State of the Cloud DNS Report

Transcription

1 transparency for the cloud State of the Cloud DNS Report Basic Edition August

2 Table of Contents Overview Introduction 3 Anycast vs. Unicast DNS 3 Provider Overview & Current News 4 Provider Marketshare 6 Technology Used 8 DNS Performance Analysis Performance Analysis Overview 20 Service Availability 20 Synthetic Performance 21 Real User Performance 26 RIPE Atlas Performance - Synthetic 31 DNS Features Health Checks - Failover 10 Health Checks - Load Balancing 10 Location Based Routing (Geo IP) 11 Zone Based Routing (Anycast) 11 DNSSEC 12 Primary/Secondary DNS Support 13 Pricing DNS Query Volume Pricing 15 Feature Pricing 16 DNS Propagation Latency 18 2 State of the Cloud DNS Report 2015 Inc. Table of Contents

3 Overview Introduction 3 Anycast vs. Unicast DNS 3 Provider Overview & Current News 4 Provider Marketshare 8 Technology Used 10 3 State of the Cloud DNS Report 2015 Inc.

4 Introduction The Domain Name System (DNS) is the method by which hostnames such as " are translated into addresses used by computers to communicate; DNS is fundamental to operation of the Internet. If an domain loses DNS functionality, hostnames will be inaccessible for users - even if servers are functioning. Additionally, DNS can be a security threat if hacked and hostnames redirected to unauthorized servers that may in turn capture sensitive user information. Because of the mission critical nature of DNS, many organizations elect to outsource DNS hosting to specialized vendors that provide better availability, security, and performance. Anycast vs. Unicast DNS At the network level, there are 2 methods for hosting DNS servers: Unicast and IP Anycast. Unicast DNS Unicast DNS sends users to fixed DNS servers regardless of where the user is located. If DNS servers are located in the United States, a user in Australia will experience slower DNS response than a US based user. Additionally, if a DNS server is down, DNS queries may fail entirely. Anycast DNS IP Anycast DNS provides network optimizations wherein DNS queries are directed to the closest server, thus providing more consistent and faster response. IP Anycast DNS also provides redundancy and failover. If a DNS server goes down down, IP Anycast can automatically re-route users to other functioning servers. 4 State of the Cloud DNS Report 2015 Inc. Overview

5 Providers Included 5 State of the Cloud DNS Report 2015 Inc. Overview

6 Provider Marketshare To track marketshare, we track name servers for Alexa top 10,000 and Fortune 500 websites monthly. The tables below provide marketshare statistics for DNS providers based on this tracking. To determine provider affiliation we use hostname, IP and ASN matching for primary and secondary hostnames. Marketshare changes may be attributed to changes in the makeup of the lists (monthly for Alexa, annual for Fortune 500) or actual provider changes. This content is available in the Premium Edition available at 6 State of the Cloud DNS Report 2015 Inc. Overview

7 Provider Marketshare Top 20 Provider Changes This content is available in the Premium Edition available at 7 State of the Cloud DNS Report 2015 Inc. Overview

8 Technology Used DNS Software DNS server software listens for and responds to DNS queries. DNS providers may utilize open source or proprietary software. Open source software has the advantage of established reliability and community support, while proprietary software may provide more flexibility and a point of distinction for vendors. Geo IP Database To implement Location Based Routing providers license Geo IP databases from one of three possible vendors: MaxMind, Neustar or Digital Envoy. In the case of MaxMind, providers often add some customization to the database to improve accuracy. The table below lists Geo IP databases used by each provider if known. Provider Software Type Provider Database Akamai DNS Proprietary Akamai DNS Unknown DNS Made Easy Proprietary (Elite Resolution Platform) DNS Made Easy NA Dyn DNS Bind Dyn DNS MaxMind 1 Easy DNS Bind Easy DNS NA EdgeCast DNS Unknown EdgeCast DNS Unknown NSONE DNS Proprietary NSONE DNS MaxMind 1 Amazon Route 53 djbdns Amazon Route 53 Unknown UltraDNS Proprietary UltraDNS Neustar IP Intelligence Verisign DNS Proprietary (Atlas) Verisign DNS Digital Envoy 1. Customized for improved accuracy 8 State of the Cloud DNS Report 2015 Inc. Overview

9 DNS Features Health Checks - Failover 10 Health Checks - Load Balancing 10 Location Based Routing (Geo IP) 11 Zone Based Routing (Anycast) 11 DNSSEC 12 Primary/Secondary DNS Support 13 9 State State of the Cloud DNS Report 2015 Inc.

10 Health Checks Failover Health Checks Load Balancing DNS Failover resolves hostnames based on availability of target hosts. If the primary host becomes unavailable, DNS records update automatically to respond using a secondary host. When the primary host is restored, DNS records automatically revert. Like DNS Failover, DNS Load Balancing monitors availability of DNS hosts. However, with Load Balancing all hosts are considered primary. If a host fails, it is removed from the list of possible DNS responses. Provider Failover Provider Failover Akamai DNS Akamai DNS DNS Made Easy DNS Made Easy Dyn DNS Dyn DNS Easy DNS Easy DNS EdgeCast DNS EdgeCast DNS NSONE DNS NSONE DNS Amazon Route 53 Amazon Route 53 UltraDNS UltraDNS Verisign DNS Verisign DNS 10 State of the Cloud DNS Report 2015 Inc. DNS Features

11 Location Routing (Geo IP) Zone Routing (IP Anycast) Location Based DNS takes into account resolver (or user with EDNS support) location (using a Geo IP database) when responding to DNS queries. Common use case for this feature is routing users to nearby hosts for improved response times. Anycast Zone Based DNS is similar in purpose to Location Based DNS, minus use of Geo IP. Instead, responses may be different depending on the location of the DNS POP receiving the query. Provider Akamai DNS DNS Made Easy Dyn DNS Easy DNS EdgeCast DNS NSONE DNS Amazon Route 53 UltraDNS Verisign DNS Geo IP Provider Akamai DNS DNS Made Easy Dyn DNS Easy DNS EdgeCast DNS NSONE DNS Amazon Route 53 UltraDNS Verisign DNS Geo IP 11 State of the Cloud DNS Report 2015 Inc. DNS Features

12 DNSSEC DNSSEC (Domain Name System Security Extensions) is a specification for securing DNS information - DNSSEC was designed to protect clients from forged DNS responses. All responses in DNSSEC are digitally signed; by checking the digital signature, a DNS client is able to verify the information is exactly the same as the information from the authoritative DNS server. Provider Provider Managed User Managed Akamai DNS DNS Made Easy Dyn DNS Easy DNS EdgeCast DNS NSONE DNS Amazon Route 53 UltraDNS Verisign DNS Provider or User Managed DNSSEC Manual generation and management of necessary DNSSEC certificates and digital signatures can be very complex and cumbersome. Some providers simplify this by automating these tasks within their management interface. 12 State of the Cloud DNS Report 2015 Inc. DNS Features

13 Primary/Secondary DNS Support BIND DNS software provides an industry standard method for sharing DNS records between servers. This protocol utilizes a primary server to manage a DNS zone, and secondary, read-only servers capable of responding to DNS queries. Secondary servers synchronize to the master using zone transfer requests. BIND defines two synchronization methods: AXFR: transfer the entire DNS zone configuration IXFR: transfer incremental changes The following tables lists support by each service these BIND synchronization protocols: When Service is Primary Provider AXFR IXFR NOTIFY TSIG Akamai DNS DNS Made Easy Dyn DNS Easy DNS EdgeCast DNS NSONE DNS Amazon Route 53 UltraDNS Verisign DNS 1. Supported when secondary is within the zone BIND also defines two methods secondary servers use to determine when DNS zone changes have been made: Polling: Secondary servers periodically query the master server for changes NOTIFY: The master server notifies secondary servers when changes are made DNS transfers between primary and secondary servers may be secured using Transaction SIGnature (TSIG) keys supported by some services. When Service is Secondary Provider AXFR IXFR NOTIFY TSIG Akamai DNS DNS Made Easy Dyn DNS Easy DNS EdgeCast DNS NSONE DNS Amazon Route 53 UltraDNS Verisign DNS 13 State of the Cloud DNS Report 2015 Inc. DNS Features

14 Pricing DNS Query Volume Pricing 15 Feature Pricing State of the Cloud DNS Report 2015 Inc.

15 Pricing Some providers have public pricing and self sign-up, while others require sales contract negotiation. For the latter, pricing may vary depending on usage commitment, negotiation capabilities, and other extraneous factors. The pricing matrix below provides a breakdown of estimated costs at various usage commitments for each provider. To collect this information, we have independently researched and contacted vendors not disclosing pricing publicly. DNS Query Pricing Pricing Per Month This content is available in the Premium Edition available at 15 State of the Cloud DNS Report 2015 Inc. Pricing

16 Advanced Feature Pricing Providers structure and price add-on features differently. The matrix below is an attempt to list comparable add-on pricing for each provider and feature. Pricing Per Month This content is available in the Premium Edition available at 16 State of the Cloud DNS Report 2015 Inc. Pricing

17 DNS Propagation Latency DNS Propagation Latency State of the Cloud DNS Report 2015 Inc.

18 DNS Propagation Latency DNS propagation latency is the amount of time from submission of a DNS record change until that change is visible across a providers entire DNS network. Analysis is provided for both primary and secondary DNS hosting. The latency metric is the median of measurements from approximately 200 globally distributed test servers. Primary Zone This content is available in the Premium Edition available at Secondary Zone 18 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

19 DNS Performance Analysis Performance Analysis Overview 20 Service Availability 20 Synthetic Performance 21 Real User Performance 24 RIPE Atlas Performance State of the Cloud DNS Report 2015 Inc.

20 Performance Analysis Overview Service Availability The following table lists service availability for the past 30 days. This analysis is based on monitoring of name servers using geographically disperse monitoring servers. A minimum of 3 nodes are used in each geographical region. If at least 1 name server is reachable and responds to a DNS query the service is considered available. Outages are triggered if all 3 monitoring servers are simultaneously unable to connect to all name servers. We use an external monitoring service, Panopta, to monitor availability Service Global US West US Central US East Europe Asia Oceania Africa Akamai DNS 100% 100% 100% 100% 100% 100% 100% 100% Amazon Route % 100% 100% 100% 100% 100% 100% 100% CloudFlare DNS 100% 100% 100% 100% 100% 100% 100% 100% DNS Made Easy 100% 100% 100% 100% 100% 100% 100% 100% Dyn 100% 100% 100% 100% 100% 100% 100% 100% Easy DNS 100% 100% 100% 100% 100% 100% 100% 100% NSONE 100% 100% 100% 100% 100% 100% 100% 100% UltraDNS 100% 100% 100% 100% 100% 100% 100% 100% Verisign DNS 100% 100% 100% 100% 100% 100% 100% 100% 20 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

21 Synthetic Performance We monitor synthetic DNS response times using a combination of dig (a DNS utility) and our network of 180 global monitoring nodes. The purpose of this is to measure the amount of time it takes for provider DNS servers to respond to queries from these nodes. These measurements are taken every 5 minutes from each monitoring node. During each test interval, multiple measurements are taken and the median, mean, min, max and standard deviation metrics are captured. The response times used in the graphs below are derived from the median values and aggregated into multiple geographic regions. North America 21 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

22 Synthetic DNS Response Time continued Europe 22 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

23 Synthetic DNS Response Time continued Asia 23 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

24 Synthetic DNS Response Time continued Oceania 24 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

25 Synthetic DNS Response Time continued Global 25 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

26 Real User Performance To collect end-user DNS response time, we use a browser-based test at: This test, used domains and wildcard (A) records we have configured with each managed DNS provider. The test alternates downloading a 5 byte javascript file using random cached and uncached random hostnames. End-User DNS response time is then calculated as the difference between these measurements. The response times used in the graphs below are derived from the 90th percentile of the median values. The purpose of this section is to present DNS performance from the end-user perspective. This differs from synthetic response times because it employs the user's recursive DNS chain. North America This content is available in the Premium Edition available at 26 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

27 Real User Performance continued Europe Ths content is available in the Premium Edition available at 27 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

28 Real User Performance continued Asia Ths content is available in the Premium Edition available at 28 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

29 Real User Performance continued Oceania Ths content is available in the Premium Edition available at 29 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

30 Real User Performance continued Global Ths content is available in the Premium Edition available at 30 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

31 RIPE Atlas Performance RIPE Atlas is a global network consisting of approximately 6534 public test probes capable of measuring connectivity to Internet endpoints on demand (view network map). Most RIPE Atlas probes are located on the Internet last mile, thus providing analysis that is more user-centric compared to testing from data centers. Users hosting RIPE Atlas probes receive credit to take measurements from other probes. We host 2 such probes and use credits to measure latency and recursive DNS performance for cloud services. North America This content is available in the Premium Edition available at 31 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

32 RIPE Atlas Performance continued Europe Ths content is available in the Premium Edition available at 32 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

33 RIPE Atlas Performance continued Asia Ths content is available in the Premium Edition available at 33 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

34 RIPE Atlas Performance continued Oceania Ths content is available in the Premium Edition available at 34 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

35 RIPE Atlas Performance continued Global Ths content is available in the Premium Edition available at 35 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis