The Why's And Why Not's Of Cloud DNS
The Why's And Why Not's Of Cloud DNS
Depending on your needs, company size, and financial abilities, using cloud DNS may (or may not) be right for you.
Join the DZone community and get the full member experience.Join For Free
Learn how to migrate and modernize stateless applications and run them in a Kubernetes cluster.
Cloud DNS is a multi-million-dollar industry with some estimates of the size of the global DNS market surpassing $215M. The reason why Cloud DNS is such a burgeoning field is because of the benefits it can offer to a company. Having DNS servers on the cloud allows a company a lot of flexibility in its operation as well as offering it a lot of different ways to deal with any issues that may arise such as DDoS or similar types of attacks. As with any new development, there are pros and cons and we shall explore them in detail to determine what we need to know about Cloud DNS and if it's a viable consideration for a corporate entity.
Cost Viability Analysis
When setting up an on-site server, the initial cost will be quite large, but maintenance costs over time would be minimalized since the server would already exist and upgrades would not be nearly as costly as rebuilding the entire server from scratch. However, for a growing corporate company, the volume of growth might require new hardware to be installed regularly, nullifying any benefit from installing a server on-site as a one-time fee. In situations like these, the cloud excels by offering DNS servers that are not only available to the company from anywhere in the world but also ensures that the servers can't be physically tampered with or damaged. For smaller companies, however, it should be noted that data recovery costs could be quite large in the case of having to restore a server backup.
Reachability and Uptime
A DNS server for a company should always be available to the people within that company and if a server comes down for whatever reason, it could leave the company high and dry when it comes to reaching the resources it needs. A business that is widespread geographically needs to have a DNS presence that is redundant in order to maintain this reachability at any time. Cloud DNS servers offer this reachability since the servers are not constrained by a physical location. Their latency is low and their data transfer speed is high because of smart routing to the nearest available geographic server location.
DDoS Protection with Cloud DNS
Dedicated Denial of Service attacks have become alarmingly commonplace in the current Internet environment. Because of how cloud DNS is designed, it can deal with the massive number of requests that a DDoS attack would generate by simply increasing the amount and processing power dedicated to the site facing the attack. A non-cloud DNS has the downside of being bogged down and is susceptible to DDoS because there's only so much processing it can do at any given point in time. The scalability of a Cloud DNS makes it more and more unlikely for a DDoS attack to succeed because the processing power will simply grow to adapt to the need. The sheer amount of resources available to cloud DNS makes it far more capable of handling DDoS and allows it to scale up to deal with the attack, absorb it through its servers or escape it completely.
Security through DNSSEC
Domain Name System Security Extensions (DNSSEC) adds a layer of security to cloud DNS by using cryptographic authentication of DNS records. Most DNS security issues would be rendered null through use of DNSSEC within a corporate environment and cloud DNS already has support for this particular protocol. Enterprise-level DNS servers at present haven't adopted DNSSEC because it isn't widely used and so companies aren't aware of the benefits it can offer. Additionally, on a non-cloud system, DNSSEC could lead to serious mistakes if the administrator doesn't perform the key-rotation steps properly. Cloud DNS makes this a lot easier, allowing a company to benefit from DNSSEC while at the same time limiting the issues that may arise from running it on a non-cloud DNS.
Security from Online Attacks
A DNS is always connected to the Internet and because of this, it is always at risk of attack. The major thing that an enterprise-level DNS installation has to worry about is ending up as an open DNS resolver. If an attacker manages to turn a DNS into an open resolver it could leave the company at risk of a DoS attack which could bring down its ability to interact with the Internet. Cloud DNS avoids this by ensuring their servers are always patched to stopper new exploits as they occur. Non-cloud DNS servers, provided by many managed IT services, have the disadvantage of needing patches applied manually as they come out in order to ensure that their servers are always ahead of the ever-present arms race between hacker and enterprise.
Cloud DNS as a Solution
For a company, cloud DNS may provide a useful and cost-effective alternative to having an on-site DNS installed. As companies get larger, cloud DNS scales alongside those companies allowing them to grow freely without having to worry about the constraints of their network hardware. However, the step from a small company which cannot afford significant cloud DNS bills to a large company that requires the flexibility and redundancy offered by cloud DNS is a massive one. Smaller companies might be better off looking at on-site solutions since the cost would be easier to mitigate and the impact not so severe as compared to larger companies which need to be at the cutting edge of DNS technology since their continued existence and efficiency depends on being able to stay current with relevant threats to their data and their infrastructure.
Published at DZone with permission of Gary Eastwood . See the original article here.
Opinions expressed by DZone contributors are their own.