DevOps Needs a New DNS

DZone 's Guide to

DevOps Needs a New DNS

Traditional DNS approaches are not enough to meet the needs of DevOps practices, so what does an ideal strategy look like?

· DevOps Zone ·
Free Resource

As the effects of digital transformation hit the field of application development and delivery full steam, it’s becoming increasingly clear that traditional DNS approaches are not adequate to meet today’s needs.

Until recently, Open Source platforms have supplied the DNS and traffic management organizations needed in their internal networks and for their public, Internet-facing services. The majority of DNS servers, both on the Internet and in enterprise intranets, are Open Source-based solutions such as BIND, djbdns, PowerDNS, gdnsd, and NSD.

Enterprises and DNS providers have adapted these solutions to perform the some advanced functions needed in today’s environments. However, even with those complex customizations, many capabilities that would greatly benefit performance and efficiency are simply not possible. As a result, these solution are being supplanted by advanced DNS architectures, designed for modern IT environments.

A Modern DNS Routing Strategy

Between an end user and the information or service they are requesting lies the all-important DNS look-up. At one time, it was considered a best practice to route the user to the closest available server. Although Open Source DNS solutions were not originally designed to do this, they can be modified to incorporate geography and up/down measurements into their decision-making process. However, enabling and maintaining these functions requires significant effort to make the needed modifications to the base DNS system and to integrate third-party software such as geoIP.

Even these modifications do not create the ideal scenario, because it’s no longer a given that the geographically closest server is the best option for responding to the user request. For example, the server may be overloaded or the network connection to that server may be heavily congested. There may be other important business considerations, such as the need to fulfill bandwidth commits or to avoid overages. Open Source DNS solutions, even with modifications, are incapable of optimizing responses using real-time network and server conditions, real user monitoring (RUM) data, or providing responses based on business logic.

DNS solutions that are purpose-built to meet today’s needs remove the hassle of having to modify Open Source platforms to perform basic geographic-based routing, but they also deliver a much richer set of traffic management capabilities. They provide the flexibility to configure routing algorithms based on metrics and rules you define to meet the business objectives of your organization.

Organizations stand to make significant gains by optimizing this infrastructure as they invest heavily in CDNs, contract with multiple transit providers and leverage distributed cloud architectures. A DNS solution that is easily configured to make traffic decisions that are optimized for response time, throughput, quality of service, CDN commits, bandwidth commits, etc. can deliver significant returns while reducing the ongoing overhead of maintaining traditional Open Source DNS.

Tackling Security

IT teams are well versed in the realities of infrastructure security vulnerabilities. As a core component of the infrastructure, DNS systems are no exception. Managing and patching vulnerabilities in a manner that is transparent and does not affect system availability can be a time-consuming and operational challenge. The challenges are compounded where there is custom code built on top of Open Source.

To offload some of the team’s burden, next-generation managed DNS solutions are available both for Internet and private, intranet-only services. Because they are fully managed, these solutions mitigate security exposure and reduce operational overhead. The DNS provider takes responsibility for security patches, updates, health monitoring and general support. They typically include a dedicated, full-time NOC and promptly apply security fixes and patches to the underlying operating system and libraries without impacting system availability.

Supporting DevOps

As DevOps teams roll out applications into dynamic, software-defined environments, underlying services such as DNS need to be well integrated. Open Source DNS solutions were developed long before these changes came about and, as a result, they lack the native APIs and sophisticated GUIs needed to support modern DevOps environments. This adds operational overhead and can be a drag on new service velocity.

In contrast, today’s DNS solutions support advanced traffic management and automated service discovery with an “API-first” approach that easily integrates with how today’s IT services are developed, deployed and maintained. Combined with single-pane-of-glass traffic management across the entire infrastructure, these solutions allow organizations to focus scarce IT resources on activities that are core to the business.

The Right Tool for the Job

DNS was designed when the internet was less complex, infrastructure was relatively static and demands for speed and scale were orders of magnitude less than today. It is remarkable how well the original design has held up, but increasingly its limitations are emerging as a bottleneck in performance optimization and DevOps. Advanced DNS has  become the tool of choice for leading edge online companies that depend on delivering their services with speed, scale and agility.

devops, dns, open source, security

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}