How to configure a backup for your DNS

The majority of .CA domains are configured with a single DNS provider.  Up until recently operating your own DNS servers or using a single commercial DNS service could have been considered adequate. Recent large scale attacks against DNS providers using the Mirai IoT botnet have exposed the risk of using a single DNS provider. Using more than one DNS provider eliminates the risk of your online presence going down as a result of an outage or an attack on your DNS service provider.  

The solution is having at least two DNS suppliers

Does every organization need more than one DNS provider? Not necessarily. It is a question of risk tolerance and the expected cost impact when a problem occurs. Like everything, risk needs to be appropriately managed. For organizations with lead, or revenue generating websites and for those who host other people’s websites, CIRA believes that multiple suppliers is the best practice. It is good for resiliency and can also reduce DNS latency because, if considered on a global scale, it puts more servers closer to more people.

Anycast DNS Services provide the highest level of redundancy and DDoS resiliency

Choose DNS providers that use Anycast. With Anycast technology, a cloud of servers share the same IP address and layer 3 routing sends inbound requests to the nearest available Anycast server. Versus a unicast deployment it provides significantly more redundancy, and DDoS resiliency.

What is an Anycast DNS network from CIRA on Vimeo.

Multiple DNS providers is simple with standard zone transfers

The DNS has a built in mechanism to support multiple DNS service providers because it has the concept of primary name servers that have the master copy of the DNS information or zone file. Secondary or slave name servers are updated from the primary name server using a standards based zone transfer mechanism.  Changes to DNS information are quickly and automatically propagated from the primary to the secondary servers.

This standards-based method of zone transfers lets you add a commercial DNS service as a secondary to your own names servers. If your DNS service provider supports zone transfers then it is easy to add redundancy using another commercial DNS service as a secondary. If your DNS service provider doesn't provide you with an open method to configure multiple DNS suppliers then this is something you may want to look into. 

A standard zone-file transfer to multiple suppliers adds redundancy and improves performance.

So how hard is it really?

It is simple. All you really need to do add redundancy to your DNS by configuring a secondary DNS provider and allowing zone transfers to more than one service. In the case of the D-Zone service we have a nice set-up video that can help walk you through the process, but with most service providers the approach should be similar.

So there you have it. Setting up more than one DNS service provider isn’t typically complicated, is generally quite cost-effective and can help ensure your properties are accessible when the inevitable happens.

To learn more or to get set-up on D-Zone with no obligation please contact us