[Live Webinar] Infrastructure Automation with OctoDNS and Terraform - REGISTER NOW

Making Sure Your Redundant DNS Solution is Really Redundant

At NS1, we have lots of conversations with customers about how to make sure DNS is not a single point of failure in their infrastructure. It is not a trivial matter. There are multiple approaches to solving the problem and we have spoken and written about this topic quite extensively (see the links at the bottom of this blog).

Many NS1 customers looking for redundancy have opted for our Turnkey Dedicated DNS service because it is the most elegant and easy to use solution out there. As a subscribing customer, you simply check a box on your NS1 portal and provide your registrar with some additional nameservers in your delegation. No AXFR to set up, no synchronization issues, no translation of traffic management rules between disparate DNS platforms.

Sometimes a customer comes to us and says their DNS provider can offer them their own dedicated nameserver IPs as a redundancy option. The fact of the matter is assigning a unique IP address to a nameserver is not the same as redundancy. Here is why and here are the questions to ask if your provider proposes it as a redundancy option:

The major DNS providers use anycasting in their DNS infrastructure (see this blog for a discussion of anycasting in DNS networks https://ns1.com/articles/use-anycasting ). At NS1, we have 24 points of presence around the world that are anycasted. When you subscribe to our managed service, you typically get 4 nameservers, each with its own IP address. That IP address is an anycasted address which goes to all 24 of our points of presence (POPs). Thanks to the magic of BGP, DNS queries are sent to the POP that is closest in terms of routing hop counts from the forwarding resolver. So even though you have 4 nameservers each with a unique IP address, they go the same 24 POPs. Each POP is itself multi-homed and provisioned with multiple servers. So it is a highly resilient system with lots of built in redundancy in terms of network connectivity, servers and geographic distribution. Combined with 24x7 monitoring and expert network engineering we are able to respond to localized issues, DDoS and other events without customers seeing service interruptions or slowdowns. But, it is still a “single system” which is why we recommend a redundant DNS strategy for customers who cannot run the risk of an outage, even though the risk is low.

Getting back to whether getting your own nameserver IP from a DNS provider means you have redundancy. The answer is not necessarily. Anycasted DNS providers have plenty of address space to play with so it is easy for them to set up unique IP addresses for the nameservers they assign to customers. But these addresses go to the very same nameservers in the very same POPs that all their managed DNS customers are using. There is no redundancy there.

So don’t assume that because you have a dedicated IP for your nameservers that you are isolated from problems that your managed DNS provider might experience. For actual redundancy, ask if the nameservers are running on separate hosts, in separate data centers, with separate network connectivity from the managed service. Our Turnkey Dedicated DNS service does exactly that.

More information about redundant DNS:

Solution Page: https://ns1.com/solutions/business-solutions/secondary-dns

Data Sheet http://info.ns1.com/rs/795-HYO-010/images/NS1%20-%20Turnkey%20Dedicated%20DNS%20Data%20Sheet.pdf

Webinar https://ns1.com/resources/redundant-dns-what-are-my-choices