Oracle does-in Dyn, resets DNS services to cloud

Oracle wants its DNS customers to migrate from its Dyn service to Oracle Cloud services, but some of those customers are very unhappy.

Some may call it a normal, even boring course of vendor business operations but others find it a pain the rump or worse.

That about sums up the reaction to news this week that Oracle will end its Dyn Domain Name System enterprise services by 2020 and try to get customers to move to DNS services provided through Oracle Cloud.

Oracle said that since its acquisition of Dyn in 2016 and the ensuing acquisition of Zenedge, its engineering teams have been working to integrate Dyn’s products and services into the Oracle Cloud Infrastructure platform. “Enterprises can now leverage the best-in-class DNS, web application security, and email delivery services within Oracle Cloud Infrastructure and enhance their applications with a comprehensive platform to build, scale, and operate their cloud infrastructure," according to Oracle's
FAQ on the move. "As a result, Dyn legacy Enterprise services are targeted to be retired on May 31, 2020 with the exception of Internet Intelligence.”

But is the DNS in Oracle’s Cloud support really best in class? In the next breath the company states the Oracle Cloud Infrastructure DNS service will not support Dynamic DNS (Remote Access is not impacted) DNSSEC, Webhop (HTTP redirect), nor Zone transfer to external nameservers.

Not supporting DNSSEC for example seems a bit short-sighted.  In February the Internet Corporation for Assigned Names and Numbers called for widespread community effort to install stronger DNS security technology

Specifically ICANN called for full deployment of the Domain Name System Security Extensions (DNSSEC) across all unsecured domain names. DNS, often called the internet’s phonebook, is part of the global internet infrastructure that translates between common language domain names and IP addresses that computers need to access websites or send emails.  DNSSEC adds a layer of security on top of DNS.

Full deployment of DNSSEC ensures end users are connecting to the actual web site or other service corresponding to a particular domain name, ICANN said.   “Although this will not solve all the security problems of the Internet, it does protect a critical piece of it – the directory lookup – complementing other technologies such as SSL (https:) that protect the "conversation” and provide a platform for yet-to-be-developed security improvements,” ICANN said.

Reactions from Dyn customers on sites such as Reddit and Hacker News/ YCombinator were none too pleased about the change:

To continue reading this article register now