Late last week a DNS outage at Cloudflare took down many major websites. Fortunately, Cloudflare was able to identify the issue and fix it quickly, but not before it was noticed that all these sites were unreachable. But in today’s hyper connected and high-availability world an outage of any length can damage your reputation.
DNS is a mission-critical service for every enterprise. When DNS fails, or is taken down in an attack, the websites, applications and online services that depend on it effectively disappear from the internet taking revenue and brand reputation down with it. Which is why implementing a secondary or redundant DNS is critical to the success of modern businesses and today’s connected economy.
There are three methods for deploying a redundant DNS. Each method has its own advantage, but all three methods will help ensure your website is resilient and available.
Primary / Secondary Model
In a primary/ secondary configuration, a business has DNS solutions from two separate vendors. In this model the first vendor - or provider 1 manages all updates to the zone files while provider 2 is a secondary or backup and receives automatic updates whenever a zone change is made to the primary. The nameservers of both systems are registered as authoritative for the zones, and both answer queries.If the primary goes off line, then the secondary will pick up the load without disruption.
Hidden Primary, Two Secondary DNS Providers Model
In this model, the primary DNS server is deployed behind the corporate firewall and is the source of DNS records. There are two additional DNS providers, each defined as secondary DNS servers to the hidden primary.
The third model is where two DNS providers are set up as the primary. No zone information passes from one to the other. Updates to the zone files must be made independently on each system. This can be done manually or automated via APIs or DNS management tools.
For more details about how redundant DNS can ensure business continuity, check out our on-demand webinar: Securing Business Continuity with DNS.