is those DNS services that make it possible for you to turn off the lights after you’ve left, or peek out the front door when someone approaches, or order up some dinner. Without DNS, the digital economy is dead in the water, unable to access the critical back-office apps that enable connected experiences – everywhere.
DNS and Application Performance
DNS is also a critical component of application performance. Because 80-90% of applications today rely on third-party components or are comprised of APIs that require server-side processing, fast DNS resolution is vital to maintaining application performance. Every component that accesses a third-party resource requires a lookup, which means time on the wire and time to process. Slow responses can hinder performance and frustrate customers.
As noted in the 2018 Global DNS Performance Benchmark Report: In general, users in regions with decent Internet connectivity should expect a response in tens of milliseconds, rather than hundreds of milliseconds (ms). An overall delay of even 250 ms for a site to begin loading will be noticeable to most users.
There is virtually no connected experience that is not impacted by the availability and speed of DNS. None. Not your toaster, not your navigation system, not your social media, and not your Netflix fix.
That’s why it’s always disconcerting to find such a dearth of attention paid to DNS. That’s particularly true when you consider the importance of SaaS to business today. According to the aforementioned report, nearly half (44%) of the top 25 SaaS providers rely on a single DNS provider. That means both their primary and secondary nameservers are hosted and managed by the same provider.
That could spell disaster, as it did in 2016 when Dyn DNS experienced a series of DDoS attacks against its infrastructure. The attack left a significant number of prominent sites and services suffering poor performance and outright outages.
DNS and the Digital Economy
While DNS hijacking and cache poisoning are commonly mentioned as security risks, the reality is that the nature of DNS puts it at risk. It is – and must be – a publicly accessible service. It cannot be hidden behind access controls or other security services. That means DNS should garner a bit more attention from both infrastructure and security teams when considering how to defend the business from attack.
Don’t forget about DNS. Make it a point to evaluate its security and architecture on an annual basis and take steps to protect it. That includes securing against the latest DDoS attacks and protecting DNS query responses from cache-poisoning redirects. Look into how to better distribute DNS responsibilities across more than one provider and consider the role global server load balancing plays in keeping your digital presence alive in the face of an attack.
You can’t afford to ignore DNS if you want to succeed in the digital economy.
Lori MacVittie is the Principal Technical Evangelist at F5 Networks Inc. since June 2014. Lori is responsible for education and evangelism of application services available across F5’s entire product suite.