Home / Industry

Hosting Companies Need Advanced DNS, Here's Why…

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.

How can better DNS be easy for hosting companies? DNS shouldn't have to be a choke-point or vulnerability in a hosting architecture. Nor should it be a headache for network administrators to provision, manage and secure. Technologies such as Afilias' new FlexDNS Platform, offers hosting companies or other resellers easy ways (Web portal, AXFR, or an API) to integrate with a massively diverse, flexible and distributed DNS network that guarantees 100% availability. Using Anycast, Afilias network can provide bulletproof DNS resolution from widely dispersed nodes on multiple continents, using multiple backbone providers and a diverse array of technology providers, creating a level of robustness and redundancy that would be prohibitively expensive for many hosting companies to deploy themselves in-house.Hosting companies face many challenges today, from differentiating their services in a crowded market with decreasing margins, to an increasing pressure to defend against growing sets of attacks against their infrastructure. As more and more services drift into the cloud, up-time is becoming one of the most critical factors for customers choosing a web host. A hosting company's record of reliability can often be the deciding factor for a customer to choose one service over another. Recently at HostingCon, Afilias was able to talk to hosting companies about their current DNS problems and why they need to now look at advanced DNS solutions to improve reliability or to seek new revenue with premium DNS offerings.

What we've been saying for some time now was confirmed by many of the hosting companies visiting and exhibiting at HostingCon. Over the last year we've seen an increase in size and number of attacks against the DNS. Both continue to grow as criminals seek any way to exploit vulnerabilities in networks. DDoS attacks against DNS infrastructure as well as sophisticated DNS hijacking attacks are now top of mind for most hosting companies.

Recent research from Arbor Networks shows that the risk of DDoS attack is by far the most worrying problem facing companies today, with 35% of organizations classifying such attacks as their biggest fear. The same research shows that over a quarter of all DDoS attacks target application-layer protocols such as DNS, with the largest attacks amounting to almost 50 Gigabytes per second (Gbps).

Here are some suggestions we have for hosting companies to not only improve their DNS architecture, but also how they can utilize a more superior and reliable DNS network to expand the services they currently offer today:

Add a secondary DNS provider to shoulder the load

An attack against a single hosting customer can severely impact performance and availability for a hosting company's entire network, especially when a DDoS flood is large and targets a shared network bottleneck such as DNS resolution. Every customer who puts content online, blogs, or shares links to your hosted sites in social media, creates a target that could put your entire customer base at risk.

The risk of taking out an entire set of customers based on the target of just one popular or controversial customer, presents a greater need for hosting companies to harden their DNS infrastructure from attack. Rather than bearing the added capital expense of building out a bigger DNS network, simply integrating a second DNS provider to serve part of your DNS traffic can alleviate bottlenecks in your current DNS infrastructure and give you an entire second network to rely on incase of a crippling DDoS attack.

Indeed, we've even seen some customers reap additional positive outcomes of integrating a secondary DNS provider. This approach allows them to seamlessly take out any or all of their own DNS nodes for planned or unplanned maintenance or even deploying critical patches.

Strengthening your network with Anycast

Of course, the DDoS problem is not confined to DNS alone. DNS is just one piece in the overall architecture of a hosting company. However, DNS is one area that is often not provisioned as well as other, more obvious, pieces of potentially vulnerable infrastructure. The risk of attacks taking down DNS for all hosting customers can be substantially mitigated by building out a robust DNS infrastructure that uses a diverse selection of technology providers and is globally distributed using IP Anycast.

Anycast enables companies to advertise the same IP address from multiple nodes, deployed on different parts of the Internet, simultaneously. In the DNS context, this allows companies to present a more localized way to resolve domain names, reducing latency and increasing performance for end users, while mitigating the impact of one node going down for maintenance or due to attack.

Don't run a monoculture - integrate diversity

The number of vulnerabilities found in ubiquitous data center hardware and software platforms is forever increasing, and is expected to double this year compared to 2009. Companies that have adopted software monocultures, or failed to incorporate enough vendor diversity in their DNS architectures, could find themselves more at risk from exploitation. By also introducing some of Afilias' principles of DNS Diversity, where each node is provisioned by more than one connectivity provider, and uses more than one vendor for each of its operating system, name server, server hardware and network infrastructure needs, single points of failure in your DNS are virtually eliminated.

Premium DNS is a selling feature

Advanced DNS not only does not need to be a cost center, it should also be viewed as an opportunity to increase revenues. As your customers' businesses depends more on their Web services, they are aware of just how critical the availability of their website actually is. Customers that want to safeguard their e-commerce revenue will pay for Service Level Agreements (SLA) and guarantees on their DNS resolution. Even a marginal increase in your per month hosting fee could be just enough to differentiate a premium DNS package, and collectively across your customer base can present an easy added revenue stream to help your bottom line this year.


About Afilias – Afilias is the world's second largest domain registry, with more than 20 million names under management. Afilias powers a greater variety of top-level domains than any other provider, and will soon support hundreds of new TLDs now preparing for launch. Afilias' specialized technology makes Internet addresses more accessible and useful through a wide range of applications, including Internet domain registry services, Managed DNS and mobile Web services like goMobi® and DeviceAtlas®. Learn More

Related topics: Cyberattack, Data Center, DDoS, DNS, Security


Related Blogs

Related News

Explore Topics

Sponsored Topics

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Leading Internet Associations Strengthen Cooperation

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year