Cloudflare wins managed DNS shootout

An effective DNS (Domain Name System) infrastructure is a critical component of system uptime, which is essential to the viability and continuity of web services. For complex websites, a third of page load time can be attributed to DNS lookups. Inadequate or improperly configured DNS can have a potentially catastrophic impact on a company’s online presence.

For many enterprises, deploying a fully built-out DNS network may not be feasible. Thus, many have turned to third-party DNS providers. In this review, we look at four major managed DNS providers: Dyn, Amazon Web Services Route 53, Cloudflare and DNS Made Easy.

These four were selected based on a combination of market share, points of presence, features and management tools. All four are cloud-based, which means there is no software or hardware needed on the customer’s end. Several of these products offer additional features such as Web hosting, internet security, content delivery etc., but our focus was on the core managed DNS service.

The data center we used for this review hosts multiple websites with anywhere from a few hundred to upwards of 10,000 unique visitors per day. Although our review was not focused on speed, we did some informal speed checking compared to our in-house DNS servers and found that the hosted solutions were generally faster.

Our main takeaway is that all four are quite capable and will provide more than adequate DNS service for companies, small and large.

• For cost-conscious organizations looking for a basic reliable and affordable DNS solution our choice is DNS Made Easy. At $29.95 per year for up to 10 domains, it provides core DNS services and then some at a low cost. The management console is uncluttered and easy to navigate for anyone with just some basic knowledge of how DNS works.
• For users needing a full-service, agile DNS provider, we are giving the edge to Cloudflare. We’re basing this on solid basic DNS features with an excellent management interface, including the option of using an API to access all available features. In addition, Cloudflare provides important security features such as full support for DNSSEC and advanced protection against distributed denial of service (DDoS) attacks.
• Amazon’s Route 53 would be a good choice for customers who want to integrate DNS with other services, such as email and Web hosting.
• Dyn, which was acquired by Oracle in late 2016, gets high marks for excellent on-screen reporting and full support for DNSSEC, but we encountered some minor usability issues that removed it as our top choice.

Here are the individual reviews:

Stephen Sauer

DNS Made Easy

DNS Made Easy comes in three flavors, Small business, Business and Corporate. They offer a 30-day free trial for up to three domains. After creating our new account, we were logged in and presented with a clean and easy-to-navigate dashboard. The dashboard displays links to all domains associated with your account, together with basic information about recent DNS queries and links to quick-start tutorials.

Getting started with the first domain was pretty self-explanatory and after adding the DNS Made Easy name servers to our domain registration we could see traffic flowing after a just a few minutes. The DNS records for each domain are easy to view and modify from a single configuration. We found that changes took effect almost immediately. One small annoyance was the admin console logging us out after what seemed like just a brief period of inactivity.

Real-time reporting is provided on-screen, either in chart or tabular format. Reports can be filtered and/or rolled up by various parameters, such as date, record type, location and IP version. The data can be exported in TXT format, but there is no PDF or other export format available.

The DNS Made Easy servers are fast, with our testing over several days showing response times in the 2ms range, even for high traffic sites.

The DNS Made Easy pricing model is simple and affordable, starting at $29.95 per year for the small business plan, which includes up to 10 domains, 400 DNS records and 5 million queries. The business plan is $59.95 per year for 25 domains, 1,000 DNS records and 10 million queries. The corporate plan is $124.95 per month for 50 domains, 2,000 DNS records and 50 million queries.

Additional domains and queries can be purchased for the business and corporate plans, but not for the small business plan. DNS Made Easy offers an SLA that provides a credit of 500% of any downtime, which means they will give you five days’ credit against future services in the event of a full day of downtime.

The online knowledgebase provides answers to most question. For many DNS tasks there are how-to videos with step-by-step guides that walk you through the process. For additional support, you can file a ticket with questions to the support staff.

DNS Made Easy utilizes a REST API for core functions such as domain and record modifications. The API is made available at no additional charge with the business and corporate plans. There is also a convenient API sandbox feature available for testing before making changes to live DNS configurations.

DNS Made Easy provides mobile apps for both iOS and Android, which allow users to perform common domain tasks such as adding, deleting and modifying DNS records, as well as viewing basic statistics.

We found that DNS Made Easy lives up to its name in that it is easy to configure and manage on a day-to-day basis. The user interface is basic in a good way, responsive and intuitive. We found the on-screen reporting to be adequate, but wish there was a better way to export to a visual format. DNS Made Easy does not offer DNSSEC and specific DDoS prevention features, but if these are not critical to your operation, the affordable all-inclusive annual pricing makes sense for organizations that do not have huge DNS volumes.

Dyn

Dyn provides several DNS products, but to keep to an apples-to-apples comparison we focused on its managed DNS offering which is available in three different levels; Basic, Lite and Enterprise. The Lite version is Dyn’s most popular and the one we selected for our review. We encountered a few minor issues signing up, ranging from not being able to use a debit card (a known issue confirmed by customer support) and an issue of needing to create multiple logins/IDs in order to get properly credentialed. These were minor issues, but nonetheless areas that could use some improvement. In the plus column, it should be mentioned that Dyn offers a two-factor authentication option.

[ ALSO: How Dyn is rising to the cloud challenge ]

Dyn’s managed DNS is administered from a clean and modern dashboard. In one of the several welcome emails there were links to how-to guides and we used one to guide us through creating a new zone for one of our test domains.

However, the guide was hardly needed as Dyn offers a step-by-step process that was very simple to follow. With the exception of providing the zone name and contact email, most users can accept the default values while creating a new zone. Each zone is provided with four Dyn name servers and we added these to the domain registrar record for our test domain.

When managing a zone, you can either use a ‘simple’ editor or an ‘expert’ editor. We found the ‘expert’ version easiest to work with. Most admins working with DNS are probably in the ‘expert’ category anyway. Whether you’re setting up a new zone or editing existing records, Dyn is very specific about needing to publish changes when these are made. Generally speaking, this is a good idea, as with DNS you don’t want to publish unintended changes.

Dyn has an impressive 18 points of presence (POPs) throughout the world and its name servers are fast, with our general testing indicating response times in the 2-3 ms for all provided servers.

The Dyn management console provides several on-screen reports. A report that shows queries per second by day, week, month or year was quite useful. There is also a more detailed report that shows queries per second by record type, such as the number of A or MX record requests. The reports can be exported in CSV format, although we would have liked to see PDF format as well.

Dyn supports IPv6 as well as DNSSEC. Support is available in several formats, ranging from self-help how-to videos, online documentation and a forum to basic free email support and premium paid support options.

Dyn offers a free seven-day test drive with up to 10 zones, 50 records and 5 million queries. Pricing is straightforward, $7 per month for the Basic Version (one domain, up to 50 records and 1 million queries), $35 for the Lite version 10 domains, 500 records and 5 million queries per month). Dyn also offers custom pricing for enterprises needing support for larger volumes.

As for a service-level agreement, we read the user agreement and could not find specifics other than the following statement: “Dyn will use commercially reasonable efforts to meet all the time period deadlines outlined in the DNS SLA and Guidelines.” We did not find a copy of the “DNS SLA and Guidelines” on its website.

Of the four offerings we reviewed, Dyn, along with Cloudflare, provides the most comprehensive API integration with support for both SOAP and REST. In addition to basic DNS tasks, Dyn also provides for more advanced tasks to be performed via API, such as managing permissions, configuring DNSSEC and traffic management. Dyn also provides an app for both Android and iOS that can be used to manage DNS services.

Amazon Route 53

Amazon provides a managed DNS service as part of its cloud computing platform. Aptly named Route 53 (a reference to the DNS use of port 53) the service provides core DNS functions, such as IP address management for websites and email servers. In addition, it offers tools for traffic management, availability monitoring and domain registration.

Signing up is integrated with the AWS (Amazon Web Services) platform and all you need to get started with a free account is an email address and a credit card (no charges to sign up).

With our new AWS account set up, we logged in and were presented with the universe of options available with AWS. We quickly found the link to AWS Route 53 and this loaded a clean looking dashboard with ‘Get Started’ links for each of the main features. It should be noted as you start using AWS and one or several of its features, the home dashboard becomes somewhat personalized with links to recently used features. We found the dashboard interface very responsive and easy to navigate.

[ ALSO: Deep dive on AWS, Azure and Google cloud storage ]

To get the ball rolling we configured a new domain using AWS Route 53 exclusively for DNS purposes. The initial configuration was straightforward with the creation of a new zone for the domain name to be hosted. When a new zone is created, four name servers are provided by default; in our case we noted that with each zone there was one each of a .com, .net, .org and .co.uk server provided. With the new zone created, we added the necessary DNS records such as an A record for www.somedomain.com and somedomain.com. Other records such as MX records to determine mail routing and PTR and TXT records can also be added.

In order to utilize the AWS Route 53 DNS servers, we needed to add the supplied name servers to the domain record with our domain registrar. Depending on the domain registrar, the information is either updated in near real-time (as ours was) or it might take several days with some of the slower registrars, something we find to be annoying (registrars you know who you are). A quick DNS check confirmed the settings and our new website came up without any problems.

One disappointing aspect of AWS Route 53 is the lack of on-screen reporting features. Unlike some of the other services tested, there is no summary of queries by record type or geographic origin. The billing summary shows the total number of queries, but if you have multiple zones (domains), you don’t get a breakdown of which zone the queries are for. The interface does have “support blurbs” that are available throughout with short explanation of features. There is also solid online and offline (PDFs) documentation available. AWS Route 53 offers no free human support and monthly support plans start at $29.

AWS Route 53 has a REST-based API that provides several DNS-related tasks including creating zones and zone records. The API can also be used to manage traffic policies as well as DNS health checks. AWS Route 53 can be managed using the AWS Console mobile app, available for iOS and Android. A notable shortcoming is that AWS Route 53 offers DNSSEC only for domain registrations and not for its DNS service. In order to use DNSSEC for a domain that is registered with Amazon Route 53, you must utilize a third-party DNS provider.

The first 25 hosted zones are $.50 per month, and for zones beyond 25 the cost drops to 10 cents month. DNS queries are charged at 40 cents per million for the first billion queries per month, queries beyond a billion per month are charged at 20 cents per million. Latency based and GEO DNS queries are charged at slightly higher rates and you can also pay for services like health checks and traffic policy records ($50 per month). Amazon’s SLA consists of what they call ‘service credits’ in case of any outages. Service credits are issued in 1-, 7- or 30-day credits depending on the length of DNS unavailability. This underscores the need for DNS redundancy, since service credits alone are unlikely to adequately address the actual costs of downtime.

Amazon has built an impressive Web hosting infrastructure with AWS over the past several years. AWS Route 53 fits nicely into their suite of offerings and for those wanting a one-stop shop for all their Web hosting needs, AWS Route 53 fits the bill. With almost 50 points of presence world-wide, there is a Route 53 name server in close proximity to most locations.

AWS Route 53 lacks some of features of Dyn and Cloudflare, such as DNSSEC. On the flip side, their pricing structure is flexible and affordable, and we found the management tools to be easy to use, including mobile apps for both iOS and Android.

Network World

Cloudflare

Cloudflare claims to host more than one-third of all managed domains at over 20 data centers located worldwide. Its managed DNS service is available in four versions; Free, Pro ($20 per month per domain), Business ($200 per month per domain) and Enterprise, which provides custom pricing and features. Unlike some of the other providers, CloudFlare provides different features for each pricing level. However, for the core DNS features, we found each version except the Enterprise version to be fairly similar.

CloudFlare has made the signup process very simple. You basically just enter a user name/password, which logs you on and you’re ready to add your first DNS zone. We entered our domain name and Cloudflare automatically looked up our current name servers and presented us with an option to switch to Cloudflare name servers. It should be noted that Cloudflare provides only two name servers whereas the other DNS services generally provided five or more servers. Its explanation for this is that with proper propagation two servers are enough. After adding the Cloudflare name servers to our domain registrar we were ready to go.

With Cloudflare you have the option of using an HTTP proxy. What this means is that if you create, for example, an A record for www.yourdomain.com that points to an IP address on your Web server, Cloudflare will display one of its IP addresses when someone performs an IP lookup for your domain.

This offers several benefits such as spreading requests across all of the Cloudflare data centers and it is also helpful in the event of a DDoS attack. Cloudflare has assisted organizations defending against some high profile DDoS attacks, including one against the anti-spam site SpamHaus in 2013.

It uses several features to accomplish this, but the main one is the use of Anycast to broadcast the same IP address for all of its data centers. This approach essentially dilutes a DDoS attack across multiple locations and by using the Cloudflare proxy, none of the attack traffic reaches the customer’s servers.

As for DNS speed, our tests of Cloudflare were in line with what we saw for the other providers, generally in the less than 5 millisecond category.

The dashboard is easy to navigate with icon/text links across the top in order of importance. The layout is uncluttered and each page is organized in a logical manner. In addition to the core DNS features, Cloudflare provides a variety of DNS-related add-ons, some included and others optional at extra cost.

An important feature is DNSSEC, which as previously noted, digitally signs zones to ensure the DNS records received are identical to the DNS records published by the domain owner. Cloudflare includes the option to use DNSSEC with a simple click of a button and adding a corresponding record to the domain registration.

Cloudflare provides several visually appealing on-screen reporting options, including total DNS requests, bandwidth usage as well as threat analysis. There is also information on how much bandwidth and server resources you’re saving by using Cloudflare over in-house equipment. All of the reports are available for all product levels, the only difference is that some of the more granular (hourly, 30-minute) reports are only available for the Pro and Enterprise levels. Our only complaint is that we wish there was a way to export the reports. In addition to on-screen reporting, Cloudflare provides email notifications of events that may affect DNS settings for your domains.

Cloudflare provides access to its entire infrastructure through a RESTful programmatic interface. According to Cloudflare you can essentially accomplish all tasks available from the Web interface also through the API. API keys are available to generate for all registered customers.

Basic support is offered via an excellent online searchable support database. Additional support is available with all plans, with variable response times. Only the Enterprise plan offers phone support, the others are email support only. We applaud the Cloudflare 100% uptime SLAs for the Business and Enterprise levels with a 2,500% guarantee for the Enterprise plan, meaning they will give you a credit of 2,500% of what you paid for any downtime.

After testing all four products we believe Cloudflare edged out the other three, even if the margins were pretty small overall. Cloudflare provides solid international infrastructure of name servers and excellent user interface to boot. Our only gripe is the cost of the Enterprise edition along with no native mobile management apps (there are third-party ones available). However, this is offset by the availability of a full API, advanced security features and great reporting.