Skip to main content Skip to search
Ben Ball
Posted by
Ben Ball on
April 4, 2023

How to compare cloud DNS against specialist DNS vendors

Weighing an independent authoritative DNS service like NS1 against services offered by cloud DNS providers? Here are a few things to consider.

Most businesses use a default option for authoritative DNS when they’re starting off. They use whatever’s close at hand, or whatever’s cheapest. Up to this point, that default choice has usually been a very basic registrar DNS offering - something that fits the basic requirement for a global anycast network. Often, this basic DNS service is offered for free when a company buys a domain name.

Many of today’s businesses build their networks in the cloud from day one. For these cloud-native networks, the default option is a built in authoritative DNS service like Route 53, Azure DNS, or Google Cloud DNS. It makes sense: when you’re building your network from scratch, simply adding DNS to your existing cloud service package is the path of least resistance.

Yet there comes a point in any network’s life where the choice of a DNS provider becomes a more deliberate decision. When you reach true enterprise scale, the performance, cost, and reliability of your DNS starts to matter a whole lot more. It’s at this point that many businesses take a second look at how DNS contributes to their corporate goals and influences key metrics.

We recognize that no single DNS vendor will effectively address every use case - it’s about finding the offering that fits best with your business needs. If you’re considering the relative value of cloud DNS against specialist DNS offerings like NS1, there are some key considerations to take into account.

Feature sets

Surprisingly, the feature sets of cloud DNS offerings vary quite a bit.

On the lower end of the scale, Azure DNS lacks support for DNSSEC - a basic security feature that’s a critical part of every other offering on the market. Microsoft is quite open about its lack of DNSSEC support. It isn’t even on their technical roadmap. By contrast, every specialist DNS provider (including NS1) offers DNSSEC as a standard feature.

Traffic steering is another area where the DNS offerings of cloud providers are significantly different from one another. Route 53 has the widest range of traffic steering options, while Azure and GCP tend to concentrate on basic geographic and availability steering use cases. Specialist DNS providers like NS1 offer even more options for traffic steering (including RUM-based steering), and provide more sophisticated options for granular, layered decision-making logic (through NS1’s filter chains, for example).

Support for DNS record types is also a key feature difference between cloud DNS and specialist offerings. Specialist DNS providers are usually faster to adopt new record types, which are constantly expanding through an ever larger collection of RFCs and other standards.

Cloud DNS providers tend to wait a little longer to see which record types get traction in the market before adopting them. The HTTPS record type is a recent example - NS1’s Global DNS Data Report shows that up to 10% of internet traffic uses this record type. However, it is not yet supported by AWS or Azure DNS.

Resilience and redundancy

Cloud providers are keen to keep you in their ecosystem. For that reason, they often make it difficult to set up secondary DNS options for failover purposes. Cloud providers don’t support XFR, making it difficult to replicate zones in a competing DNS service.

It’s not impossible to have a secondary DNS provider when your primary is a cloud DNS solution, but it’s not exactly easy either. While this is all well and good for their revenue model, it goes against the common sense need to have a warm back-up in place for a service as critical as DNS.

Specialist DNS providers like NS1 tend to play well with others in ways that cloud DNS providers can’t or won’t. Support for XFR makes it easy to add a redundant DNS layer (or several!) whenever you like. NS1 also supports multi-signer DNSSEC, improving security even when a secondary provider is in the mix.

NS1 takes redundant DNS to the next level with Dedicated DNS - a redundant secondary layer that’s physically and logically separate from a primary DNS instance but managed from a single control plane.


If availability is the prime requirement for any DNS offering, performance is a close second. While the performance metrics on sites like DNSperf aren’t always indicative of reality or a useful proxy for business value, they do show how DNS providers are generally organized into performance tiers.

Most specialist DNS providers fall squarely in the high performance category, with DNS query response times generally under 30ms. Cloud DNS providers are a bit of a mixed bag, with some in the same range as specialist DNS offerings but others several steps below.

When you’re thinking about performance metrics it’s important to look at the propagation time for DNS zones and DNS records in addition to query response time. If you’re waiting five minutes or more for a DNS change to cycle around the world, that’s a serious impediment - particularly when you’re recovering from an outage or failing over to a secondary system to avoid an outage. This is another area where specialist offerings like NS1 usually shine in comparison to cloud DNS services.


The quality of user experience is an inherently subjective measurement. For some, aesthetics are just as important as the number of clicks it takes to accomplish a task. Others judge user experiences by how “intuitive” they feel - how easy it is to find what you’re looking for.

While it’s impossible to say for certain that one DNS provider’s UX is definitively “better” than another, we can relate what NS1’s own customers and sales prospects have told us about our superior platform usability. The continuous feedback we get from those who have either tested or used cloud DNS providers in a production environment is that configuration of DNS resources ends up being a more work-intensive effort.

APIs and integrations are another area where usability matters. NS1 is truly an API-first company (every line of NS1’s code starts its life in the API), and we’ve also prioritized easy-to-use integrations with Terraform and OctoDNS. Cloud DNS providers also offer these integration points, but they tend to be more work-intensive to stand up and start using.


Cloud DNS is almost always used in concert with other cloud services - it’s extremely rare to use Route 53, Azure DNS, or Google DNS in isolation. In fact, cloud DNS offerings are designed to be used as part of a larger suite of microservices. Naturally, that suite of microservices tends to become self-perpetuating by design. Cloud DNS services tend to put their thumb on the scale, encouraging use of other cloud services by making them easy to integrate.

Some specialist DNS providers like Cloudflare and Akamai also use this bundling strategy to encourage use of higher value services like CDNs and firewalls. Many give DNS away for free as a “loss leader” simply to drive traffic to services with higher margins. Like the cloud providers, these DNS offerings also tend to favor integration with other parts of the bundle while making it more labor intensive to use third party services.

NS1 distinguishes itself through a vendor neutral approach to DNS. NS1 is designed to be an independent service layer that focuses on leveraging the value of DNS rather than merely acting as a lead-in to other products.

We only offer DNS, and make it easy to integrate with other services so you can adopt a “best of breed” approach across your network. NS1’s traffic steering options even promote competition between services like CDNs, allowing you to choose the cheapest, best performing, and most reliable options at any given point in time.


As the lifeline of any network, DNS tends to require a high-touch, technically specialized support team to address issues when they arise. Cloud providers support their DNS offerings through contracts which cover the entire cloud estate. If you want support services that are specific to DNS, they usually require a “premium” service package. Even then, you probably have to go through level one support before you find a specialist who has the technical knowledge to answer your question.

Let’s be honest: DNS is a very technical, in-the-weeds discipline. DNS architectures are often snowflakes that require detailed knowledge to adequately troubleshoot. The web of RFCs and other standards is difficult to master.

This is an area where specialist DNS providers like NS1 have a clear leg up. With a team that lives and breathes DNS all day every day, the specialist providers are going to have answers to questions that most cloud DNS providers rarely encounter. They also provide DNS specialists right off the bat, rather than waiting for a level two support person to weigh in.

Weighing cloud DNS against specialist DNS offerings

The selection of a DNS provider is a big decision, with significant implications for your network and ultimately your business. If you’re considering a cloud DNS offering, it’s more likely that you’re doing it for reasons of convenience - connections to the other pieces of the bundle - rather than for the specific DNS service itself. It ultimately boils down to your overall technical strategy. If you find value in the convenience of a single technical ecosystem, then cloud DNS services offer that convenience.

Yet if you’re looking for a “best of breed” approach that focuses on obtaining the most functionality and highest value for each technical component individually, then a specialist DNS provider like NS1 is probably the best choice. Unlike cloud DNS offerings, specialist DNS providers make it easier to integrate with third party services, offer stronger support services, and operate with an independence that ensures you get the best out of all your network services.

Want to learn more about NS1 and how it compares to cloud DNS offerings? Contact us to learn more.

Further Reading