Home / Industry

Hosting Companies Need Advanced DNS, Here's Why…

How can better DNS be easy for hosting companies? DNS shouldn't have to be a choke-point or vulnerability in a hosting architecture. Nor should it be a headache for network administrators to provision, manage and secure. Technologies such as Afilias' new FlexDNS Platform, offers hosting companies or other resellers easy ways (Web portal, AXFR, or an API) to integrate with a massively diverse, flexible and distributed DNS network that guarantees 100% availability. Using Anycast, Afilias network can provide bulletproof DNS resolution from widely dispersed nodes on multiple continents, using multiple backbone providers and a diverse array of technology providers, creating a level of robustness and redundancy that would be prohibitively expensive for many hosting companies to deploy themselves in-house.Hosting companies face many challenges today, from differentiating their services in a crowded market with decreasing margins, to an increasing pressure to defend against growing sets of attacks against their infrastructure. As more and more services drift into the cloud, up-time is becoming one of the most critical factors for customers choosing a web host. A hosting company's record of reliability can often be the deciding factor for a customer to choose one service over another. Recently at HostingCon, Afilias was able to talk to hosting companies about their current DNS problems and why they need to now look at advanced DNS solutions to improve reliability or to seek new revenue with premium DNS offerings.

What we've been saying for some time now was confirmed by many of the hosting companies visiting and exhibiting at HostingCon. Over the last year we've seen an increase in size and number of attacks against the DNS. Both continue to grow as criminals seek any way to exploit vulnerabilities in networks. DDoS attacks against DNS infrastructure as well as sophisticated DNS hijacking attacks are now top of mind for most hosting companies.

Recent research from Arbor Networks shows that the risk of DDoS attack is by far the most worrying problem facing companies today, with 35% of organizations classifying such attacks as their biggest fear. The same research shows that over a quarter of all DDoS attacks target application-layer protocols such as DNS, with the largest attacks amounting to almost 50 Gigabytes per second (Gbps).

Here are some suggestions we have for hosting companies to not only improve their DNS architecture, but also how they can utilize a more superior and reliable DNS network to expand the services they currently offer today:

Add a secondary DNS provider to shoulder the load

An attack against a single hosting customer can severely impact performance and availability for a hosting company's entire network, especially when a DDoS flood is large and targets a shared network bottleneck such as DNS resolution. Every customer who puts content online, blogs, or shares links to your hosted sites in social media, creates a target that could put your entire customer base at risk.

The risk of taking out an entire set of customers based on the target of just one popular or controversial customer, presents a greater need for hosting companies to harden their DNS infrastructure from attack. Rather than bearing the added capital expense of building out a bigger DNS network, simply integrating a second DNS provider to serve part of your DNS traffic can alleviate bottlenecks in your current DNS infrastructure and give you an entire second network to rely on incase of a crippling DDoS attack.

Indeed, we've even seen some customers reap additional positive outcomes of integrating a secondary DNS provider. This approach allows them to seamlessly take out any or all of their own DNS nodes for planned or unplanned maintenance or even deploying critical patches.

Strengthening your network with Anycast

Of course, the DDoS problem is not confined to DNS alone. DNS is just one piece in the overall architecture of a hosting company. However, DNS is one area that is often not provisioned as well as other, more obvious, pieces of potentially vulnerable infrastructure. The risk of attacks taking down DNS for all hosting customers can be substantially mitigated by building out a robust DNS infrastructure that uses a diverse selection of technology providers and is globally distributed using IP Anycast.

Anycast enables companies to advertise the same IP address from multiple nodes, deployed on different parts of the Internet, simultaneously. In the DNS context, this allows companies to present a more localized way to resolve domain names, reducing latency and increasing performance for end users, while mitigating the impact of one node going down for maintenance or due to attack.

Don't run a monoculture - integrate diversity

The number of vulnerabilities found in ubiquitous data center hardware and software platforms is forever increasing, and is expected to double this year compared to 2009. Companies that have adopted software monocultures, or failed to incorporate enough vendor diversity in their DNS architectures, could find themselves more at risk from exploitation. By also introducing some of Afilias' principles of DNS Diversity, where each node is provisioned by more than one connectivity provider, and uses more than one vendor for each of its operating system, name server, server hardware and network infrastructure needs, single points of failure in your DNS are virtually eliminated.

Premium DNS is a selling feature

Advanced DNS not only does not need to be a cost center, it should also be viewed as an opportunity to increase revenues. As your customers' businesses depends more on their Web services, they are aware of just how critical the availability of their website actually is. Customers that want to safeguard their e-commerce revenue will pay for Service Level Agreements (SLA) and guarantees on their DNS resolution. Even a marginal increase in your per month hosting fee could be just enough to differentiate a premium DNS package, and collectively across your customer base can present an easy added revenue stream to help your bottom line this year.

About Afilias


Afilias is the world's second largest domain registry, with more than 20 million names under management. Afilias powers a greater variety of top-level domains than any other provider, and will soon support hundreds of new TLDs now preparing for launch. Afilias' specialized technology makes Internet addresses more accessible and useful through a wide range of applications, including Internet domain registry services, Managed DNS and mobile Web services like goMobi® and DeviceAtlas®. (Learn More)

Related topics: Cyberattack, Data Center, DDoS, DNS, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Related Blogs

Related News


Industry Updates – Sponsored Posts

Afilias Supports the CrypTech Project - Ambitious Hardware Encryption Effort to Protect User Privacy

Public Sector Experiences Largest Increase in DDoS Attacks (Verisign's Q4 2014 DDoS Trends)

Help Ensure the Availability and Security of Your Enterprise DNS with Verisign Recursive DNS

Verisign iDefense 2015 Cyber-Threats and Trends

What's in Your Attack Surface?

Join Paul Vixie & Robert Edmonds at the Upcoming Distinguished Speaker Series

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

LogicBoxes Announces Automation Solutions for ccTLD

3 Questions to Ask Your DNS Host About DDoS

Introducing Our Special Edition Managed DNS Service for Top-Level Domain Operators

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Neustar to Build Multiple Tbps DDoS Mitigation Platform

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

Video Interviews from ICANN 50 in London

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Sponsored Topics

Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines


Sponsored by

DNS Security

Sponsored by


Sponsored by