Skip to main content Skip to search
Ben Ball
Posted by
Ben Ball on
January 12, 2023

How NS1 Managed DNS compares to Dyn and Oracle Cloud Infrastructure

With an end-of-life (EOL) coming in 2023, many Dyn DNS legacy customers are fast approaching a decision point about the future of their authoritative DNS. Here is a quick comparison to show how the feature sets of both Dyn and OCI compare to NS1’s Managed DNS.


With end-of-life (EOL) coming in the middle of 2023, many legacy customers of the Dyn DNS platform are fast approaching a decision point about the future of their authoritative DNS.

The looming choice is whether to migrate by default to Oracle Cloud Infrastructure (OCI) or use a different vendor. In several key areas, long-time users of the Dyn DNS platform will face a loss of key features and capabilities if they move to OCI.

To help current Dyn DNS users as they ponder their options, we put together a quick comparison to show how the feature sets of both Dyn and OCI map to NS1’s Managed DNS offering.

Basic features

In terms of table stakes features, NS1 Managed DNS does everything that Dyn DNS and OCI DNS can do, plus a whole lot more. Here are a few examples:

Points of Presence (PoPs)

Both systems offer a global network of anycasted points of presence (PoPs). Dyn and OCI have 18 PoPs, NS1 has 26 PoPs. NS1 has better coverage in Europe, Africa, and Latin America in particular.

Single sign-on

Dyn and OCI support two single sign-on (SSO) providers, NS1 supports four SSO providers.

APIs

While both systems have APIs, they were built with very different design philosophies. Every line of NS1 code starts off as an API call, and even our UI is primarily API-based. This is one of the main attractions of NS1 - most of our customers are heavy API users. Dyn’s API was layered onto an existing system, and the OCI API is likely a mishmash of API functionality from multiple acquisitions over the years.

DNSSEC

NS1 offers DNSSEC across its platform - even in the most complex traffic steering workflows. Dyn was able to offer at least limited DNSSEC capabilities through its BIND architecture. OCI doesn’t offer DNSSEC at all - a significant security downgrade from existing functionality for users of the legacy Dyn DNS platform.

URL Redirects

Both platforms offer equivalent URL redirect functionality. Dyn called them “WebHops” or “HTTP redirects”, depending on the product you used. NS1 and Oracle Cloud just call it URL Forwarding. NS1 offers a wide variety of URL redirect configurations, including source path, destination URL, forwarding type (masking, permanent, temporary), path forwarding mode (all, capture, none), and query forwarding (enabled or disabled). Dyn did not offer path or query forwarding, and Oracle Cloud doesn’t appear to either.

Traffic steering

Dyn, OCI, and NS1 all offer traffic steering capabilities.

Dyn offered traffic steering functionality across a confusing array of products - Traffic Manager, which uses pre-defined rules for Global Server Load Balancing (GSLB); Traffic Director, which uses dynamic rules to route traffic for a broader set of use cases; and Active Failover, which uses a separate UI to operate connections to secondary providers.

Oracle dropped Dyn’s confusing product hierarchy but also offers fewer traffic steering options. The basics like round robin, active/passive failover, and steering by IP and ASN are there. But you can’t optimize for cost factors (particularly in a multi-CDN scenario) or balance loads based on contract values. Geographical steering isn’t available for specific coordinates - a key issue when you’re dealing with large countries.

NS1 offers more traffic steering functionality than either Dyn or OCI, all through a unified portal and API. You’ll find more steering options, more flexibility in deployment and configuration, and more granular controls for how traffic steering is applied. NS1’s offering for real user metric (RUM) data is particularly strong, with specialized features designed to enhance the quality of video streaming and gaming applications in particular.


Are you a current Dyn customer looking to switch providers?

Contact us today to see how our Managed DNS products can help you improve network performance, resilience, and streamline operations.

DNS in China

Due to the operational peculiarities of the “Great Firewall”, traffic management in mainland China is a key use case for many large international brands.

NS1’s DNS for China dynamically directs users in mainland China to the nearest in-country PoP, and users in the rest of the world to one of NS1 26 global locations through nameserver acceleration, ensuring superior performance without the need for a rigid, pre-assigned routing logic or the need to use different domain names China. The results of NS1’s approach are clear - it offers over 3X faster performance in mainland China than any authoritative DNS offering.

Oracle has discontinued the Dyn China offering, which used to operate as a separated product with a completely different codebase than the rest of Dyn’s global anycasted network.

Resilience

Adopting a secondary DNS as a resilient option that sits alongside a primary provider is a well-worn best practice in DNS management. For the ultimate in resilient operations, network teams want a completely separate DNS layer that can be managed from the same UI as their primary.

NS1 Dedicated DNS is a physically, logically separated DNS layer that offers resilient, redundant protection without the need for a separate DNS provider. Since it’s configured and run from a single UI, Dedicated DNS is much easier to use, offering the ultimate insurance against downtime. (And of course, NS1 also supports XFR.)

Neither Dyn nor OCI offer a resilient, redundant DNS layer that operates alongside your primary DNS operations. Dyn’s support for XFR allows it to operate as a secondary layer alongside another DNS provider (or vice versa), but there is no in-house redundant option. Oracle Cloud is even a step down from that - they do not support secondary nameservers when OCI is primary. As Oracle doesn’t support DNSSEC at all; your secondary zones can’t be signed either.

Migrating from Dyn to NS1

Changing authoritative DNS providers is never simple - it’s the kind of task that almost begs for procrastination. Yet now that the final months of Dyn DNS are upon us, the time to start thinking about a change is immediately.

At NS1, we realize that this kind of switch can be tough and that the inherent risks to business operations can be significant. That’s why we’re offering a white glove migration service to all Dyn customers who qualify, with hands-on support from our expert team of solutions engineers. If you have to go through the pain of changing DNS providers, you might as well choose the best.

Contact NS1 today to learn more about what we can do for Dyn customers looking to make a change.