CloudfloorDNS Blog

08-21-2017 – Don’t let a DDoS attack Eclipse your DNS

By: Eric McIntyre, Sr. Director of DNS Business Development at CloudfloorDNS

DNS OutagesDDoS attacks are on the rise and the experts don’t forsee any slowdown in the near future.   Attackers utilize botnets, IoT devices and other compromised systems to build cyber-armies and leverage these armies against you directly or your DNS service provider.  In many cases, DD0S attacks can be fatal to small online businesses that aren’t protected.

The first step to protecting your online digital business is at the infrastructure level and that means DNS.   Here are a few steps you can use to protect your digital business when it comes to DNS:

1 – Don’t get caught using your “hosting or registrar” DNS 
DNS typically comes free with any domain you register or web hosting or domain registrar but there is a drawback to this.  In most cases their DNS is much slower and less resilient when it comes to DD0S attacks.   Since DNS is such a critical component to your online success, you should invest in DNS as a business strategy.   This means going with Managed DNS and setting up a budget for fast, reliable DNS. Pick a managed DNS provider that uses an Anycast DNS network like CloudfloorDNS, NS1, UltraDNS, Dyn or others.  These guys focus solely on DNS as a Service and run large Anycast DNS networks in the cloud.  They also have DDoS mitigation in place to help thwart attacks and are typically much more fortified than your Web hosting or domain registrar DNS

2 – Backup your DNS with Secondary DNS
Secondary DNS is a standard method to safely backup your DNS zones onto another DNS provider/network if your primary DNS provider goes down. Secondary DNS has been around for quite some time although it’s not often implemented  – even though it can save your business if you have a primary DNS outage (like the attack on Dyn back in Oct 2016).  Setting up secondary DNS only takes about 10 minutes if not less and instantly copies your DNS zones to a secondary provider.  The “spreads the risk” across two DNS providers and in many cases can also speed up your DNS.   Best of all, Secondary DNS is low cost and will have a minor impact on your budget yet provides the best possible insurance you can ask for in DNS Infrastructure

3 – Utilize Advanced DNS services
GEO DNS, DNS Failover and DNS Load Balancing are some of the best ways to manage your DNS Traffic and add uptime to your online services.   DNS Failover and DNS Load balancing are standard offerings by all managed DNS providers and are also low cost ways to extend your reliability and scalability. Monitoring your servers from multiple locations and failing over DNS to a backup when your primary fails can help extend the reliability of your customer facing servers and apps.   Monitoring them for latency can also be implemented, so any servers that slow down above a certain threshold (in ms) can be taken out of the load balancing pool.

GEO DNS can also be used to increase performance and customer retention.  By geo-locating your clients in their DNS requests you can determine the closest/fastest server and then send them to the version of your website or application in their local language and currency.    It’s a well know fact that faster websites/apps and localized content helps convert more customers and makes your website or app more “sticky”

These are just a few of the many suggestions to help you keep the lights on when it comes to your digital business and DNS.  In the age of DDoS Attacks, ransomware attacks and other digital criminal mischief it’s important that you realize the critical nature of your DNS infrastructure and make proper investments to ensure the reliability of your online operations