Domain Name System (DNS): It works, so why change?

There are a few things I’ve learned in my first year of working on Adaptive DNS solutions. I know what it means to provision networks, the difference between recursive and authoritative servers, and the importance of caching layers. I know what a DMZ is, and a whole slew of other acronyms that you could make alphabet soup with.

Most companies use the default Microsoft DNS. It’s “free” and it works. So why change? My biggest take away on that – the default system is challenged with outages, security risks, and unnecessary network complexity.

1. The Outage

DNS (Domain Name System) is a critical part of any organization’s network infrastructure. It’s what a device uses to connect to the network. DNS makes it all happen. DNS is quietly working behind the scenes. Nobody cares about it because it works…until it doesn’t.

A DNS outage can cripple even the most advanced companies. According to the Ponemon 2016 Cost of Data Center Outage Report, the average DNS outage lasts 91 minutes and costs $8,851 per minute. If that organization is in the financial services or manufacturing industry, those numbers can be significantly higher and are measured in dollars per second.

Human error is the most common cause of DNS outages. Accidental DNS record deletion, unauthorized changes, and lack of data validation are all common concerns for a decentralized DNS infrastructure. Adaptive DNS solves these challenges by automating manual, repetitive and error-prone tasks.

2. The Security Risk

DNS goes beyond assigned names and numbers. It is a basic requirement for every network so it’s no wonder that over 91% of malware leverage DNS for their attacks. Surprisingly, 68% of organizations don’t even monitor the data on their recursive DNS servers. According to the Ponemon 2018 Cost of Breach Report, the average time to detect a breach is 197 days and to contain it is 69 days. The average breach can cost an organization around $3.8 million. With these statistics, wouldn’t it make sense to monitor the system that is leveraged by most malware attacks?

With Adaptive DNS, you can apply security policies at the query level, gain greater visibility into the intent of every device, and make sure that important threat information is sent to your SIEM. This allows you to quickly detect malicious activity, contain it, and identify “patient zero”. One of our clients recently experienced a TrickBot attack. Through BlueCat’s Adaptive DNS solutions, they were able to detect the breach and contain it in less than a week.

3. Unnecessary Complexity

Microsoft is not a DNS company. TheirDNS tools are more of an afterthought than a purpose-built tool. As organizations grow (organically or through acquisition), the network naturally becomes more complex. Suddenly, several dozens or even hundreds of domain controllers are running DNS. This can be a nightmare to maintain, and typically result in a lot of home-grown architectures, conditional forwarding servers, or delegation scenarios. This makes your system’s DNS infrastructure complex.

Adaptive DNS helps by consolidating these existing servers and optimizing your network traffic through an architecture based on industry best practices. This gives you a single source of truth for all DNS, DHCP, and IP Address space. Updates can be made for all servers through one centrally managed platform and can be leveraged through automation and cloud initiatives.

Conclusion

All of this is just the tip of the iceberg. Adaptive DNS can provide many more capabilities if an organization knows how to leverage it.

Technology is constantly evolving and changing. Everyday we hear new and exciting buzzwords that could become the next technological revolution like Cloud, Automation, and Software Defined Networks. Companies spend millions of dollars daily to ensure their network is reliable, secure, and on the cutting edge.

For many organizations, new network capabilities take precedence over a stable core infrastructure. Underneath cloud, AI, and machine learning sits an IP Address, a DNS query, and probably a DHCP lease. Are your next gen initiatives sitting on top of an outdated platform?

Want to learn more about BlueCat’s Adaptive DNS capabilities? Learn more about BlueCat’s DDI. Let’s talk!


An avatar of the author

Joshua Hamilton is an Account Executive for BlueCat and has been a part of the team since 2017. He has been in the software industry since 2012 and graduated from the University of North Texas.

Related content

Banner announcing BlueCat's acquisition of LiveAction, displaying both logos and the phrase "We're about to get bigger."

BlueCat acquires LiveAction to drive network modernization and optimization

BlueCat’s acquisition of LiveAction will allow customers to expand their view beyond DNS and dive deeper into the health of their network.

Read more

Simplify NIS2 compliance with DNS management

Learn whether the EU’s NIS2 requirements apply to your organization and about how DNS management and BlueCat can boost your path to compliance.

Read more

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

BlueCat has acquired LiveAction

It’s official! BlueCat has acquired LiveAction’s network observability and intelligence platform, which helps large enterprises optimize the performance, resiliency, and security of their networks.