State of the Cloud DNS Report



Similar documents
State of the Cloud DNS Report

State of the Cloud DNS Report. Basic Edition July 2014

State of the Cloud DNS Report. Basic Edition April 2014

BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

State of the Cloud DNS Report

USING TRANSACTION SIGNATURES (TSIG) FOR SECURE DNS SERVER COMMUNICATION

The Domain Name System (DNS) A Brief Overview and Management Guide

Global Server Load Balancing

Request Routing, Load-Balancing and Fault- Tolerance Solution - MediaDNS

FortiBalancer: Global Server Load Balancing WHITE PAPER

Use Domain Name System and IP Version 6

ANATOMY OF A DDoS ATTACK AGAINST THE DNS INFRASTRUCTURE

Copyright International Business Machines Corporation All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure

STATE OF DNS AVAILABILITY REPORT

Traffic Controller Service. UltraDNS Whitepaper

Monitoring Techniques for Cisco Network Registrar

The OpenDNS Global Network Delivers a Secure Connection Every Time. Everywhere.

Understanding DNS (the Domain Name System)

The Canadian Internet Registration Authority (CIRA) manages a 100% up time service - the.ca domain name registry for over 2.

Why Managed DNS Services

Combining Global Load Balancing and Geo-location with Emissary TM

The secret life of a DNS query. Igor Sviridov <sia@nest.org>

Citrix NetScaler Global Server Load Balancing Primer:

Array Networks NetContinuum. Netli. Fine Ground. StrangeLoop. Akamai. Barracuda. Aptimize. Inkra. Nortel. Juniper. Cisco. Brocade/Foundry.

Global Server Load Balancing

Networking Domain Name System

Products, Features & Services

A Link Load Balancing Solution for Multi-Homed Networks

Domain Name System Procedures

DNS Architecture Case Study: Resiliency and Disaster Recovery

The Survey Report on DNS Cache & Recursive Service in China Mainland

IPv6 support in the DNS

Chapter 25 Domain Name System Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

OVERVIEW OF THE DNS AND GLOSSARY OF TERMS

Where is Hong Kong in the secure Internet infrastructure development. Warren Kwok, CISSP Internet Society Hong Kong 12 August 2011

Request for Comments: 1788 Category: Experimental April 1995

OVERVIEW OF THE DNS AND GLOSSARY OF TERMS

Deploying IP Anycast. Core DNS Services for University of Minnesota Introduction and General discussion

The Importance of a Resilient DNS and DHCP Infrastructure

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

WAN Traffic Management with PowerLink Pro100

Akamai CDN, IPv6 and DNS security. Christian Kaufmann Akamai Technologies DENOG 5 14 th November 2013

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Response Policy Zones for the Domain Name System (DNS RPZ) By Paul Vixie, ISC (et.al.) 2010 World Tour

The F5 Intelligent DNS Scale Reference Architecture.

Flexible Training Options to Make the Most of Your IPAM Deployment

Content Delivery and the Natural Evolution of DNS

Ensuring Business Continuity and Disaster Recovery with Coyote Point Systems Envoy

Registry Update. John Dickinson. Nominet UK

Network Registrar Data Backup and Recovery Strategies

Configuring Failover

Application and service delivery with the Elfiq idns module

Disaster Recovery White Paper

Internet Resiliency and Recovery

Enterprise Buyer Guide

Appendix E to DIR Contract Number DIR-TSO-2736 CLOUD SERVICES CONTENT (ENTERPRISE CLOUD & PRIVATE CLOUD)

DNS zone transfers from FreeIPA to non-freeipa slave servers

GLOBAL SERVER LOAD BALANCING WITH SERVERIRON

Securing an Internet Name Server

Alteon Global Server Load Balancing

Lecture 2 CS An example of a middleware service: DNS Domain Name System

Four Reasons To Outsource Your DNS

FAQ (Frequently Asked Questions)

Using DNS SRV to Provide High Availability Scenarios

Microsoft Exchange Load Balancing. Unique Applied Patent Technology By XRoads Networks

Networking Domain Name System

Choosing a Content Delivery Method

A High-Availability Architecture for the Dynamic Domain Name System

Pre Delegation Testing (PDT) Frequently Asked Questions (FAQ)

Neustar UltraDNS Managed DNS

How To Understand The Power Of A Content Delivery Network (Cdn)

APNIC IPv6 Deployment

Automatic Configuration of Slave Nameservers (BIND only)

Meeting Worldwide Demand for your Content

Panorama High Availability

BT Internet Connect Global - Annex to the General Service Schedule

Advanced Farm Administration with XenApp Worker Groups

F5 and Infoblox DNS Integrated Architecture Offering a Complete Scalable, Secure DNS Solution

Infoblox Inc. All Rights Reserved. Talks about DNS: architectures & security

Reliable DNS and DHCP for Microsoft Active Directory

DOSarrest External MULTI-SENSOR ARRAY FOR ANALYSIS OF YOUR CDN'S PERFORMANCE IMMEDIATE DETECTION AND REPORTING OF OUTAGES AND / OR ISSUES

How To Manage Dns On An Elfiq Link Load Balancer (Link Balancer) On A Pcode (Networking) On Ipad Or Ipad (Netware) On Your Ipad On A Ipad At A Pc Or Ipa

Portal Administration. Administrator Guide

Leveraging Best Practices for SolarWinds IP Address Manager

dnsperf DNS Performance Tool Manual

High Availability for Citrix XenApp

Web Application Hosting Cloud Architecture

HUAWEI OceanStor Load Balancing Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

DOMAIN NAME SECURITY EXTENSIONS

Superior Disaster Recovery with Radware s Global Server Load Balancing (GSLB) Solution

Domain Name Service (DNS) Training Division, NIC New Delhi

DNSSEC and DNS Proxying

Security in the Network Infrastructure - DNS, DDoS,, etc.

Basic DNS Course. Module 1. DNS Theory. Ron Aitchison ZYTRAX, Inc. Page 1 of 24

Protecting Critical Websites and Internet Infrastructure using innovative cloud-based. Managed Services

Best Practices in DNS Anycast Service-Provision Architecture. Version 1.1 March 2006 Bill Woodcock Gaurab Raj Upadhaya Packet Clearing House

BIG IP Global Traffic Manager (GTM) v.11

Evaluation Guide. Powerful & Immediate Business Web Security via the Cloud

Transcription:

transparency for the cloud State of the Cloud DNS Report Basic Edition April 2015 2015

Table of Contents Overview Introduction 3 Anycast vs. Unicast DNS 3 Provider Overview & Current News 4 Provider Marketshare 8 Technology Used 10 DNS Performance Analysis Performance Analysis Overview 22 Service Availability 22 Synthetic Performance 23 Real User Performance 26 RIPE Atlas Performance - Synthetic 29 DNS Features Health Checks - Failover 12 Health Checks - Load Balancing 12 Location Based Routing (Geo IP) 13 Zone Based Routing (Anycast) 13 DNSSEC 14 Primary/Secondary DNS Support 15 Pricing DNS Query Volume Pricing 17 Feature Pricing 18 DNS Networks Akamai DNS 38 Amazon Route 53 39 CloudFlare DNS 40 DNS Made Easy 41 Dyn DNS 42 Easy DNS 43 EdgeCast DNS 44 NSONE DNS 45 UltraDNS 46 Verisign DNS 47 DNS Propagation Latency 20 2 State of the Cloud DNS Report 2015 Inc. Table of Contents

Overview Introduction 3 Anycast vs. Unicast DNS 3 Provider Overview & Current News 4 Provider Marketshare 8 Technology Used 10 3 State of the Cloud DNS Report 2015 Inc.

Introduction The Domain Name System (DNS) is the method by which hostnames such as "www.google.com" are translated into addresses used by computers to communicate; DNS is fundamental to operation of the Internet. If an domain loses DNS functionality, hostnames will be inaccessible for users - even if servers are functioning. Additionally, DNS can be a security threat if hacked and hostnames redirected to unauthorized servers that may in turn capture sensitive user information. Because of the mission critical nature of DNS, many organizations elect to outsource DNS hosting to specialized vendors that provide better availability, security, and performance. Anycast vs. Unicast DNS At the network level, there are 2 methods for hosting DNS servers: Unicast and IP Anycast. Unicast DNS Unicast DNS sends users to fixed DNS servers regardless of where the user is located. If DNS servers are located in the United States, a user in Australia will experience slower DNS response than a US based user. Additionally, if a DNS server is down, DNS queries may fail entirely. Anycast DNS IP Anycast DNS provides network optimizations wherein DNS queries are directed to the closest server, thus providing more consistent and faster response. IP Anycast DNS also provides redundancy and failover. If a DNS server goes down down, IP Anycast can automatically re-route users to other functioning servers. 4 State of the Cloud DNS Report 2015 Inc. Overview

Providers Included 5 State of the Cloud DNS Report 2015 Inc. Overview

Provider Marketshare To track marketshare, we track name servers for Alexa top 10,000 and Fortune 500 websites monthly. The tables below provide marketshare statistics for DNS providers based on this tracking. To determine provider affiliation we use hostname, IP and ASN matching for primary and secondary hostnames. Marketshare changes may be attributed to changes in the makeup of the lists (monthly for Alexa, annual for Fortune 500) or actual provider changes. This content is available in the Premium Edition available at http://cloudharmony.com/reports 8 State of the Cloud DNS Report 2015 Inc. Overview

Provider Marketshare Top 20 Provider Changes This content is available in the Premium Edition available at http://cloudharmony.com/reports 9 State of the Cloud DNS Report 2015 Inc. Overview

Technology Used DNS Software DNS server software listens for and responds to DNS queries. DNS providers may utilize open source or proprietary software. Open source software has the advantage of established reliability and community support, while proprietary software may provide more flexibility and a point of distinction for vendors. Geo IP Database To implement Location Based Routing providers license Geo IP databases from one of three possible vendors: MaxMind, Neustar or Digital Envoy. In the case of MaxMind, providers often add some customization to the database to improve accuracy. The table below lists Geo IP databases used by each provider if known. Provider Software Type Provider Database Akamai DNS Proprietary Akamai DNS Unknown DNS Made Easy Proprietary (Elite Resolution Platform) DNS Made Easy NA Dyn DNS Bind Dyn DNS MaxMind 1 Easy DNS Bind Easy DNS NA EdgeCast DNS Unknown EdgeCast DNS Unknown NSONE DNS Proprietary NSONE DNS MaxMind 1 Amazon Route 53 djbdns Amazon Route 53 Unknown UltraDNS Proprietary UltraDNS Neustar IP Intelligence Verisign DNS Proprietary (Atlas) Verisign DNS Digital Envoy 1. Customized for improved accuracy 10 State of the Cloud DNS Report 2015 Inc. Overview

DNS Features Health Checks - Failover 12 Health Checks - Load Balancing 12 Location Based Routing (Geo IP) 13 Zone Based Routing (Anycast) 13 DNSSEC 14 Primary/Secondary DNS Support 15 11 State State of the Cloud DNS Report 2015 Inc.

Health Checks Failover Health Checks Load Balancing DNS Failover resolves hostnames based on availability of target hosts. If the primary host becomes unavailable, DNS records update automatically to respond using a secondary host. When the primary host is restored, DNS records automatically revert. Like DNS Failover, DNS Load Balancing monitors availability of DNS hosts. However, with Load Balancing all hosts are considered primary. If a host fails, it is removed from the list of possible DNS responses. Provider Failover Provider Failover Akamai DNS Akamai DNS DNS Made Easy DNS Made Easy Dyn DNS Dyn DNS Easy DNS Easy DNS EdgeCast DNS EdgeCast DNS NSONE DNS NSONE DNS Amazon Route 53 Amazon Route 53 UltraDNS UltraDNS Verisign DNS Verisign DNS 12 State of the Cloud DNS Report 2015 Inc. DNS Features

Location Routing (Geo IP) Zone Routing (IP Anycast) Location Based DNS takes into account resolver (or user with EDNS support) location (using a Geo IP database) when responding to DNS queries. Common use case for this feature is routing users to nearby hosts for improved response times. Anycast Zone Based DNS is similar in purpose to Location Based DNS, minus use of Geo IP. Instead, responses may be different depending on the location of the DNS POP receiving the query. Provider Akamai DNS DNS Made Easy Dyn DNS Easy DNS EdgeCast DNS NSONE DNS Amazon Route 53 UltraDNS Verisign DNS Geo IP Provider Akamai DNS DNS Made Easy Dyn DNS Easy DNS EdgeCast DNS NSONE DNS Amazon Route 53 UltraDNS Verisign DNS Geo IP 13 State of the Cloud DNS Report 2015 Inc. DNS Features

DNSSEC DNSSEC (Domain Name System Security Extensions) is a specification for securing DNS information - DNSSEC was designed to protect clients from forged DNS responses. All responses in DNSSEC are digitally signed; by checking the digital signature, a DNS client is able to verify the information is exactly the same as the information from the authoritative DNS server. Provider Provider Managed User Managed Akamai DNS DNS Made Easy Dyn DNS Easy DNS EdgeCast DNS NSONE DNS Amazon Route 53 UltraDNS Verisign DNS Provider or User Managed DNSSEC Manual generation and management of necessary DNSSEC certificates and digital signatures can be very complex and cumbersome. Some providers simplify this by automating these tasks within their management interface. 14 State of the Cloud DNS Report 2015 Inc. DNS Features

Primary/Secondary DNS Support BIND DNS software provides an industry standard method for sharing DNS records between servers. This protocol utilizes a primary server to manage a DNS zone, and secondary, read-only servers capable of responding to DNS queries. Secondary servers synchronize to the master using zone transfer requests. BIND defines two synchronization methods: AXFR: transfer the entire DNS zone configuration IXFR: transfer incremental changes The following tables lists support by each service these BIND synchronization protocols: When Service is Primary Provider AXFR IXFR NOTIFY TSIG Akamai DNS DNS Made Easy Dyn DNS Easy DNS EdgeCast DNS NSONE DNS Amazon Route 53 UltraDNS Verisign DNS 1. Supported when secondary is within the zone BIND also defines two methods secondary servers use to determine when DNS zone changes have been made: Polling: Secondary servers periodically query the master server for changes NOTIFY: The master server notifies secondary servers when changes are made DNS transfers between primary and secondary servers may be secured using Transaction SIGnature (TSIG) keys supported by some services. When Service is Secondary Provider AXFR IXFR NOTIFY TSIG Akamai DNS DNS Made Easy Dyn DNS Easy DNS EdgeCast DNS NSONE DNS Amazon Route 53 UltraDNS Verisign DNS 15 State of the Cloud DNS Report 2015 Inc. DNS Features

Pricing DNS Query Volume Pricing 17 Feature Pricing 18 16 State of the Cloud DNS Report 2015 Inc.

Pricing Some providers have public pricing and self sign-up, while others require sales contract negotiation. For the latter, pricing may vary depending on usage commitment, negotiation capabilities, and other extraneous factors. The pricing matrix below provides a breakdown of estimated costs at various usage commitments for each provider. To collect this information, we have independently researched and contacted vendors not disclosing pricing publicly. DNS Query Pricing Pricing Per Month This content is available in the Premium Edition available at http://cloudharmony.com/reports 17 State of the Cloud DNS Report 2015 Inc. Pricing

Advanced Feature Pricing Providers structure and price add-on features differently. The matrix below is an attempt to list comparable add-on pricing for each provider and feature. Pricing Per Month This content is available in the Premium Edition available at http://cloudharmony.com/reports 18 State of the Cloud DNS Report 2015 Inc. Pricing

DNS Propagation Latency DNS Propagation Latency 20 19 State of the Cloud DNS Report 2015 Inc.

DNS Propagation Latency DNS propagation latency is the amount of time from submission of a DNS record change until that change is visible across a providers entire DNS network. Analysis is provided for both primary and secondary DNS hosting. The latency metric is the median of measurements from approximately 200 globally distributed test servers. Primary Zone This content is available in the Premium Edition available at http://cloudharmony.com/reports Secondary Zone 20 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

DNS Performance Analysis Performance Analysis Overview 22 Service Availability 22 Synthetic Performance 23 Real User Performance 26 RIPE Atlas Performance 29 21 State of the Cloud DNS Report 2015 Inc.

Performance Analysis Overview Service Availability The following table lists service availability for the past 30 days. This analysis is based on monitoring of name servers using geographically disperse monitoring servers. A minimum of 3 nodes are used in each geographical region. If at least 1 name server is reachable and responds to a DNS query the service is considered available. Outages are triggered if all 3 monitoring servers are simultaneously unable to connect to all name servers. We use an external monitoring service, Panopta, to monitor availability Service Global US West US Central US East Europe Asia Oceania Africa Akamai DNS 100% 100% 100% 100% 100% 100% 100% 100% Amazon Route 53 100% 100% 100% 100% 100% 100% 100% 100% CloudFlare DNS 100% 100% 100% 100% 100% 100% 100% 100% DNS Made Easy 100% 100% 100% 100% 100% 100% 100% 100% Dyn 100% 100% 100% 100% 100% 100% 100% 100% Easy DNS 100% 100% 100% 100% 100% 100% 100% 100% NSONE 100% 100% 100% 100% 100% 100% 100% 100% UltraDNS 100% 100% 100% 100% 100% 100% 100% 100% Verisign DNS 100% 100% 100% 100% 100% 100% 100% 100% 22 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

Synthetic Performance We monitor synthetic DNS response times using a combination of dig (a DNS utility) and our network of 180 global monitoring nodes. The purpose of this is to measure the amount of time it takes for provider DNS servers to respond to queries from these nodes. These measurements are taken every 5 minutes from each monitoring node. During each test interval, multiple measurements are taken and the median, mean, min, max and standard deviation metrics are captured. The response times used in the graphs below are derived from the median values and aggregated into multiple geographic regions. North America 23 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

Synthetic DNS Response Time continued Europe 24 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

Synthetic DNS Response Time continued Asia 25 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

Real User Performance To analyze real user DNS response times, we host a browser based test at http://cloudharmony.com/speedtest. This test, uses a custom domain delegated to each DNS service and configured with a wildcard Name (A) record. The test alternates downloading an 8 byte file using both cached and uncached hostnames. DNS response time is used for this analysis is the difference between these two measurements across multiple test iterations. North America This content is available in the Premium Edition available at http://cloudharmony.com/reports 26 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

Real User Performance continued Europe Ths content is available in the Premium Edition available at http://cloudharmony.com/reports 27 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

Real User Performance continued Asia Ths content is available in the Premium Edition available at http://cloudharmony.com/reports 28 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

RIPE Atlas Performance RIPE Atlas is a global network consisting of approximately 6534 public test probes capable of measuring connectivity to Internet endpoints on demand (view network map). Most RIPE Atlas probes are located on the Internet last mile, thus providing analysis that is more user-centric compared to testing from data centers. Users hosting RIPE Atlas probes receive credit to take measurements from other probes. We host 2 such probes and use credits to measure latency and recursive DNS performance for cloud services. North America This content is available in the Premium Edition available at http://cloudharmony.com/reports 29 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

RIPE Atlas Performance continued Europe Ths content is available in the Premium Edition available at http://cloudharmony.com/reports 30 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

RIPE Atlas Performance continued Asia Ths content is available in the Premium Edition available at http://cloudharmony.com/reports 31 State of the Cloud DNS Report 2015 Inc. DNS Performance Analysis

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information