Attacks on Domain Name Servers (DNS) can be devastating. Potential outcomes include denial of service, as well as having users redirected to malicious sites through a compromised DNS. Security teams are hard at work mitigating DNS attack risks. However, true network resiliency in the face of DNS attacks requires a new approach to how your team manages DNS. It may be impossible to avoid DNS attacks altogether, but security teams want to bring back normal DNS functioning as rapidly as they can. The NS1 solution is proving to be valuable in this context, as users on IT Central Station have shared in their reviews.
Achieving DNS Resiliency Against DDoS Attacks
Sargurunathan M., technical lead and production engineer at a media company with over 1,000 employees, has experienced frequent, varied DNS attacks. After implementing NS1 Dedicated DNS, he found he had strong redundancy. He said, “When it comes to maintaining uptime during a major DDoS [distributed denial of service] attack, NS1 is very good.” He further noted that NS1 was helpful in getting their implementation set up properly. He shared, “They don't just address the current issue when it comes to DDoS and mitigation. These are continuous issues. It's not just a one-off that you handle once. They look for solutions that will solve future DDoS impact.”
According to James M., VP of technical operations and DevOps at a consultancy with more than 5,000 employees, “We needed to have the fastest and most secure and resilient DNS possible, and that's what we got.” He then remarked, “We don't worry about denial of service attacks on the DNS, as we've seen other large vendors go through. We have access to a significant and forward-thinking feature set that allows us to use things like DNSSEC fairly easily. We have been unaffected by major DDoS attacks because of the architecture.”
How Does NS1 Improve Business Resilience?
A variety of NS1 features improve DNS resiliency. For Sargurunathan, the issue was integration. He said, “The integrations for monitoring events is helpful. Monitoring of events can change things in the Filter Chain. That helps our team receive alerts. Our team is kept in the loop about what is happening.”
The solution gives his company the ability to manage distortion when the network is under stress. His team can defend against bad actors and support the load. He shared, “The Filter Chain is one of the most valuable features for geo-load balancing and geo-fencing. The Filter Chain is the most useful because it allows us to do several things. With geo-fencing we can redirect a particular user to a particular answer. That's very valuable for us. Filter Chains with monitoring is our strategy to provide redundancy.”
James attributes the resiliency he gets with NS1 to having access to enterprise tooling that allows his team to have a single pane of glass between their internal DNS solutions and their external ones. He also acknowledged the importance of using advanced routing techniques with the rules engine or the additional tooling that NS1 provides.
NS1 also Improves Efficiency, Security, and Application Performance
Sargurunathan and James highlighted other benefits of using NS1 in their reviews. Sargurunathan expressed that his team’s response times have improved when dealing with DNS attacks. Additionally, he revealed that “the solution has also massively reduced DNS maintenance work in our company.” For context, he said, “The way we were set up a long time ago was that we would maintain things by ourselves, and now we don't do anything along those lines.”
Now, for external DNS, his team does about 10 percent of the amount of work that they did previously. “That's a huge improvement,” he remarked, adding, “The amount of maintenance has gone down significantly, and our maintenance cost is down by at least 70 percent for the external DNS.”
James also saw a drop in DNS maintenance work when he adopted NS1. He observed that the maintenance required before partnering with NS1 solutions took too many “person hours.” Today, automation using an API has freed his team to do other necessary tasks. He elaborated, saying, “This product has allowed us to reduce or eliminate DNS maintenance work. Being able to use an API versus manual maintenance means that we don't really have to do any maintenance. We've been given a solution that allows us to automate everything that we need to do.”
He went further, explaining, “The automation provided by NS1 means that we no longer have to focus on that work, which allows us to assign staff to other tasks. Time is saved because we don't really use manual processes with the DNS. We try to automate everything we do in the DevOps team, so this has been effective for us.”
Other positive factors include:
The DNSSEC and the general reliability and speed of the service.
Low latency access to DNS queries, which has a positive impact on customer experience.
Application telemetry, which includes latency detection that allows the organization to detect where a customer may run into latency issues on the internet.
Scalability to help meet service level agreements (SLAs) and customers' demands without adding complexity.
The number of DNS threats in 2021 compared to the last few years has skyrocketed. Defending the DNS is therefore an absolutely critical element of a viable security strategy. As IT Central Station members are seeing, the right DNS security solution can make a big difference in outcomes, especially regarding resiliency. NS1’s Managed and Dedicated DNS solutions are proving to be an effective countermeasure against DNS threats - one that helps provide much-needed resiliency.
Learn more about how NS1 helps businesses build network resilience: How NS1 Builds Resilient Businesses.