|
Origin: UltraDNS.com (White Paper)
Date: 02/10/2002
INTRODUCTION
Any business with an Internet presence is familiar with domain
names. Information Technology (IT) engineers at these firms understand
that the Domain Name System (DNS) translates, or "resolves,"
alphanumeric domain names, such as www.amazon.com, into specific computer
addresses, such as 205.188.196.115. DNS is especially critical for companies
that provide Internet-based services, such as Internet service providers
(ISPs), application service providers (ASPs), and Web hosting companies.
DNS is also highly important for companies whose main business model depends
on Internet-based transactions (e-Businesses) such as eBay, Yahoo!, or
Amazon.com. Without DNS, these companies are unable to provide their contracted
services. An ISP customer cannot surf the Internet. An eBay customer cannot
view auction pages, much less bid on them.
Even though DNS is mission-critical, most firms pay only passing attention
to its performance. Aberdeen research shows that DNS management for IT
departments is like an autonomic nervous system function in the human
body: It happens without conscious effort - until there is a problem.
A sudden barrage of customer complaints about connection errors or unavailable
Web servers causes a flurry of DNS troubleshooting, after which DNS recedes
into the background until the next emergency.
DNS management is not a glamorous job. Even so, service providers and
e-Businesses may be surprised to learn that traffic analysis performed
by the Internet performance measurement company. Keynote Systems showed
that DNS related errors are the second most frequent reason for failed
Internet connections. While most firms monitor their Web site's performance
for potential problems after the customer has connected to the site, Aberdeen
research shows that many enterprises do not track connection errors, in
general, or DNS-related errors in particular. Firms that strive to provide
carrier-class reliability and availability should change their approach
to DNS management from autonomic to proactive.
Aberdeen research indicates that customer satisfaction for service providers
and e-Businesses can be significantly improved by raising DNS's profile.
Every lost connection, whether DNS-related or not, potentially means lost
business. A customer who fails to reach one online catalog will click
to a competitor. A Web user who cannot quickly load a Web page will look
elsewhere for information. Given the expected growth in registered domains
and Web traffic, and the fact that firms increasingly rely on Internet-based
business units to create revenue, Aberdeen research suggests that all
firms should reconsider their DNS management strategy.
The question should not be "if" DNS is managed, but "how"
This Aberdeen Executive White Paper describes typical management approaches
to DNS by service providers such as ISPs, Web hosters, and e-Businesses.
It then analyzes some limitations to these approaches and describes current
and future trends in DNS use that can seriously affect customer satisfaction.
This paper concludes with an analysis of UltraDNS Corporation, a new supplier
of the first carrier-class outsourced DNS management solution that improves
DNS performance and end customer satisfaction.
AN OVERVIEW OF THE DOMAIN NAME SYSTEM
The DNS organizes domain names and the associated Internet Protocol (IP)
addresses into a searchable, tree-like directory. Web browsers and IP-based
applications refer to DNS servers in order to correlate domain names with
their IP address. If DNS fails, Web browsers cannot locate Web sites,
and applications such as e-mail cannot determine where to send e-mail
messages. More importantly for forward-looking service providers and e-Businesses,
reliable DNS performance is essential for interactive and real-time applications.
DNS facilitates end customers' real-time communications with applications
hosted by ASPs. Any delays or failures in DNS lookup to resolve domain
names to IP addresses will decrease the quality of service customers receive.
Currently, enterprises either outsource DNS management to their ISP or
Web hoster, or they maintain their own DNS servers. The primary DNS nameserver
is the DNS "master," which holds the authoritative database
of domain name/IP address pairing. The primary nameserver accepts any
changes, additions, or deletions to the firm's DNS and may also respond
to incoming DNS queries. Secondary DNS Nameservers are "slave"
servers and store copies of the DNS database and also respond to incoming
queries. Modifications to the primary nameserver database are periodically
replicated to the secondary nameservers.
Primary and secondary nameservers respond to incoming DNS queries for
the source organization. Recursive DNS nameservers, or DNS caches, are
servers that send and process DNS queries on behalf of end-users, such
as "What is the IP address of the server for wwwmysite.com?"
Recursive nameservers "walk the DNS tree," possibly querying
several authoritative nameservers to find and deliver the requested answer
to the user (60.120.30.109).
All DNS records cached by recursive servers have a specified "time
to live," or TTL, which is the amount of time that the domain name/IP
address relationship is valid in the cache. Once the TTL expires, the
recursive nameserver will delete the DNS relationship. The next time that
particular domain name is requested, the recur sive namesever queries
the origin primary or secondary nameservers for a new pairing, which is
then cached until the new TTL expires.
ICANN, THE REGISTRY AND REGISTARS
Contrary to popular opinion, the Internet is not a new Wild West where
everyone makes their own rules - particularly when it comes to domain
names. In 1999, the Internet Corporation for Assigning Names and Numbers
(ICANN) was created to monitor and regulate domain name usage. ICANN oversees
the domain "registrars," which are firms that broker assignment
of domain names. Registrars submit domain name registrations to the firm
controlling the "registry," which is the database that tracks
all entries within a specific top-level domain (TLD) such as ".com"
or ".edu." Along with establishing rules and standards, ICANN
monitors registry firms to regulate their TLD monopolies. Network Solutions,
Inc. (NSI), a wholly owned subsidiary of VeriSign, Inc., is by far the
largest registry with more than 12 million registered domain names. NSI
operates as two independent units - a registry, which manages the ".com"
TLD, and a registrar, which competes with other registrars for registrations
from companies wishing to register a domain name.
ICANN and the registrars perpetuate DNS interoperability by proposing
and adopting new standards through a review board. Interoperability is
particularly important because the number of registered domain names is
poised to explode over the coming years. In November 2000, ICANN accepted
applications from seven new registry operators to run new top-level domains
-.aero, biz, coop, info, .museum, name, and pro. Approved new TLDs will
be ready for general availability in early 2001 and will contribute to
the exponential increase in the volume
of domain names. Disney Corporation, for example, may add disney.biz and
disney.info to its current stable of disneycom, disneynet, and disneyorg.
NSI predicts that the number of domains will increase from 15 million
in mid-2000 to more than 160 million in 2004.
TYPICAL DNS LOOKUP SCENARIO
Figure 1 depicts the transactions behind a typical DNS lookup scenario.
The enduser types in a domain name - e.g., wwwmarketing.ibm.com (step
1). The recursive server at the user's ISP then employs an "iterative"
search method. First, the recursive server checks its cache for the domain
name/IP relationship. If the TTL has expired or the pairing cannot be
located, the recursive server queries the "." root servers at
ICANN (step 2). The ICANN servers either answer the query or direct the
recursive server to query servers at the respective TLD registry (step
3), in this case to NSI, which operates the ".com" domain. The
recursive server queries the NSI servers (step 4). The NSI servers either
resolve the query or direct the recursive server to ibm.com (step 5).
If any tree level has multiple nameservers, the DNS system will perform
a "round-robin" query among the authoritative servers, checking
first one, then the next, and so on, to try to resolve the request. If
the round robin is successful, the recursive server is directed to the
next level of the DNS tree (steps 6 and 7). Depending on the DNS management
structure, the company may resolve the query at this level, or it may
redirect the recursive server to query nameservers run by a specific department
(steps 8 and 9).
Assuming that no links in the iterative process break, the DNS query eventually
gets resolved and the answer gets passed back to the recursive nameserver
(step 10). The recursive nameserver directs the Web browser to the destination
Web server (step 11). The recursive server also caches a copy of this
resolution for future queries until the TTL expires.
Recursive servers cache data at each step in this process, so that queries
seldom incur all of the above steps. For example, the query to root servers
for a list of ".com" servers is seldom needed, as ".com"
is likely to have been consulted for a previous query. In the best case,
the resolution is entirely cached by the local ISP recursive servers,
thereby eliminating all queries to authoritative servers.
INTERNETWIDE DNS INTEROPERABILITY
The interrelated nameservers and caches create a fully distributed DNS
directory network of redundant servers for fast, mostly accurate, DNS
resolution. This network stems from the sheer number of nameservers and
caches that exist. For example, a large ISP or Web hoster that hosts hundreds
of thousands of domains may have 5 to 10 primary and secondary nameservers,
as well as 10 to 20 recursive DNS lookup servers. An e-Business that hosts
fewer than 10 domains may have 2 to 5 nameservers and caches. When aggregated,
literally hundreds of thousands of nameservers are spread throughout the
Internet.
Figure 1: Typical DNS Lookup Scenario
Aberdeen research shows that DNS server software and hardware is fairly
standard, regardless of the organization's business model or size. For
software, nearly every nameserver uses the Berkeley Internet Name Domain
(BIND) implementation of the DNS protocols. BIND includes a DNS nameserver
that can be configured as a primary, secondary, or recursive server; a
DNS resolver library; and some rudimentary command-line tools for managing
and monitoring DNS servers.
BIND has become the de facto standard for DNS software for four reasons:
It was the first commonly available implementation of the DNS protocols;
it is distributed for free; it is relatively stable; and, until recently,
there was no commercially viable alternative. In addition, the BIND implementation
of DNS protocols does not require significant processing power, so hardware
requirements are minimal.
Aberdeen research indicates that most firms use last-generation boxes
from Sun Microsystems or Intel-based platforms. One ISP Aberdeen interviewed
still uses an Intel 486 server as part of its DNS. The most taxing hardware
requirement for DNS is random access memory (RAM), which is expandable
on most platforms.
DNS LOOKUP ERRORS: AN OVERLOOKED, BUT SIGNIFICANT, PERFORMANCE ISSUE
Most DNS management involves adding, changing, or deleting referenced
information from the domain tables. Anytime the domain information changes,
IT staff must update the company's primary nameserver. If a Web site is
assigned a new IP address, or a new Web server is added, the corresponding
DNS entry must be added. System administrators typically use basic text
editors and various command-line tools to configure DNS information.
KEYNOTE SAYS 29% OF CONNECTION ERRORS ARE RELATED TO DNS
When working correctly, DNS seamlessly connects the end-user to the desired
content. However, if the Web browser cannot locate the content server,
no communication occurs. Keynote Systems measured more than 372 million
connection attempts to 12,000 hosts during a four-week period, with the
following results:
• 3.24% of the connection attempts failed. This figure does not include
"HTTP 404: File Not Found" errors, because these errors resulted
from content that was moved between the time when the test parameters
were set and the test was performed.
• "Connection Timed Out" was the most frequent cause of
connection error, responsible for 48.5% of the failures.
• "DNS Lookup Failure" was the second most prevalent connectionrelated
error, causing 29.0% of Web page download attempts to fail.
"Connection Timed Out" errors result from an unavailable content
server, network latency, or other problems in the Internet cloud. Aberdeen
research indicates that companies spend considerable time and money addressing
this problem by deploying more servers, increasing available bandwidth,
and locating backup servers on more reliable networks. However, unlike
"Connection Timed Out" errors, Internet-related businesses spend
little time or money addressing the "DNS Lookup Failures" even
though it is a significant - and resolvable - problem.
ACCURACY, AVAILABILITY, AND RELIABILITY IMPROVE DNS PERFORMANCE
Aberdeen interviewed eight service providers and e-Businesses that are
heavy DNS users. The purpose of the interviews was to investigate the
perception of DNS performance by these firms' IT staff. The results point
to three primary areas of DNS performance that directly affect customer
satisfaction:
1. DNS accuracy is inhibited by misconfiguration errors:
2. DNS availability delicately balances freshness of DNS information and
speed of DNS lookup; and
3. DNS reliability suffers due to complete reliance on simple reliability
mechanisms such as TTL-based caching, redundant authoritative nameservers,
and a try-retry query strategy.
DNS ACCURACY: MISCONFIGURATION AFFECTS CUSTOMER'S SATISFACTION
Aberdeen interviewees reported that the basic simplicity of DNS frequently
leads to data entry errors. Six of the eight companies reported misconfiguration
as the largest DNS-related problem that system administrators deal with
on a daily basis. If an administrator puts one "." out of place
when entering a data change, DNS is unable to locate the destination server.
The IT staff usually learns that a misconfiguration has occurred when
end-users start complaining that the company's site is unavailable.
These same six companies admitted that they had instituted little quality
assurance measures around DNS management. They accepted that DNS errors
would occur, and that they would fix these errors as they were noticed.
Several interviewees, though, commented that improving the DNS management
tools would help them reduce these problems.
This approach can be harmful to a new or existing customer relationship.
Aberdeen research indicates that misconfiguration is likeliest to occur
at the beginning of a customer relationship between a service provider
and a new Web site owner. The first week of the business relationship
is consumed with transferring and configuring the Web content, as well
as DNS service, from the customer's servers to the service provider's
servers. Frequently, this transition is not smooth. Often the new domain
name is inaccurately addressed, so that new DNS queries result in DNS
Lookup Failure errors. The incorrect information persists throughout the
Internet as nameservers serve "stale" information until the
TTL expires. The customer's only recourse is to repeatedly call the service
provider's help desk until the problem is addressed.
For the new customer, the first week of service sets the tone for the
entire relationship. For existing customers, ongoing minor headaches quickly
add up to a perception of overall poor service. It only increases the
customer's frustration to know that the error is probably a simple configuration
error.
Improving quality control over DNS data entry greatly increases new and
existing customer satisfaction. There are no native tools to support a
large-scale quality assurance process. The two interviewees who did not
report DNS misconfiguration problems had both already instituted customized
quality control measures. These customized measures included the following:
- DNS Accuracy Through Human Intervention: One regional ISP instituted
a DNS quality assurance process in which administrators would pass DNS
changes through the chief architect for review before the changes were
activated. Though effective for this company, human intervention is
not scalable. Large ISPs and Web hosters that host thousands of domains
may have hundreds of daily DNS changes and additions. It is not cost
effective to allocate one administrator's time to reviewing DNS changes,
particularly given the ad hoc nature of most large firms' DNS management.
- DNS Accuracy Through Home-Grown Applications: A large Web hoster leveraged
its IT staff's expertise in DNS, programming, and user interface design
to internally develop a DNS management application to address configuration
quality in a scalable manner. This application verifies standard changes
and additions against style templates, after which it automatically
enters DNS changes directly into a primary nameserver. The application
allows the Help Desk to change, add, and delete entries directly into
the DNS database with a low risk of domain misconfiguration and with
little intervention by network administrators. Because this approach
is expensive and requires significant development time and expertise,
only firms with large financial and development resources can design
such a system.
In the first example, the number of domains is small enough to be managed
manually. In the second, the company was large enough to devote resources
for developing a specialized DNS application. For most companies, neither
of these two routes is a plausible option. Therefore, most companies tolerate
DNS misconfiguration as a cost of doing business, and address such problems
as they arise.
DNS AVAILABILITY: BALANCING FRESHNESS VERSUS SPEED
As previously discussed, the TTL and caching mechanisms provide some degree
of DNS availability. DNS nameservers cache copies of the domain name/IP
address relationships that pass through them. If the recursive server
cannot resolve the query out of cache, the server uses an iterative try-retry
query strategy. Frequently accessed relationships end up being cached
throughout the Internet. Availability is a factor of the following:
- Resolution speed: The effect on end-users is measured in milliseconds.
- Freshness: Even though recursive servers throughout the Internet store
the relationships, if they store stale information the end-user will
be unable to find the desired content.
The TTL-based caching enables DNS to perform adequately with millions
of distributed entries. The drawback is that TTL forces companies to make
a tradeoff between freshness and speed. A short TTL - such as one hour
or five minutes - means that the dispersed information will be more accurate
but the resolution time can be longer, as queries must be referred all
the way back to the origin nameservers more frequently. A long TTL - e.g.,
a day or week - means resolution is typically faster because the relationship
remains cached at more points throughout the Internet, but the caches
may be inaccurate if changes are made to the source.
Several interviewees noted that end customers often have unrealistic expectations
about how quickly changes can be propagated on the open Internet. End
customers expect all changes to be reflected immediately and may not understand
the TTL protocols. Consequently, many customers believe they are receiving
poor service, even though the balance has been optimized for their particular
needs.
In addition, many service providers may not input changes immediately,
either placing them in a processing queue or batch-entering DNS changes
at certain intervals. These practices are more efficient in terms of staff
time but can add hours or days to the DNS change propagation period.
Half of the service providers and e-Businesses interviewed accept that
change propagation takes anywhere from "several hours to a few days"
to get entered into the system and even more time for the stale TTLs to
expire. The other interviewees, however, indicate that they are constantly
educating customers about TTL, and working to arrive at an "acceptable
compromise," even if that compromise is not optimal for end customers.
All interviewees admitted that they would be able to increase customer
satisfaction if there were a better method of monitoring and changing
cached DNS relationships on the open Internet.
DNS RELIABILITY: IMPROVING BASIC MECHANISMS
Today's DNS deployments rely on simple reliability mechanisms that were
specified and implemented when the DNS system first evolved. At the outset,
these mechanisms met the noncritical needs of the applications and users
and provided a level of reliability and performance consistent with the
other Internet system components of the time. Even though Internet applications
and users have become more sophisticated, and the components supporting
the Internet are more complex, three original mechanisms remain the primary
reliability support for DNS: TTL-based caching of DNS data; redundant
authoritative nameservers; and try-retry query strategy.
- TTL Based Caching: Resolving a query through a cached copy of DNS
data on the user's local recursive server (step 1 in Figure 1) improves
reliability by eliminating subsequent transactions (steps 2 to 10).
How ever, the time-to-live of cached information periodically expires,
causing a percentage of queries to traverse some or all of the DNS tree.
Long TTLs increase the amount of time that the caches can be used but
reduce the DNS data's accuracy. Inaccurate cache data compromises reliability
because users are referred to incorrect or non-existent IP addresses.
These tradeoffs make it difficult for companies seeking to offer online
services with carrier-class reliability.
- Redundant Authoritative Name Servers: The original specifications
for the Domain Name System required that domain owners employ multiple
servers configured to answer authoritatively for their domains. This
requirement provides for reliability because failure by any individual
server does not cause the DNS to fail. Multiple servers are thus candidates
for the query try-retry strategy.
- Query Try Retry Strategy: A query sent to an authoritative server
may not return an answer for several reasons: The server may be temporarily
or permanently inoperable, the server may be incorrectly configured,
or either the query or response packet may be lost due to intermittent
or permanent network problems. Whatever the cause, the recursive server
that is attempting to resolve a DNS query will retry one of the redundant
authoritative servers. The retry occurs after a time interval long enough
to allow most responses to return, which is intended to reduce the number
of unnecessary packet retries. However, these delays cause timeouts,
which lead to a poor customer experience.
These basic mechanisms provide a reasonable level of reliability with
minimal overhead and effort. However, as businesses increasingly depend
on their Internet presence and commit significant resources to improve
the reliability of their digital doorway, the reliability of these mechanisms
significantly underperforms the 99.99+% performance target for online
applications. These reliability issues are often made worse by lax operational
procedures, as domain administrators and service providers see little
need to expend the effort required to improve on inherent DNS reliability.
Companies have fewer options for improving DNS reliability than they do
for improving DNS accuracy. The most accessible approach for both small
and large companies is to treat DNS as an application that is just as
critical as their Web site, which means they must devote resources to
ensure DNS reliability does not suffer from lax operational procedures.
However, improving on the built-in try-retry strategies requires considerable
effort and overhead. The costs for such efforts typically can only be
justified by large service providers that can amortize the cost over many
domains. Even these providers face limitations to the number of domains
that can be hosted effectively, given the currently available software
tools.
OUTSORCED DNS MANAGEMENT: A NEW APPROACH TO DNS
The general market acceptance of the ASP model allows for a new approach
to DNS - outsourced DNS management. By devoting financial and human resources
to the problem, an ASP can develop a specialized DNS management solution
with fully redundant backup systems, high reliability, and quality-assurance
practices. The costs for the expertise, time, and resources incurred to
develop and operate this service can then be amortized over many customers.
A service provider with an outsourced DNS management solution could help
improve overall DNS performance in the following ways:
- Accuracy Through Quality of Service (QoS): The service provider monitors
the domain name-IP address relationships it hosts for misconfigurations,
invalid server locations, and response times.
- Availability Through Fast, Fresh DNS: Using advanced replication algorithms,
the service provider can frequently push DNS changes to its networked
nameservers. Using an ASP with worldwide DNS server loca tions offering
highly reliable DNS service, an organization can lower TTLs and reduce
the change propagation time. Fresh DNS information is quickly available
worldwide without sacrificing resolution speed.
- Reliability Through Worldwide Redundancy: Unlike most enterprises
with limited technical reach, ASPs can use a co-location strategy to
deploy and maintain nameservers throughout the world over a variety
of networks. Problems at any one network will not affect the overall
service's reliability. In addition, an ASP can deploy a fully redundant
DNS backup system, so that the failure of any one DNS nameserver does
not impact performance or reliability.
- Scalability Through User Management: By creating an outward-facing
Web interface with access authentication and quality control elements,
a DNS management service can distribute the workload of DNS manage ment
to either the customers or even end-users. This capability increases
the scalability of the solution, because fewer centralized, specialized
DNS administrators are required.
- Scalability Througb Relational Databases: With sufficient resources,
the DNS management service provider can develop an alternative nameserver
to BIND. Instead of a flat file repository, the service provider can
use a relational database as the main data source for DNS, leveraging
the reliability inherent in Oracle or DB2.
Table 1 summarizes the alternatives to increase DNS performance.
ISPS AND WEB HOSTERS: IMPROVED SATISFACTION WITH DNS MANAGEMENT
The ISP business model is undergoing a significant change. Profit margins
derived from providing connectivity are shrinking as connectivity becomes
a commodity business. Consequently, ISPs are looking for value-added services
they can offer their customers. Likewise, Web hosters' profit margins
from hosting Web sites are also dropping, driving Web hosters to seek
additional revenue streams.
VALUE ADDED SERVICE FOR END CUSTOMERS
Like the internally developed DNS management solutions, outsourced DNS
management services can positively impact end customer satisfaction. Either
as an additional expense line or as an added service for the same price,
DNS services can help service providers add revenue and differentiate
their services from competitors. ISPs and Web hosters are currently concerned
with DNS only in terms of resolving the names of the Web pages, e-mail
addresses, and core services they currently provide. For example, DNS
management could provide end customers with a DNS Web interface designed
to verify DNS configurations and proactively push DNS changes through
the nameserver and caching network. Pushing management back to the end
customers would allow DNS management service providers to scale effectively
and handle a large number of domains while reducing the effort and expense
on the part of the service provider.
SUPPORT PERFORMANCE OF PRIVATE CONTENT DISTRIBUTION NETWORKS
Another avenue of potential growth for service providers is the content
distribution market, which has been defined and dominated by content distribution
network providers (CDNs) such as Akamai and Digital Island. The CDN pie
has been growing exponentially over the past two years as companies have
sought to speed and guarantee delivery of their Web content around the
world. The CDN customers are the same customers that ISPs and Web hosters
are already serving. With CDN capabilities, ISPs and Web hosters could
offer one-stop shopping for access, hosting, and content distribution
needs.
Offering CDN capabilities, though, requires a complex DNS redirection
infrastructure. This DNS system would need to quickly and accurately point
customers to the nearest, freshest copy of the content, as well as load-balance
incoming requests in order to efficiently distribute the DNS load across
nameservers and caches.
The basic BIND tools are not well suited to address this complexity. DNS
service providers can offer, as a value-add, such services and tools to
help enable this infrastructure.
ULTRADNS: THE FIRST PROVIDER OF OUTSORCED DNS MANAGEMENT SERVICES
Aberdeen's research to date confirms that UltraDNS Corporation offers
the first outsourced management service dedicated to DNS. Launched in
July 2000, UltraDNS maintains a private network of authoritative nameservers
located around the world, as well as a 100% redundant backup network for
full failover capability. For a monthly fee based on the number of domains
hosted and the amount of DNS traffic processed, UltraDNS hosts the client
company's domain names on its network. The client redirects DNS queries
to UltraDNS, which provides guaranteed availability and reliability, and
predictable response times. The service includes advanced routing functionality
that directs DNS requests to the closest available server.
UltraDNS is suitable for any size of Internet-related business - from
large, multinational ISPs with hundreds of thousands of domains to small,
regional e-Businesses. Because UltraDNS has used its staff's expertise
to develop specialized DNS applications, it can offer potential customers
a short implementation time to richly textured applications for DNS management.
UltraDNS' services also include a reporting application, which helps customers
track and verify their DNS performance.
After engaging UltraDNS, customers interviewed by Aberdeen reported improved DNS performance in the following areas:
- Accuracy: UltraDNS constantly monitors its network of primary and
secondary nameservers for high quality control and low resolution latency.
One customer reported that UltraDNS would frequently fix a small data
entry error that was causing DNS error messages and then call to report
that there had been a problem. Another UltraDNS customer reported that
it received significantly fewer DNS Lookup Failures - with less IT staff
manpower - after engaging UltraDNS.
- Availability: Using its replication algorithms, UltraDNS can deliver
worldwide availability of DNS changes to its network nameservers in
less than five minutes. UltraDNS also allows firms to lower their TTL
without negatively impacting response time or DNS freshness. One e-Business
customer reported "significantly faster" site load speed when
using UltraDNS, which he believed caused a concurrent 15% increase in
user registrations. A different customer reported that he significantly
lowered TTL without any noticeable increase in response time or decrease
in reliability. Whereas his original DNS structure would take several
days to propagate DNS changes worldwide, with UltraDNS, changes were
appearing "significantly faster" across the globe.
- Reliability: An e-Business customer needed a cost-effective solution
for removing BIND from being a single point of failure on his network.
This customer did not want to create a fully redundant network, because
the cost-to-use ratio was too high, and the customer also did not want
to rely on the secondary and cache servers to back up a failed primary
nameserver. The UltraDNS solution met his reliability requirements so
that he could provide his end customers with a guaranteed level of service.
He felt this guarantee was particularly important for his e-Commerce
customers, where perceived loss of performance is sometimes worse than
an actual loss. UltraDNS' redundant full failover backup network, as
well as the DNS monitoring tools, enabled this customer to achieve the
required level of reliability.
- Scalability: Using Web interfaces, the UltraDNS system allows firms
to delegate management of specific DNS attributes such as IP address,
TTL, and active date. ISPs and Web hosters can resell these services
to end customers, providing an additional value-added service and revenue
stream for the service provider. Administrators and help desk operators
do not need to make basic DNS changes. Customer satisfaction is improved
because the service provider's network administrators are no longer
the bottleneck for entering changes into the system.
CHALLENGES FOR ULTRADNS
UltraDNS has two main challenges going forward. First, the common perception
about DNS management is that the current system is good enough. Though
that may be true for firms using their Web sites to distribute only product
and service information, most businesses must improve their DNS if their
Internet business units are to equal the performance and reliability of
other revenue-generating units.
Second, many of the largest ISPs and Web hosters have either already attacked
these DNS problems or have access to internal resources that can develop
customized solutions. U1traDNS needs to inform the market that its solution
can be deployed quickly and securely. Once a firm engages U1traDNS, it
does not need to worry about mundane management tasks such as loading
the newest BIND security patch on all of its primary and secondary servers.
U1traDNS will also address any future modifications to the DNS protocols,
while implementing best-of-breed DNS management practices.
ABERDEEN CONCLUSIONS
As stated in the Preface, DNS management is not a glamorous job. Aberdeen
research indicates that the reason DNS has been a low priority on the
management radar is that DNS management is not difficult. Aberdeen finds
this approach surprising, given DNS's critical role in an Internet-based
economy.
Until recently, commercial alternatives to BIND did not exist. Businesses
with higher DNS demands had no choice but to build new solutions internally.
DNS errors were not easily measured unless an outright failure occurred
in the system. Few firms even monitored the performance of their DNS.
Although many firms consider their DNS adequate in terms of accuracy,
availability, and reliability, Aberdeen research indicates that customer
satisfaction can be improved by beefing up DNS management and operational
practices. As ISPs, Web hosters, and e-Businesses strive for carrier-grade
availability, even the autonomic network elements like DNS will need to
be reviewed and improved. Likewise, Aberdeen recommends that, as Internet-related
business units increase their profit contributions to the corporate bottom
line, traditional businesses should design service level agreements (SLAB)
with service providers that include DNS performance measurements such
as accuracy, availability, and reliability.
Regardless of the performance gains from a managed DNS service, some firms
will always choose to control their own DNS management. Firms whose core
value proposition is dependent on DNS redirection, or enterprises that
have a nonBIND-based DNS implementation, for example, will dedicate human
and financial resources to developing customized DNS management applications.
For these firms, the costs and risks of outsourcing DNS management would
be greater than the benefits supplied by a managed DNS service.
Aberdeen recommends that these companies, as well as any other firm with
an Internet-related business unit, closely evaluate the costs of not improving
their DNS performance. In the make-or-buy DNS management decision, UltraDNS'
expertise and product offering make it a strong alternative to internal
development. Aberdeen is unaware of any other firm that is as focused
on addressing the manageability, scalability, and reliability limitations
that are present in most DNS system deployments. Aberdeen recommends that
these companies consider UltraDNS and its Managed DNS Service to increase
Web site reliability and customer satisfaction through improved DNS performance.
|
