In simpler times, one data center served all an organization’s needs. It housed the Domain Name Service (DNS) servers, and no one thought twice about it. After all, if the data center went down, the DNS servers would be useless anyway.
Fast-forward to today. Large organizations have many data centers, sometimes distributed across multiple countries – not to mention cloud regions and highly distributed networks. Consequently, your DNS needs to be just as highly distributed as your content. After all, what good is a Disaster Recovery site if you have no way to direct your users to it?
The order of the day is for best-in-class DNS providers to offer highly resilient networks with multiple anycast groups and hundreds of servers spread out around the world. However, the hard reality is that impairments, outages and massive Distributed Denial of Service (DDoS) attacks can and do happen. To truly bulletproof your distributed infrastructure against an issue where your users cannot resolve your domain, you might very well consider hosting your DNS records with two providers.
This is not as clear-cut as it sounds, though. Before today’s dedicated DNS solutions, you basically had three choices. You could run one DNS provider as primary and the second as the replicated slave. Alternately, you could run two DNS providers, both as primary, and (carefully) make your record changes in each. The third option was to run two DNS providers, both as primary, and code your own middleware application that is capable of understanding a requested DNS change and pushing that change to each provider’s unique API.
Let’s break down these options. The first one takes away the traffic management features, powerful geographic routing and RUM-based telemetry that some top-tier providers offer. The use of the zone transfer (XFR) technology condemns you to only using the most basic, vanilla DNS records.
If you run two DNS providers, you are opening the door wide to human error. That’s because if you don’t painstakingly and laboriously keep two different providers in perfect sync, you will end up with traffic routing problems that are shockingly difficult to troubleshoot.
Running two primary DNS providers requires you to expend substantial time and resources to write your own DNS management software suite, with in-depth integration with each of your DNS providers. You lose all the advantages of your providers’ portals and dashboards and will have to roll your own interpretation layer to keep one provider’s advanced features in approximate synchronization with the next provider’s.
Again, because times have changed, other choices are now available. Dedicated DNS solutions today allow you to place real or virtual servers anywhere you want them: in your office, in your data centers, inside your DMZs, behind your firewalls – literally anywhere that makes sense for your infrastructure. You can then install a DNS software stack on them and turn them into fully managed DNS delivery nodes that are dedicated to you. Through the same portal and API as you use right now to manage your DNS on a managed DNS anycasted world-wide platform, you can choose which domains you want to also serve from your dedicated DNS nodes.
This choice gives you the best of all worlds: the resilience of two DNS providers and ease of management through a single portal and API. All your advanced traffic management and intelligent Filter Chain configurations work exactly the same, too. And if something were to happen to any part of the managed DNS infrastructure, your dedicated DNS nodes would be unaffected and would continue to happily serve DNS. Once they reestablished contact with the “mothership,” they would push their queued query statistics upstream and apply any pending record changes.
Dedicated DNS nodes, along with being authoritative DNS servers, also support recursion, so you can point all your DNS clients (laptops, servers, EC2 instances etc.) at them. This results in all your DNS needs being met and queries directed at your own domains and records being resolved in single-digit millisecond time. You can also leverage advanced Filter Chain capabilities to intelligently direct traffic within your own data centers and achieve greater performance, failover and resilience between server or application tiers.
The good old days of simple configurations have been left in the dust of rapid technological progress. You’re taking a big risk by running two disparate DNS providers – the possibility for disaster is high. Fortunately, that’s not your only option anymore. Today, you can marry the power of managed DNS with dedicated DNS solutions for a modern answer to DNS’s many demands.