DNS

Domain Name System (DNS): It works, so why change?

If your Domain Name System (DNS) seems to work, why would you change to anything else? Actually, there are plenty of reasons.

Last updated: September 15, 2025

An avatar of the author
Joshua Hamilton
Nighttime city skyline with glowing data lines illustrating DNS traffic across an urban network
Key Takeaways
  • DNS is a critical dependency for all network services, and outages—often caused by human error in decentralized environments—can be extremely costly and long-lasting.
  • Most organizations rely on default Microsoft DNS, which is functional but prone to outages, security gaps, and operational complexity at enterprise scale.
  • Over 91% of malware leverages DNS, yet a majority of organizations do not monitor recursive DNS traffic, creating a blind spot that prolongs breach detection and containment.
  • Adaptive DNS introduces automation to reduce manual, error-prone DNS changes, improving reliability and minimizing the risk of misconfigurations.
  • By enforcing security policies at the DNS query level and integrating with SIEM, Adaptive DNS improves threat visibility, accelerates incident response, and helps identify initial infection points.
  • Adaptive DNS simplifies complex, distributed DNS/DHCP/IPAM environments by consolidating servers, providing a single source of truth, and enabling centralized, automation-ready management.

There are a few things I’ve learned in my first year of working on Adaptive DNS solutions. I know what it means to provision networks, the difference between recursive and authoritative servers, and the importance of caching layers. I know what a DMZ is, and a whole slew of other acronyms that you could make alphabet soup with.

Most companies use the default Microsoft DNS. It’s “free” and it works. So why change? My biggest take away on that – the default system is challenged with outages, security risks, and unnecessary network complexity.

1. The Outage

DNS (Domain Name System) is a critical part of any organization’s network infrastructure. It’s what a device uses to connect to the network. DNS makes it all happen. DNS is quietly working behind the scenes. Nobody cares about it because it works…until it doesn’t.

A DNS outage can cripple even the most advanced companies. According to the Ponemon 2016 Cost of Data Center Outage Report, the average DNS outage lasts 91 minutes and costs $8,851 per minute. If that organization is in the financial services or manufacturing industry, those numbers can be significantly higher and are measured in dollars per second.

Human error is the most common cause of DNS outages. Accidental DNS record deletion, unauthorized changes, and lack of data validation are all common concerns for a decentralized DNS infrastructure. Adaptive DNS solves these challenges by automating manual, repetitive and error-prone tasks.

2. The Security Risk

DNS goes beyond assigned names and numbers. It is a basic requirement for every network so it’s no wonder that over 91% of malware leverage DNS for their attacks. Surprisingly, 68% of organizations don’t even monitor the data on their recursive DNS servers. According to the Ponemon 2018 Cost of Breach Report, the average time to detect a breach is 197 days and to contain it is 69 days. The average breach can cost an organization around $3.8 million. With these statistics, wouldn’t it make sense to monitor the system that is leveraged by most malware attacks?

With Adaptive DNS, you can apply security policies at the query level, gain greater visibility into the intent of every device, and make sure that important threat information is sent to your SIEM. This allows you to quickly detect malicious activity, contain it, and identify “patient zero”. One of our clients recently experienced a TrickBot attack. Through BlueCat’s Adaptive DNS solutions, they were able to detect the breach and contain it in less than a week.

3. Unnecessary Complexity

Microsoft is not a DNS company. TheirDNS tools are more of an afterthought than a purpose-built tool. As organizations grow (organically or through acquisition), the network naturally becomes more complex. Suddenly, several dozens or even hundreds of domain controllers are running DNS. This can be a nightmare to maintain, and typically result in a lot of home-grown architectures, conditional forwarding servers, or delegation scenarios. This makes your system’s DNS infrastructure complex.

Adaptive DNS helps by consolidating these existing servers and optimizing your network traffic through an architecture based on industry best practices. This gives you a single source of truth for all DNS, DHCP, and IP Address space. Updates can be made for all servers through one centrally managed platform and can be leveraged through automation and cloud initiatives.

Conclusion

All of this is just the tip of the iceberg. Adaptive DNS can provide many more capabilities if an organization knows how to leverage it.

Technology is constantly evolving and changing. Everyday we hear new and exciting buzzwords that could become the next technological revolution like Cloud, Automation, and Software Defined Networks. Companies spend millions of dollars daily to ensure their network is reliable, secure, and on the cutting edge.

For many organizations, new network capabilities take precedence over a stable core infrastructure. Underneath cloud, AI, and machine learning sits an IP Address, a DNS query, and probably a DHCP lease. Are your next gen initiatives sitting on top of an outdated platform?

Want to learn more about BlueCat’s Adaptive DNS capabilities? Learn more about BlueCat’s DDI. Let’s talk!

Published in:

DNS

Published on: November 2, 2018

An avatar of the author

Joshua Hamilton is an Account Executive for BlueCat and has been a part of the team since 2017. He has been in the software industry since 2012 and graduated from the University of North Texas.

Related content

Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more
Stacked colorful wooden directional arrows on a post by a calm seaside with distant hills and blue sky
Blog

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)

Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.

Read more
Row of orange industrial robotic arms positioned along an automated conveyor belt in a factory setting
Blog

Automate it all in Integrity with REST v2 API-first DDI management

Discover API-first DDI with Integrity X by using REST v2 to automate DNS, DHCP, and IPAM for scalable, secure network operations.

Read more
Three colleagues at monitors collaborating, overlaid with network, analytics, cloud, and gear icons.
Blog

Agentic AI adoption in network observability propels NetOps teams

Network observability is crucial for today’s networks and even more capable with agentic AI, according to new Omdia and BlueCat research.

Read more

⏳ Cisco Live is almost here. Put BlueCat on your agenda for smarter, more secure networks.

Get the details