DNS – The Foundation of your Internet Presence

I’ve been in the DNS and Domain name business for almost 20 years now and explaining what DNS is and how important it is has always been a struggle. As critical as DNS is, it’s an underlying Internet technology that not many people pay too much attention to – until it’s not working.

During all those years in my career I’ve struggled for a quick and simple way to explain what DNS is and it’s importance in the chain of Internet technology. This graphic above really sums up the importance of DNS and how it acts as the foundation of your online presence.

Sit back and think about your Internet presence as a house or building that contains your web server, email servers, FTP server, API, VOIP Phone system etc. This house of yours relies on two things; your domain name and DNS before any other service can be setup.

Your domain name is just like the plot of land you build on – without your parcel of land, you have nowhere to build. The domain name must be registered and in good standing (Not expired) before anything will work. Once you have your domain name, you can start to build the foundation before you can build your house. If your foundation is weak and unreliable, your house can crumble to the ground. This foundation is your DNS – a reliable way of answering queries to your domain name and pointing visitors to your online resources such as your web server, etc. Without a strong DNS service as your foundation, you risk loosing the house and all it’s contents.

There are many other analogies that can be used to explain DNS but the true moral of the story is don’t skimp on the foundation when building your Internet house…

BIND is the world’s most popular DNS server – serving a large portion of the Internet due to it’s open source model and free distribution. This DNS software is a wonderful benefit for the Internet community, but also something that requires care and affection.

Just last week, a major flaw (CVE-2015-5477) was discovered in BIND DNS Version 9.X that could allow a single lone wolf attacker (An Internet “bad guy”) to take down a large number of domain entities across the internet with an easy to execute malformed query. All it takes is a push of the button and your domain and all of your online resources could become virtually crippled.

Fortunately, CloudfloorDNS uses a proprietary DNS system that is not vulnerable to these BIND attacks/exploits.

This story isn’t about BIND per se – its about not placing your organization at risk by using DNS smarter. How so? It’s simple. There are two options. One, use an Authoritative DNS Provider that isn’t susceptible to the same risks that some open source software can present. Two, add a non open source Authoritative DNS Provider to your delegation along with your existing provider that may use open source Name Server software. Having dual Authoritative DNS providers will mitigate risk by not allowing your Internet presence to be threatened by open source vulnerabilities and it also offers additional geographic redundancy. This may sound over the top, but if your business relies on a single organization that uses open source software only, and they get hit with a vulnerability attack as described above, your company and your online business simply goes offline. Not only your website, but your entire online entity will go down in flames. It’s just as bad as allowing your domain name to expire.

When it comes to DNS, thinking smarter and not waiting until a failure or attack to make those critical infrastructure decisions can save you in the long run.