Free DNS: Too good to be true?

OpenDNS, NeuStar give away services, but buyers worry there's a catch

If there's no such thing as a free lunch, how can there be a free service that handles a network management function as critical as DNS? That's what corporate IT executives are wondering as they consider two vendors touting free DNS services that are supposedly ready for the enterprise.

Both vendors -- OpenDNS and NeuStar -- are offering free recursive DNS service, which is the type of DNS service that lets employees surf the Web by typing domain names into their browsers and translating them into the corresponding IP addresses.

The free services don't include external DNS, which is how a Web site such as Amazon.com publishes the latest information about its DNS and IP address changes to its customers over the Internet.

The question for corporate IT executives is whether the free recursive DNS services are too good to be true.

"There really is no reason why you wouldn't go down this road unless you've already invested heavily in an external DNS infrastructure, which is what all the major e-commerce sites have done," says Robert Whiteley, senior analyst with Forrester Research. "The vast majority of the market is still in need of making sure employees have better access to the Web."

Whiteley says outsourcing DNS is a good idea for many midsize organizations because they typically don't have expertise on staff to manage this critical function.

"DNS is the new black art," Whiteley says. (Though DNS is by no means new, celebrating its 25th birthday in 2008). "DNS is something that not a lot of companies have a good grasp of. There are few people who can manage their DNS environment well, who can scale it, secure it and bring it back online in the case of a disaster."

That's why Whiteley says the free recursive DNS services are a good choice for many companies.

"It's perfectly legit," Whiteley says, adding that DNS is "a blind spot for lots of organizations. Lots of organizations spend countless dollars on forward proxies, Web proxies and URL scrubbers to essentially achieve a similar capability. Now they don't have to be mucking around in DNS so much. Now they can offload recursive DNS so they can concentrate on other evolving threats."

OpenDNS pioneers free DNS

OpenDNS is the pioneer in the area of free DNS services.

Launched 18 months ago, OpenDNS provides what it says is a faster, more reliable alternative to DNS services offered by ISPs. Individuals and companies sign up for the free OpenDNS service, and it handles their DNS queries for them.

OpenDNS makes money by selling advertising on its re-direction service. When users type a wrong address in their browsers, OpenDNS redirects them to the most likely site. The re-direction page has advertisements. OpenDNS also provides Web content filtering services and operates PhishTank.com, a community site that fights phishing.

Originally focused on consumers, OpenDNS says its customer base has grown to 3 million users, including 10,000 schools and thousands of small to-midsize businesses.

"ISPs are not that good at DNS," says David Ulevitch, president of OpenDNS. "That's why a lot of people are starting to unbundle DNS from their ISP. We can offer more features and more control over their network. DNS is the unsung hero of the Internet. When it goes away, it's a massive disaster. But when it works, nobody thinks about it."

OpenDNS counts among its enterprise customers Jackson Public Schools, the largest school district in Mississippi with 36,000 users. The school district processes as many as 15,000 DNS requests per hour from its students, teachers and administrators.

OpenDNS' service has been "rock solid for us," says Gavin Guynes, director of IT services with Jackson Public Schools, which switched from BellSouth's DNS service to OpenDNS a year ago. "We've seen no drawbacks to date."

Guynes says he likes the extra services offered by OpenDNS, including the re-direction service and Web filtering.

"We're trying to combat spyware, spam and all of that," he says. "People have a tendency to misspell stuff and go to sites they shouldn't. OpenDNS cuts down on a lot of that."

Guynes adds that OpenDNS' performance "has been great…and the reliability has been perfect."

Handbag designer Kathy Van Zeeland switched to OpenDNS last May, after using a free DNS service from its ISP, Paetec of Rochester, N.Y. Kathy Van Zeeland has 65 users in offices in New York City and Long Island.

Colby Makowsky, director of IT for Kathy Van Zeeland, says switching to OpenDNS has been "a win/win for our users and our team down here in IT."

Makowsky says he likes the extra features he gets with OpenDNS, including blocking of adult Web sites and help combating phishing attacks.

"I also like being able to see our DNS stats on their Web site," Makowsky says. "DNS is something that's typically just there. Before, we didn't have any insight into it. We couldn't see what was going on. We would just assume it's working, or if it wasn't working we'd be trying to figure out why."

Ulevitch says OpenDNS offers more than recursive DNS services. For example, OpenDNS will announce this month the ability to block 30 additional categories of Web sites, such as gambling and social networking.

"What we're really providing to people is control over DNS, which is what every IT administrator needs," Ulevitch says. "We're trying to give people as much information as possible, including stats about their DNS usage, their top 50 domains. We give them the ability to block Facebook or MySpace. And we run the industry-leading antiphishing service."

"OpenDNS is appropriate for any corporate environment," he adds. "Companies have nothing to lose by trying it out." 

NeuStar enters fray

The newcomer to the free DNS arena is NeuStar, which launched its DNS Advantage service in December.

NeuStar operates the .biz and .us top-level domains. In 2006, NeuStar bought UltraDNS, a service provider that offers managed external DNS services. Now NeuStar is offering free recursive DNS services to the 7,000 corporations that use its managed external DNS services as well as any other company that wants to sign up.

NeuStar says a dozen enterprise customers of its managed external DNS services have signed up for its free DNS Advantage service. One early customer is InVision Networks, a Burr Ridge, Ill., system integrator.

"We decided to make the switch from using in-house recursive DNS services to using DNS Advantage because we were interested in enhancing the overall reliability and performance of the Internet experience for our end users," Brian Young, president of InVision Networks said in a statement.

NeuStar says it has more DNS servers deployed around the globe than OpenDNS and a more robust DNS infrastructure to support its paid services.

"We have 20 publicly available DNS servers around the world, as well as locations inside the networks run by AOL, Comcast, Yahoo and AT&T," says Ben Petro, senior vice president of NeuStar Ultra Services. "Our DNS servers are in Equinix locations, with quad Gig Ethernet capabilities and multiple service providers. We have no single point of failure."

NeuStar is using the same DNS infrastructure for its free recursive DNS service that it uses for managed external DNS services provided to Amazon.com, Forbes.com and others.

 "Seventeen of the top 20 e-commerce sites are on our managed service," Petro says. "They pay thousands of dollars a month for this service." (See a list of NueStar Ultra customers here.)

NeuStar admits that it isn't offering free recursive DNS services as a charity case. The company says the knowledge it will gain about DNS usage trends by offering recursive DNS will help improve the quality of its managed external DNS services, which are highly profitable.

"Let's assume Amazon.com has a failure within their time-to-live window. That's the window of time they set to change their DNS records. There's nothing they can do. They have to wait for the time-to-live window to expire. But if we manage their external DNS service, we can change their time-to-live window wherever we provide recursive DNS services," Petro explains. "The more recursive DNS services we provide, the faster and more reliable our other managed DNS services become…Offering recursive DNS services helps our traffic management and load balancing tools, too."

Petro says its free DNS Advantage service is faster, more reliable and more secure than what ISPs offer. The service includes Web filtering, typo re-direction and protection against distributed denial-of-service attacks.

"It's not a gift," Petro says. "It's something that absolutely enables us to improve our managed services. Our [external DNS] customers will pay more if our services are highly tunable all the way down to the recursive level."

Learn more about this topic

DNS tools play key role in Hollywood thriller 'Untraceable'

01/18/08

Phishers use DNS tricks to direct users to bad sites

01/31/08

DNS attack could signal Phishing 2.0

12/11/07

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies