It's time for a DNS check-up, experts warn

Have you checked your DNS servers lately?

Have you checked your DNS servers lately? If not, you may be putting your company’s entire network at risk.

The Internet’s DNS is a global distributed database that matches domain names with corresponding IP addresses. The DNS is critical for every Internet application, from Web surfing and e-mail to VoIP and video streaming.

If DNS doesn’t work, the Internet doesn’t work. That’s why you need to make sure that your DNS systems are robust, scalable and secure.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Have you checked your DNS servers lately? If not, you may be putting your company’s entire network at risk.

The Internet’s DNS is a global distributed database that matches domain names with corresponding IP addresses. The DNS is critical for every Internet application, from Web surfing and e-mail to VoIP and video streaming.

If DNS doesn’t work, the Internet doesn’t work. That’s why you need to make sure that your DNS systems are robust, scalable and secure.

The vulnerability of DNS was demonstrated this month by a distributed denial-of-service attack that affected three out of the 13 root servers that run the DNS. While that attack failed to take down the Internet’s DNS, it showed that DNS continues to be a target for hackers.

"DNS serving capacity is of increasing importance with the advent of increasingly deadly attacks of the distributed DoS variety," says Richard Kagan, vice president of marketing with Infoblox, which sells DNS appliances.

Whether you run your DNS systems yourself – using software or appliances – or you outsource the job to a service provider, you need to make sure that your DNS service is resilient enough to withstand today’s high-powered hacking attacks and capable enough to support new DNS-intensive applications.

Many companies, however, don’t pay enough attention to their DNS systems.

"For a lot of companies, DNS runs in a closet. It runs on old, underpowered computers and it runs on old software," says Albert Gouyet, vice president of marketing with Nominum, which sells carrier-class DNS software.

Kagan says few IT executives realize that their networks and all of their applications will cease to work if core networks services such as DNS aren’t operating.

"It’s surprising how often we go into environments with very experienced IT people who aren’t fully aware of the impact that these core services have on their applications," Kagan says. "Most organizations don’t have a disaster recovery plan for DNS."

Several trends are driving DNS traffic up dramatically for service providers and corporations:

* The amount of spam is up dramatically, which drives up e-mail volumes. Every e-mail requires a DNS look-up.

* Some types of antispam filters produce as much as 10 or 20 DNS queries for each message.

* The latest Web sites use distributed content, which requires more DNS look-ups.

* Microsoft Active Directory is dependent on DNS for many functions.

* The Session Initiation Protocol (SIP) used in most VoIP implementations is dependent on DNS.

"All of these things are contributing to the fact that DNS is growing much faster than anything else on your network," Gouyet says.

"The volume of DNS is traffic is going up, the amount of applications hitting DNS is going up and the dependencies of applications on DNS is going up," Kagan adds.

Few IT shops baseline their DNS traffic so they don’t understand how many DNS queries per second they are receiving or how fast that number is rising. Those that do benchmark DNS traffic are finding that they have to increase the performance of their DNS systems, Kagan says.