IT departments need to make web application resiliency a priority, and DNS plays an important part in that.
Web applications and sites are often the first touch point between companies and potential customers. If they’re down or slow, it can mean lost business. As such, it’s not enough to have just one DNS system, because that represents a single point of failure. With the evolving threat landscape, a multiple DNS approach is paramount.
Matt Torrisi, a senior solutions engineer at Oracle Dyn, gave an in-depth presentation on web application resiliency and multi-platform DNS at the O’Reilly Velocity Conference in San Jose, Calif. and taught an online training course on the topic.
In this Q&A, Torrisi discusses the importance of resilient applications and the pros and cons of having multiple DNS platforms.
Why is web application resiliency so important today?
Time and money. If you have an application and you’re running a business, you have a vested interest in staying online to perform whatever it is your organization is doing.
We would build an N+1 configuration for anything. We have multiple servers, multiple load balancers, multiple transit, multiple hosting. We’re so used to having multiple anything. But for whatever reason, we as an industry have settled on having just one DNS provider. That needs to change.
How can having multiple DNS platforms improve web application resiliency?
DNS is the first connection whenever someone is trying to connect to your brand – trying to go to your website, using API resources on your back end, whatever it is that you do. DNS lookups are what allow users to connect to your servers. If you don’t have resiliency in that, you don’t have resiliency in anything. It’s a core, fundamental pillar, but it’s something that’s been overlooked by a large majority of the population.
What are some other benefits of having multiple DNS platforms?
There’s a little bit of a performance boost. Different operators have different connections to local providers.
Suppose you’re a Swedish company and you operate primarily out of Scandinavia. You might have a really good presence in Scandinavia with multiple locations, and maybe one or two around the world, if that. We’re a global network, so we’re going to give you greater access to the Americas, APAC, the rest of Europe. If you have users in those other markets, in a multiple DNS format, they’re going to get to the fastest location.
The flip side of that is, if you operate in a space, you might actually have better connectivity if you have really tight connections to some of the major ISPs in, say, Scandinavia. And that’s OK. If you have a bad day, we’re there, and if we have a bad day, you’re there.
Are there any drawbacks to this approach?
You have to pay for two. And there is sometimes complexity. If you have multiple DNS providers, you tend to go down to the lowest common denominator. If you have one provider that doesn’t do traffic steering and two that do, you can’t put the same host on all three. You can put different material on each, and there are ways to manage that, but fundamentally, if you want to have a host across multiple providers, they need to have the same DNS behavior.
But this complexity is greatly outweighed by the need for resiliency.