Migrating to cloud computing? Don't forget DNS

Dyn Inc. targets DNS traffic management woes caused by using service providers' data centers

Before you mothball your data center and start using servers distributed across the 'Net, you need to rethink your DNS infrastructure.

The cloud computing model offers the promise of reduced IT operational costs, which may prove appealing in these recessionary times. But before you mothball your data center and start using servers distributed across the 'Net, you need to rethink your DNS infrastructure, experts say.

Dynamic Network Services Inc. -- dubbed Dyn Inc. -- a New Hampshire provider of enterprise and consumer DNS services, is expanding its line of outsourced DNS services to address the many issues that crop up when companies migrate to cloud computing.

Dyn Inc.is adding traffic management features to its Dynect platform for enterprise customers. Starting in January, the platform, used by several hundred companies, will be sold with add-on global load-balancing that allows customers to route traffic geographically to the closest available server to improve the latency of Web applications."As cloud computing takes off, I think traffic management is going to be a very big deal for people running dynamic Web apps, especially those using [content delivery networks] like Akamai," says Jeremy Hitchcock, CEO and CFO of Dyn Inc. "CDNs are wonderful for handling small and large file downloads and streaming media. But if you have a database-backed application, it seems hard to make that work with a CDN. So, what a lot of customers prefer to do is grab a Rackspace server in Dallas and a Verio box in Detroit . . . but they have no way to make sure that people get to the application servers that are geographically close to them. . . . They end up with bad, unoptimized Internet routing."

Dynect Traffic Management will provide customers with a network server map that looks like an airline's travel map, Hitchcock says. Customers can use this map to localize their applications and speed up response times for users around the globe.

"What I'm hoping is that Dynect Traffic Management will provide more resilient applications to end users by distributing content and dynamic applications globally," Hitchcock says. "We'll spread these applications out over multiple data centers and get out of engineering around single points of failure. Everything will be distributed everywhere."

Dynect runs on Anycast DNS servers housed in the firm's 10 global data centers. Customers use a SOAP-based API to control their DNS settings via a Web interface. SOAP is the Simple Object Access Protocol, which is used to send short messages over the Internet that can easily pass through firewalls.

With its global load-balancing features, Dynect will let customers quickly reroute DNS services if their cloud computing service suffers an outage or to handle traffic spikes.

"We have some exciting new features: IP load-balancing and other techniques that allow companies to manage traffic on their networks at the DNS layer," says Tom Daly, president and CTO of Dyn Inc. "It's a robust DNS offering that's right up to par with many of the DNS players."

Companies that outsource their DNS services to the service provider handling their Web hosting will wind up in trouble if there's an outage, Daly says. That's because their DNS infrastructure will be down, preventing the company from routing traffic to a backup site.

"Lots of companies have outsourced their e-mail or their hosting or their disaster recovery for multiple reasons. Their premises may not have good-enough connectivity or power, or they may not have the staff time or talent," Daly says. "A failure of their network will take their whole DNS structure down. If DNS is down, their disaster-recovery service isn’t working because DNS is not there to route it to a new site."

When companies migrate to the cloud computing model with such service providers as Amazon.com, they have to take on DNS chores themselves. This can be tricky because DNS experts are hard to find and command large salaries, Dyn Inc. says.

"The cloud computing companies don't all offer load balancing. I know Amazon doesn't," Daly says. "So, you have to have the skill and know-how to install a virtual image on Amazon and then do the load balancing yourself. With Dynect Traffic Management, we do all the load balancing and failover in DNS."

One company that handed off its DNS services to its Web hosting provider and ended up in trouble is 37signals, a Chicago provider of project management, CRM and collaboration packages sold as a software-as-a-service offering.

37signals uses a Rackspace data center in Dallas to host all of its software applications. The company also had Rackspace provide its DNS services -- that is, until December 2006 when Rackspace suffered a three-hour outage, and 37signals was left with no ability to communicate with its customers. That's when 37signals outsourced its DNS services to the Dynect platform.

"The main reason we switched to Dynect was for fault tolerance when we have an outage," says Mark Imbriaco, a system administrator with 37signals. "If we have an outage with Rackspace, we can immediately change our DNS records and point to a status page to tell our customers when our applications will be up again."

Without the Dynect platform, 37signals was shut down by the Rackspace outage. "We were unable to notify our customers. We couldn't give then an ETA of when we'd be back up and running. We were dead in the water," Imbriaco says. "Today our customers wouldn't have access to our applications because they're all at Rackspace, but at least we could give our customers a status update."

37signals looked at several options for DNS services before selecting the Dynect platform because it was the most cost-effective option, Imbriaco says. "Most of the other providers were targeted at larger enterprises and priced accordingly," he says. "Dyn Inc. had a lot of experience in the DNS field, and it was priced far more competitively than the competition. They had invested pretty heavily in their infrastructure and it was built up -- not to the same degree as a competitor like UltraDNS, but it was pretty extensive."

So far, 37signals has been happy with the Dynect platform, which it put to use during another Rackspace outage. "Our customers weren't happy that we were down, but they were very happy that we gave them [updates every 15 minutes]," Imbriaco says. "They were very complimentary about our communications."

Another benefit of migrating to the Dynect platform is that 37signals can propagate DNS changes across the Internet faster than before. With the platform, 37signals' time-to-live on DNS records are shorter and its response rates quicker.

37signals uses the Dynect platform for the 25 domain names it owns and the 80 DNS requests per second that it processes on average. The company spends less than $1,000 a month for the platform.

"We're definitely not interested in building out a global DNS infrastructure like Dynect," Imbriaco says. "The way they have it configured with Anycast routing and serving DNS up from edge nodes . . . that would cost us much more money to duplicate."

37signals is considering taking advantage of Dynect Traffic Management as it migrates to using cloud computing services from Amazon.com in Europe. "That feature would reduce the latency for our customers in Europe or Asia because it would offer much faster throughput to our servers," Imbriaco says. "We've been discussing setting up additional servers closer to those customers."

On the horizon for the Dynect platform. is support for IPv6. An upgrade to the Internet's main communications protocol known as IPv4, IPv6 uses 128-bit IP addresses instead of 32-bit addresses. These super-long strings of numbers in IPv6 addresses will be impossible for network managers to remember, so companies will be more reliant on automated services to match IPv6 addresses with domain names in the future.

"Everybody can remember an IPv4 address, but you take an IPv6 address and no one can remember that. So, our reliance on DNS will go up," Daly says. "We’re in the process of enabling IPv6. We're in test mode with a couple of our name servers in Chicago. We'll be turning those on soon so we can answer DNS queries in IPv6 and IPv4."

Dyn Inc. already offers IPv6 support through its virtual server platform service known as DynDNS Spring Server introduced in September.

Dyn Inc. also sells the DynDNS.com consumer service, which has 2.5 million users who run Web servers from their home computers using DSL or cable modem connectivity. DynDNS.com gives these users a way to match their domain name with the dynamic IP addresses assigned by their service provider. The 10-year-old service supports more than 100,000 domain names and handles more than 4 billion DNS queries per day.

Dyn Inc. launched the Dynect platform in 2007 when it noticed several large organizations including Mozilla were using DynDNS.com to run their corporate DNS services. The Dynect platform costs $5,000 to $10,000 per year.

Dyn Inc. has 30 employees and revenue of more than $5 million a year. The company is privately held.

Learn more about this topic

How DNS cache poisoning works

Infoblox upgrade thwarts DNS attacks

DNS flaw-fix hype addressed

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

IT Salary Survey: The results are in