Cloudflare wins managed DNS shootout

An effective DNS (Domain Name System) infrastructure is a critical component of system uptime, which is essential to the viability and continuity of web services. For complex websites, a third of page load time can be attributed to DNS lookups. Inadequate or improperly configured DNS can have a potentially catastrophic impact on a company’s online presence.

For many enterprises, deploying a fully built-out DNS network may not be feasible. Thus, many have turned to third-party DNS providers. In this review, we look at four major managed DNS providers: Dyn, Amazon Web Services Route 53, Cloudflare and DNS Made Easy.

These four were selected based on a combination of market share, points of presence, features and management tools. All four are cloud-based, which means there is no software or hardware needed on the customer’s end. Several of these products offer additional features such as Web hosting, internet security, content delivery etc., but our focus was on the core managed DNS service.

The data center we used for this review hosts multiple websites with anywhere from a few hundred to upwards of 10,000 unique visitors per day. Although our review was not focused on speed, we did some informal speed checking compared to our in-house DNS servers and found that the hosted solutions were generally faster.

Our main takeaway is that all four are quite capable and will provide more than adequate DNS service for companies, small and large.

• For cost-conscious organizations looking for a basic reliable and affordable DNS solution our choice is DNS Made Easy. At $29.95 per year for up to 10 domains, it provides core DNS services and then some at a low cost. The management console is uncluttered and easy to navigate for anyone with just some basic knowledge of how DNS works.
• For users needing a full-service, agile DNS provider, we are giving the edge to Cloudflare. We’re basing this on solid basic DNS features with an excellent management interface, including the option of using an API to access all available features. In addition, Cloudflare provides important security features such as full support for DNSSEC and advanced protection against distributed denial of service (DDoS) attacks.
• Amazon’s Route 53 would be a good choice for customers who want to integrate DNS with other services, such as email and Web hosting.
• Dyn, which was acquired by Oracle in late 2016, gets high marks for excellent on-screen reporting and full support for DNSSEC, but we encountered some minor usability issues that removed it as our top choice.

Here are the individual reviews:

Stephen Sauer

DNS Made Easy

DNS Made Easy comes in three flavors, Small business, Business and Corporate. They offer a 30-day free trial for up to three domains. After creating our new account, we were logged in and presented with a clean and easy-to-navigate dashboard. The dashboard displays links to all domains associated with your account, together with basic information about recent DNS queries and links to quick-start tutorials.

Getting started with the first domain was pretty self-explanatory and after adding the DNS Made Easy name servers to our domain registration we could see traffic flowing after a just a few minutes. The DNS records for each domain are easy to view and modify from a single configuration. We found that changes took effect almost immediately. One small annoyance was the admin console logging us out after what seemed like just a brief period of inactivity.

Real-time reporting is provided on-screen, either in chart or tabular format. Reports can be filtered and/or rolled up by various parameters, such as date, record type, location and IP version. The data can be exported in TXT format, but there is no PDF or other export format available.

The DNS Made Easy servers are fast, with our testing over several days showing response times in the 2ms range, even for high traffic sites.

The DNS Made Easy pricing model is simple and affordable, starting at $29.95 per year for the small business plan, which includes up to 10 domains, 400 DNS records and 5 million queries. The business plan is $59.95 per year for 25 domains, 1,000 DNS records and 10 million queries. The corporate plan is $124.95 per month for 50 domains, 2,000 DNS records and 50 million queries.

Additional domains and queries can be purchased for the business and corporate plans, but not for the small business plan. DNS Made Easy offers an SLA that provides a credit of 500% of any downtime, which means they will give you five days’ credit against future services in the event of a full day of downtime.

The online knowledgebase provides answers to most question. For many DNS tasks there are how-to videos with step-by-step guides that walk you through the process. For additional support, you can file a ticket with questions to the support staff.

DNS Made Easy utilizes a REST API for core functions such as domain and record modifications. The API is made available at no additional charge with the business and corporate plans. There is also a convenient API sandbox feature available for testing before making changes to live DNS configurations.

DNS Made Easy provides mobile apps for both iOS and Android, which allow users to perform common domain tasks such as adding, deleting and modifying DNS records, as well as viewing basic statistics.

We found that DNS Made Easy lives up to its name in that it is easy to configure and manage on a day-to-day basis. The user interface is basic in a good way, responsive and intuitive. We found the on-screen reporting to be adequate, but wish there was a better way to export to a visual format. DNS Made Easy does not offer DNSSEC and specific DDoS prevention features, but if these are not critical to your operation, the affordable all-inclusive annual pricing makes sense for organizations that do not have huge DNS volumes.

Dyn

Dyn provides several DNS products, but to keep to an apples-to-apples comparison we focused on its managed DNS offering which is available in three different levels; Basic, Lite and Enterprise. The Lite version is Dyn’s most popular and the one we selected for our review. We encountered a few minor issues signing up, ranging from not being able to use a debit card (a known issue confirmed by customer support) and an issue of needing to create multiple logins/IDs in order to get properly credentialed. These were minor issues, but nonetheless areas that could use some improvement. In the plus column, it should be mentioned that Dyn offers a two-factor authentication option.

[ ALSO: How Dyn is rising to the cloud challenge ]

Dyn’s managed DNS is administered from a clean and modern dashboard. In one of the several welcome emails there were links to how-to guides and we used one to guide us through creating a new zone for one of our test domains.

However, the guide was hardly needed as Dyn offers a step-by-step process that was very simple to follow. With the exception of providing the zone name and contact email, most users can accept the default values while creating a new zone. Each zone is provided with four Dyn name servers and we added these to the domain registrar record for our test domain.

When managing a zone, you can either use a ‘simple’ editor or an ‘expert’ editor. We found the ‘expert’ version easiest to work with. Most admins working with DNS are probably in the ‘expert’ category anyway. Whether you’re setting up a new zone or editing existing records, Dyn is very specific about needing to publish changes when these are made. Generally speaking, this is a good idea, as with DNS you don’t want to publish unintended changes.

Dyn has an impressive 18 points of presence (POPs) throughout the world and its name servers are fast, with our general testing indicating response times in the 2-3 ms for all provided servers.

The Dyn management console provides several on-screen reports. A report that shows queries per second by day, week, month or year was quite useful. There is also a more detailed report that shows queries per second by record type, such as the number of A or MX record requests. The reports can be exported in CSV format, although we would have liked to see PDF format as well.

Dyn supports IPv6 as well as DNSSEC. Support is available in several formats, ranging from self-help how-to videos, online documentation and a forum to basic free email support and premium paid support options.

Dyn offers a free seven-day test drive with up to 10 zones, 50 records and 5 million queries. Pricing is straightforward, $7 per month for the Basic Version (one domain, up to 50 records and 1 million queries), $35 for the Lite version 10 domains, 500 records and 5 million queries per month). Dyn also offers custom pricing for enterprises needing support for larger volumes.

As for a service-level agreement, we read the user agreement and could not find specifics other than the following statement: “Dyn will use commercially reasonable efforts to meet all the time period deadlines outlined in the DNS SLA and Guidelines.” We did not find a copy of the “DNS SLA and Guidelines” on its website.

Of the four offerings we reviewed, Dyn, along with Cloudflare, provides the most comprehensive API integration with support for both SOAP and REST. In addition to basic DNS tasks, Dyn also provides for more advanced tasks to be performed via API, such as managing permissions, configuring DNSSEC and traffic management. Dyn also provides an app for both Android and iOS that can be used to manage DNS services.

Amazon Route 53

Amazon provides a managed DNS service as part of its cloud computing platform. Aptly named Route 53 (a reference to the DNS use of port 53) the service provides core DNS functions, such as IP address management for websites and email servers. In addition, it offers tools for traffic management, availability monitoring and domain registration.

Signing up is integrated with the AWS (Amazon Web Services) platform and all you need to get started with a free account is an email address and a credit card (no charges to sign up).

With our new AWS account set up, we logged in and were presented with the universe of options available with AWS. We quickly found the link to AWS Route 53 and this loaded a clean looking dashboard with ‘Get Started’ links for each of the main features. It should be noted as you start using AWS and one or several of its features, the home dashboard becomes somewhat personalized with links to recently used features. We found the dashboard interface very responsive and easy to navigate.

[ ALSO: Deep dive on AWS, Azure and Google cloud storage ]

To get the ball rolling we configured a new domain using AWS Route 53 exclusively for DNS purposes. The initial configuration was straightforward with the creation of a new zone for the domain name to be hosted. When a new zone is created, four name servers are provided by default; in our case we noted that with each zone there was one each of a .com, .net, .org and .co.uk server provided. With the new zone created, we added the necessary DNS records such as an A record for www.somedomain.com and somedomain.com. Other records such as MX records to determine mail routing and PTR and TXT records can also be added.

In order to utilize the AWS Route 53 DNS servers, we needed to add the supplied name servers to the domain record with our domain registrar. Depending on the domain registrar, the information is either updated in near real-time (as ours was) or it might take several days with some of the slower registrars, something we find to be annoying (registrars you know who you are). A quick DNS check confirmed the settings and our new website came up without any problems.

One disappointing aspect of AWS Route 53 is the lack of on-screen reporting features. Unlike some of the other services tested, there is no summary of queries by record type or geographic origin. The billing summary shows the total number of queries, but if you have multiple zones (domains), you don’t get a breakdown of which zone the queries are for. The interface does have "support blurbs" that are available throughout with short explanation of features. There is also solid online and offline (PDFs) documentation available. AWS Route 53 offers no free human support and monthly support plans start at $29.

AWS Route 53 has a REST-based API that provides several DNS-related tasks including creating zones and zone records. The API can also be used to manage traffic policies as well as DNS health checks. AWS Route 53 can be managed using the AWS Console mobile app, available for iOS and Android. A notable shortcoming is that AWS Route 53 offers DNSSEC only for domain registrations and not for its DNS service. In order to use DNSSEC for a domain that is registered with Amazon Route 53, you must utilize a third-party DNS provider.