The Case Against Free ISP DNS

Below are some highlights on our study of free DNS services provided by ISPs.
Download the PDF to read the complete article.

Your enterprise knows that its web presence is business critical. Why do you trust the reliability of that presence to a company that far from specializes in it? Your DNS management is critical to the reliability, speed and safety of your company.

Something this important is worth paying for.


Case Against Free ISP DNS, figure 1
Figure 1 | The data shows struggling performance, suggesting an under-powered box overwhelmed by requests.


Case Against Free ISP DNS, figure 2
Figure 2 | The name server restart causes an extreme increase in load speeds for the 5-10 minutes after each restart.


Case Against Free ISP DNS, figure 4
Figure 4 | Properly managed DNS name servers by Dynamic Network Services Inc.

DNS outages and misconfigurations cause website outages, email bouncing, and the breakdown of your phone system. By relying on your ISP for this service, you are unknowingly exposing yourself to continuous outages, affecting your website and the general accessibility of your online services. Outsourcing DNS to a specialized provider will increase your uptime and revenue while reducing the hidden soft costs of DNS maintenance.

Why are ISPs Bad at DNS?

ISPs provide pipe services, Internet connectivity. They have set up their business to ensure they can carry packets across their network. Sometimes they happen to offer other ancillary services that they cannot bill, but these services, like DNS, are not specialties or areas of expertise. They are theoretical value-adds.

Often times network operators are not familiar with the unique problems associated with DNS and other services. Network operators, for example, are not necessarily familiar with critical software patches that must be implemented in a timely manner to ensure attackers can be fended off.

No One is Watching

ISPs generally have extensive monitoring for network pipe services but severely lack external monitoring, a key measure in DNS performance. Because of this, ISP-based DNS are subject to regular outages that take quite some time to be fixed.

ISPs also do not typically provide service level agreements (SLAs) for DNS. Without this customer safeguard, designed to protect and guarantee service quality, customers are left with outages and downtime without any recourse.

What's Going Wrong?

Above you will find collected samples of DNS performance for two major ISP DNS servers, one that provides service for nearly 20,000 domains and the other that manages over 60,000. This monitoring was collected over several months for multiple transit providers and from multiple locations including Hong Kong, Palo Alto, Chicago, Washington DC, London, and Amsterdam. Represented here is an average day.

Looking at the graphs in Figure 1, one name server appears to be performing well while the other struggles significantly. This severe difference in performance is probably due to an under-powered box overwhelmed by requests. It's an easy fix, but when the ISP is responsible, no one is watching.

The other provider in Figure 2 has the classic we-only-make-updates-every-12 hours setup. Because of this, updates require the entire name server be restarted which causes an extreme increase in load speeds. The speed is far beyond the amount of time most users will wait thus causing potential customers to move on to other websites.

The results of ISP DNS are often "404 Not Found" pages displaying because the name server is being reset or the page loads slowly due to the restart of the name server. Either of these cases can cause the loss of revenue.

Based on the data from Figure 1, the approximate minimum amount of latency is 50ms, while the average is approximately 120ms. Figure 100,000 users/day at 70ms of extra latency amounts to 7,000 seconds or 2 hours/day that people are waiting for your web page to load, all because of DNS. If that went away, imagine how much more revenue you could generate just because a user didn't bounce to another website.

Off Net is Safer

Companies who earn their revenue online would be wise to consider having their DNS separate from their ISP network. If the ISP hosting your important online systems and providing DNS services has an outage, you would be unable to implement any high-availability or disaster recovery plans to route around outages.

Not Customer Centric

Case Against Free ISP DNS, clock icon

With ISPs, DNS settings are often only loaded once or twice a day. This means that if an outage occurs on your network at 9:00am, it may not be fixed until noon. With the twice-a-day update, the act of fixing that outage actually causes continued problems as the name server is restarted, problems and delays for both you and every other domain on that server.

Case Against Free ISP DNS, padlock icon

Security for DNS changes is critical. Your domain name is a sacred piece of your Internet presence and the redirection of that domain name should be handled securely. With ISP-based DNS management, this is not the case. The process for making these changes is lax and ripe for unauthorized individuals to make updates and cause outages.

A Better Way

Dyn.com Dynect Logo

DNS is a technical service that is best outsourced to a specialized provider focused on the unique challenges and benefits of well-balanced DNS management. The Dynect Platform can eliminate those daily outages and help you realize a better way to manage your IT infrastructure at an exceptional value. See Figure 4.

For more information about The Dynect Platform, please contact a member of our sales team.

Our clients love us

Flickr


See More Photos

Twitter