01.31.2012 By Chris Gonyea
How To Switch Managed DNS Providers In Five Easy Steps
When talking to a potential or new customer, a constant fear I sense is how to switch to a new DNS provider without any downtime. Perhaps it was a past DNS move that didn’t go well or maybe it’s just resistance to the unknown, but it’s the job of myself and my awesome Concierge team to make transitions painless and ultimately successful.
I have some great news: moving DNS providers is easy and straightforward and you can accomplish it in just five easy steps, avoiding any downtime. If you have ever thought about switching but just can’t pull the trigger, let’s put those fears to rest forever!
Read More01.11.2012 By Tom Daly
Anycast Vs. Unicast: The Skinny on Nameserver Routing
You’re the guy/gal charged with making sure your business’ web site and ecommerce storefront are running nice and fast, so you run a quick waterfall chart on your site and learn that DNS is limiting your site’s performance. You jump on the Internet, do some Google searches and learn about this thing called Anycast DNS.
You then follow some more links and learn about another thing called Unicast DNS. You read people talking about having both and others talking about having one or the other. You can’t really decipher between the two because there’s hardly any accessible documentation about it. I’m going to break this mystery down for you in this post, kicking it off with a simple guidance statement:
It’s all about the routing, redundancy and geography.
Read More12.12.2011 By Tom Daly
SOPA: Why Do We Have To Break The DNS?
Last month, we posted our position piece on the Stop Online Piracy Act, also known as SOPA or the E-Parasite Act. In this post, I’m going to examine the technical details of the act and how it relates to the operation of the global Domain Name System (DNS).
SOPA proposes the idea of using DNS-based filtering by Internet Service Providers (ISPs) as a means to remove U.S. support of a foreign infringing website.
While the bill doesn’t specifically define how the ISP should technically go about this, it does seem to indicate that an ISP should capture, redirect and modify DNS query / response pairs to ensure that a downstream user does not access the site. There’s a number of ways to “remove support” from a foreign infringing website at the DNS level, so we’ll take a look at the techniques that could be used at all the layers of the DNS and why some are more destructive than others.
Read More12.06.2011 By Tom Daly
Worldwide DNS Infrastructure Upgrades Continue: Australia, Hong Kong, Dallas
Back in January, Dyn’s Operations Team was given a monumental task: perform a series of infrastructure upgrades to Dyn’s global anycast DNS network without causing any downtime or degradation of service for our customers. This meant upgrades to each of our 17 anycast data centers – new routers, switches, servers and supporting gear.
I’ve already blogged about our significant upgrades to our US infrastructure, so now it’s time to talk about our efforts overseas.
Read More12.06.2011 By Kevin Gray
Geo Traffic Management Preview: Manage The World With DNS
In my travels and talks about global load balancing with potential customers, I have frequently heard requests to narrow down where traffic is sent to, either to a specific country or set of countries. The reasons vary quite a bit: language-specific sites, products and services offered only to certain locales, security concerns and a multitude of other possible applications.
The good news today is that our top of the line engineers and operations staff listened and we are currently in beta for a new DynECT Managed DNS feature called Geo Traffic Management Service. Here’s a primer on how it works currently and how it will work when ‘beta’ is removed in 2012.
Read More12.02.2011 By Tom Daly
Observed DNS Anomaly: Bumps in DNS ANY Query Activity
For the past 5 days, we’ve been seeing a 20-25% bump in DNS QPS for random 5-10 minutes intervals that started back up this morning. It’s certainly not a pattern that we’re accustomed to seeing, so we classified this as a traffic anomaly and sent our Operations Team searching for answers on what the source of this might be.
Here’s the particulars of what we’re seeing:
Read More11.07.2011 By Tom Daly
Post Mortem: Attack To Dyn Standard DNS Nameservers
15:03 UTC: the Dyn Operations team was notified of an issue with Dyn Standard DNS nameservers. The team then immediately began investigating the issue and identified it as a Distributed Denial of Service (DDoS) attack against all five Dyn Standard DNS nameservers. Compounding this issue was a series of wide scale Internet stability issues caused by a software bug in a major networking vendor’s routing code, which affected BGP routing for the a good majority of the Internet. This added complexity in identifying the DDoS vector, ultimately delaying our efforts to begin mitigation of the attack.
15:20 UTC: the nature of the attack was identified and our DynStatus site was updated. Operations began deploying our well-practiced DDoS countermeasures and mitigations. At 15:40 UTC, a majority of Dyn Standard DNS nameservers were offline due to complete exhaustion of server resources attempting to migitate the attack. At 16:10 UTC, all Dyn Standard DNS nameservers went offline as server resources were completely exhausted.
16:32 UTC: our ns2.mydyndns.org nameserver returned to service, protected by a variety of anti-DDoS mitigation systems including router ACLs, firewalls and DDoS scrubbing devices. At 16:50 UTC, the ns3.mydyndns.org nameserver returned to service. Due to complexities of fully reloading edge nameservers, it took until 17:50 UTC to return ns1.mydyndns.org and ns4.mydyndns.org to service. Finally, ns5.mydyndns.org was back in service at 18:15 UTC.
An additional complicating factor was that our DynStatus site became overwhelmed with traffic at 16:30 UTC. At this time, we opted to use both Twitter feeds to communicate with our users (primarily @DynDNS and @DynInc) while we altered the configuration of the DynStatus site to handle additional load. At 17:23 UTC, the DynStatus site was online again.
So today, for the first time since 2001, we experienced a full 22 minute outage of our Dyn Standard DNS nameservers, which means that we reset our Dyn Standard DNS uptime counters back to zero. For that, we’re disappointed and we apologize to our customers that were affected by both the outage and the hiccup with our DynStatus site that prevented us from communicating to the extent that we wanted to do. We believe that transparency is critical in keeping our customers informed and will be taking efforts to harden our DynStatus site to ensure it is always available, even if or DNS servers are not. We appreciate your decision to use our services and we thank you for the patience during this issue.
As Dyn is constantly dealing with DDoS attacks, we have a tradition of naming them similar to the way hurricanes are named in the US. Today’s event was named Fiona. Attached to the name is a post mortem analysis of the event to identify the area of weakness in our network and systems, so that immediate improvements can be made. That process has already started.
For customers utilizing Dyn’s DynECT Managed DNS platform, served from 17 global datacenters, no issues or outages were observed during the course of the event.
Read More10.25.2011 By Dyn Guest Blogs
Guest Blog: Why A DNS Partner Is Crucial For Real-Time Ad Platforms
This week’s guest post is from Bosko Milekic, VP Technology of BLOOM Digital Platforms, creators of the AdGear real-time ad platform.
At BLOOM Digital Platforms, we spend most of our days (and sometimes nights) developing, maintaining and running our full stack ad platform, AdGear. To outsiders, this may seem like an extremely daunting task. After all, to some extent, we compete with the likes of Google and AOL, but when it comes to the size of our engineering team, we’re much smaller. In fact, we pride ourselves on managing to maintain the agility, flexibility and nimbleness associated with small, tightly-knit teams, even (and especially) as we grow — something that permeates throughout every choice of technology and provider we make.
We feel that remaining flexible and open is a key feature for our customers, publishers and agencies who don’t consider what we do to be a commodity and it’s really what allows us to stay ahead of the game while maintaining extremely competitive pricing.
With that said, running an ad technology platform and all its supporting infrastructure is not an easy task. Maintaining our agility while growing our volume to many billions of ad requests a month demands incredible focus and dedication, which we would not be able to sustain without the help of our partners. We pick our partners carefully and demand the same level of dedication and focus from them.
Read More10.17.2011 By Dyn Guest Blogs
Free DNS Services Can Hurt Web Performance
(This is a guest post from Mehdi Daoudi, CEO and Co-Founder of Catchpoint)
After working with one of our clients earlier in August, I tweeted the following: “I am just amazed how many companies use their registrars DNS as primary DNS … not GOOD! “
I have previously talked in our blog about the importance of DNS on web performance but in reply to the tweet, I received several questions — making it clear that registrar-provided DNS needed a discussion all of its own.
This is that discussion.
Read More10.13.2011 By Tom Daly
NANOG: Stewards Of The Internet
I was at NANOG 53 in Philadelphia, PA, this week and while on the flight home, I started thinking about the roots of the Internet, how the network was constructed and the ways in which it has evolved in our daily lives. I spent some time thinking about what has changed with the Internet and what things remains the same today.
Thinking about this immediately post-NANOG yields interesting thoughts with one key theme emerging: one thing that hasn’t changed about the Internet is that it takes a closely-knit group of evangelists and stewards to keep it running.
Read More