Showing posts with label DNS. Show all posts
Showing posts with label DNS. Show all posts

Wednesday, October 10, 2018

ThousandEyes: Fortune 50 companies unprepared for DNS attack

A whopping 68 percent of the top 50 companies on the Fortune 500 rankings are not adequately prepared for the next major attack on the DNS, according to the results of the 2018 ThousandEyes Global DNS Performance Report, which also found similar vulnerability among 44 percent of the top 25 SaaS providers, as well as 72% of the Financial Times Stock Exchange (FTSE) 100 companies.

Key findings of the 2018 ThousandEyes DNS Infrastructure Performance Report include:
Leading enterprises and SaaS providers remain needlessly vulnerable: DNS best practices are not widespread in major enterprises and SaaS providers, exposing them to severe risk and potentially making them vulnerable to the next attack such as Dyn experienced nearly two years ago.
Not every DNS infrastructure is created equal: DNS performance varies widely for public resolver providers and managed providers across regions and countries. Consideration for managed providers should be based on measured performance, rather than brand, or scope of global presence. 
Social and political systems create unpredictability: DNS performance variations correlate to countries known to interfere with Internet behavior, and controls over technology create risks for doing digital business in certain regions.

The 2018 ThousandEyes Global DNS Performance Report also provides an assessment of  DNS providers. Out of fifteen measured public DNS providers, newcomer Cloudflare was found to have overall fastest performance, followed by Google and OpenDNS, both of which improved over their performance in the 2017 ThousandEyes analysis. Top providers varied by region and country.

Performance highlights of the 2018 report include:

  • In the United States, Google was the top performer, followed by Cloudflare and OpenDNS. 
  • In the UK, Level 3 had the best performance, followed by Google and OpenDNS. 
  • In Japan, Cloudflare was the fastest performer, with Google in second and Neustar in third place. 

“Without DNS, there is no Internet. It's how users find a company’s apps, sites and services on the Internet. A DNS performance issue or attack can have a critical impact on customer experience, revenue, and brand reputation,” said Angelique Medina, senior product marketing manager at ThousandEyes. “The ThousandEyes report highlights vital insights that can help organizations design a more effective DNS infrastructure — because even the most basic DNS decisions can determine how a company’s application or service, and ultimately how their overall brand, is perceived.” 

The full 2018 ThousandEyes DNS Performance Report is available here.
https://www.thousandeyes.com/global-dns-performance-report

Monday, November 21, 2016

Oracle to Acquire for DNS Operations

Oracle has agreed to acquire Dyn, a leading cloud-based Internet Performance and Domain Name System (DNS) provider that monitors, controls, and optimizes Internet applications and cloud services. Financial terms were not disclosed, although media reports valued the deal at over $600 million.

Dyn said its DNS platform drives 40 billion traffic optimization decisions daily for more than 3,500 enterprise customers, including preeminent digital brands such as Netflix, Twitter, Pfizer and CNBC.

Oracle said Dyn’s DNS solution extends the Oracle cloud computing platform and provides enterprise customers with a one-stop shop for Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS).

“Oracle already offers enterprise-class IaaS and PaaS for companies building and running Internet applications and cloud services,” said Thomas Kurian, President, Product Development, Oracle. “Dyn’s immensely scalable and global DNS is a critical core component and a natural extension to our cloud computing platform.”

“Oracle cloud customers will have unique access to Internet performance information that will help them optimize infrastructure costs, maximize application and website-driven revenue, and manage risk,” said Kyle York, Chief Strategy Officer, Dyn. “We are excited to join Oracle and bring even more value to our customers as part of Oracle’s cloud computing platform.”

https://www.oracle.com/corporate/acquisitions/dyn/index.html

Dyn Managed DNS Hit by Major DDoS Attack


Dyn, which provides cloud-based Internet Performance Management and traffic steering to major websites, including Twitter, Zappos, Red Hat, BT, CNBC and Zillow, experienced a major DDoS was impacting its Managed DNS customers in its US East region. On its status update site, Dyn noted that it began monitoring and mitigating a DDoS attack starting at 11:10 UTC on October 21st-Friday 2016 against its Dyn Managed DNS infrastructure. Impacted web

Friday, October 21, 2016

Dyn Managed DNS Hit by Major DDoS Attack

Dyn, which provides cloud-based Internet Performance Management and traffic steering to major websites, including Twitter, Zappos, Red Hat, BT, CNBC and Zillow, experienced a major DDoS was impacting its Managed DNS customers in its US East region.

On its status update site, Dyn noted that it began monitoring and mitigating a DDoS attack starting at 11:10 UTC on October 21st-Friday 2016 against its Dyn Managed DNS infrastructure.

Impacted websites and services included Etsy, Heroku, Business Insider, Soundcloud, Spotify, Reddit, Github, Twitter and others

The company reported that its services were restored to normal as of 13:20 UTC, approximately two hours after the attack began, but then new attacks emerged against the Dyn Managed DNS infrastructure.

https://www.dynstatus.com/incidents/nlr4yrr162t8

Sunday, January 24, 2016

Blueprint: Five Things You Didn’t Know You Could Do With DNS

by Shannon Weyrick, Director of Engineering for NS1

Over the past 25 years there have been dramatic shifts in how companies deliver websites and applications. The pervasiveness of globally distributed cloud computing providers like AWS and Digital Ocean, along with the rise of Infrastructure as a Service (IaaS) and deployment automation, have dramatically reduced the costs and complexities of deploying applications. Users today can deploy servers in different parts of the world in minutes and leverage a multitude of software frameworks, databases and automation tools that all work to decentralize environments and improve uptime and performance.

The result is one of the more fundamental changes in the recent history of computing: today’s applications are distributed by default.

Unique Traffic Management Challenges for Modern Applications

While we’ve seen significant progress toward distributing applications on the infrastructure and application side, the tools website operators have at their disposal to effectively route traffic to their newly distributed applications haven’t kept pace. Your app is distributed, but how do you get your users to the right points of presence (POPs)?

Today, traffic management is typically accomplished through prohibitively complex and expensive networking techniques like BGP anycasting, capex-heavy hardware appliances with global load balancing add-ons, or by leveraging a third party Managed DNS platform.

As the ingress point to nearly every application and website on the Internet, DNS is a great place to enact traffic management policies. However, the capabilities of most Managed DNS platforms are severely limited because they were not designed with today’s applications in mind. For instance, most managed DNS platforms are built using off-the-shelf software like BIND or PowerDNS, onto which features like monitoring and geo-IP databases are grafted.

Until recently, a state-of-the-art DNS platform could do two things with regards to traffic management: first it wouldn’t send users to a server that was down, and second it would try to return the IP address of the server that’s closest to the end user making the request.

This is a bit like using a GPS unit from 1999 to get to a gas station: it can give you the location of one that’s close by and maybe open according to its Yellow Pages listing, but that’s about it. Maybe there is roadwork or congestion on the one route you can take to get there. Maybe the gas station is out of diesel, or perhaps they’re open but backed up with lines stretching down the block. Perhaps a gas station that’s a bit farther away would have been a better choice?

High-performing Internet properties face similar challenges in digital form, and they go far beyond proximity and a binary notion of “up/down.” Does the datacenter have excess capacity? What’s traffic like getting there - is there a fiber cut or congestion to a particular ISP we should route around? Are there any data privacy or protection protocols we need to take into account?

Intelligent DNS

Today’s data-driven application delivery models require a new way of managing DNS traffic. Next-gen DNS platforms have been built from the ground up with traffic management at their core, bringing to market exciting capabilities and innovative new tools that allow businesses to enact traffic management in ways that were previously impossible.

Here are five best practices to consider when implementing an advanced, intelligent traffic management platform:

  1. Intelligent routing: Look for solutions that route users based on their ISP, ASN, IP prefix or geographical location. Geofencing can ensure users in the EU are only serviced by EU datacenters, for instance, while ASN fencing can make sure all users on China Telecom are served by Chinacache. Using IP fencing will make sure local-printer.company.com automatically returns the IP of your local printer, regardless of which office an employee is visiting.
  2. Leverage load shedding to prevent meltdowns: Automatically adjusting the flow of traffic to network endpoints, in real time, based on telemetry coming from endpoints or applications, can help prevent overloading a datacenter without taking it offline entirely, and seamlessly route users to the next nearest datacenter with excess capacity.
  3. Enact business rules: Meet your applications’ needs with filters that use weights, priorities and even stickiness by enacting business rules. Distribute traffic in accordance with commits and capacity. Combine weighted load balancing with sticky sessions (e.g. session affinity) to adjust the ratio of traffic distributed among a group of servers while ensuring that returning users continue to be directed to the same endpoint.
  4. Route around problems: Identify solutions that provide the ability to constantly monitor endpoints from the vantage point of the end user and then send those coming from each network to the endpoint that will service them best.
  5. Cloud burst: Leverage ready-to-scale infrastructure to handle planned or unplanned traffic spikes. If your primary colocation environment is becoming overloaded, make sure you're are able to dynamically send new traffic to another environment according to your business rules, whether it’s AWS, the next nearest facility or a DR/failover site.

 For businesses that need to deliver Internet-scale performance and reliability for high-volume, mission-critical applications, they must rethink their current DNS and traffic management capabilities. Traditional DNS technologies are fractured and rudimentary, making the industry ripe for disruption in order to accommodate today’s demanding applications.

Tomorrow’s modern distributed application delivery will be supported by converging dynamic, intelligent and responsive routing technologies. Whether you’re building the next big thing or you’ve already made it to the Fortune 500, best practices suggest that it’s time to evaluate current DNS and traffic management platforms with an eye on solving previously intractable problems and improving performance for webscale applications.

About the author

Shannon Weyrick is the director of engineering for NS1 and has been working in Internet infrastructure since 1996, when he got started at an ISP in upstate New York. He’s been programming, however, since time immemorial, and loves it to this day. Shannon can find his way around any full backend stack, but he’s focused on software development, and has created or contributed to many open source projects throughout the years. Shannon previously worked at Internap and F5 Networks architecting and developing distributed platforms for a variety of infrastructure projects.




Got an idea for a Blueprint column?  We welcome your ideas on next gen network architecture.
See our guidelines.

 

Thursday, March 12, 2015

OpenDNS Acquires BGPmon, Extending its Network Monitoring Services

OpenDNS, which provides network security and DNS services, has acquired BGPmon, a provider of network and routing monitoring services based on the Border Gateway Protocol (BGP). Financial terms were not disclosed.

BGPmon’s service monitors customer networks from hundreds of vantage points worldwide and delivers near real-time alerts in case of a route-hijack, network instability or policy violations.

“Network attacks are becoming more sophisticated everyday and companies need to prepare for the fact that unexpected parts of their internet infrastructure will be targeted,” said David Ulevitch, founder and CEO of OpenDNS. “BGPmon has built a service that helps the largest companies, networks, and services on the Internet better understand traffic changes and maintain a stronger security posture. Its network security monitoring and routing features will enhance the OpenDNS Global Network and broaden our ability to discover, catch and better predict advanced attacks.”

https://www.opendns.com/
http://www.bgpmon.net/

Monday, March 9, 2015

Akamai Acquires Xerocole

Akamai Technologies acquired Xerocole, a provider of recursive DNS functionality.  Financial terms were not disclosed.

Xerocole's intelligent recursive DNS technology was designed to provide carriers with security, speed, and the ability to dynamically and flexibly set DNS policy and user preferences.
Akamai said the deal enables it to expand its DNS product portfolio beyond the company's existing 
Authoritative DNS products to more completely meet the needs of customers and network partners.

"We see this acquisition as an important investment in engineering talent and technology that is intended to complement our DNS product portfolio and strategy," said Rick McConnell, Akamai's President of Products and Development. "We believe that Xerocole has some of the best DNS experts in the industry and that recursive DNS has strategic value to the Akamai Platform and to each of our business units. Xerocole's technology is expected to strengthen our value to our major carrier and network partners."


See also