On Thursday, July 22, an issue with Akamai Technologies’ Edge DNS service caused widespread outages across the Internet. The issue was the result of a bug in the DNS system caused by a software configuration update. This temporarily affected the websites and services of several major companies including Fidelity Investments, FedEx, Delta, HSBC and Airbnb. The issue was resolved soon after and Akamai confirmed that its Edge DNS service is resuming normal operations. Edge DNS from Akamai is an authoritative DNS service that organizations can use as a primary or secondary DNS service.
This outage (as the Dyn outage did back in 2016) highlights the fact that it’s not a good idea to rely solely on a single DNS hosting provider for all your external DNS presence. When using a DNS hosting provider, it is recommended to use a hybrid external DNS approach where on-premises DNS appliances are used in combination with the DNS hosting provider to support external authoritative service. This helps ensure that if the hosting provider’s DNS service goes down, you still have the on-premises DNS servers as a fall back to minimize any disruptions.
A customer following this recommendation could have withstood the disruption, as their on-premises authoritative name servers would have still been accessible. Recursive name servers on the Internet, many of which use the response times of authoritative name servers to select among them, would have quickly learned which of the customer’s DNS servers were responding, and would have begun to favor those.
In addition to the above hybrid approach that helps organizations retain control of their DNS and provides redundancy, using an authoritative DNS server that has DDoS protection built-in can help provide even better resiliency in case of a DNS DDoS attack (which was not the case here) where the DNS slows down.
Mission Critical DNS, DHCP and IPAM for Hybrid Networks
Infoblox NIOS provides mission critical DNS, DHCP, and IPAM services for hybrid networks. With built in automation and multi-cloud API integrations, NIOS provides unified management, visibility and control for robust external and internal DNS.
Maximum Uptime with Built-in DNS Attack Protection
As we saw from the recent outages, if your DNS is down, your business is down. DNS DDoS attacks can be another factor that could slow down DNS resolution or bring it to a halt. Infoblox Advanced DNS Protection effectively shields you from the widest range of DNS DDoS attacks, maintaining service uptime for your organization.
