Jul 24, 2020 17:00:00

How can I deal with failures that occur in the 'DNS' used by web services?

The web service has a

domain name such as 'gigazine.net', but communication is realized by converting this domain name into an IP address by DNS. However, if services such as Cloudflare and Amazon Route 53 that manage DNS are down, there will be situations where the web service itself is inaccessible even though it is running. Mark E. Jeftovic , CEO of easyDNS , which provides DNS services, explains how to prevent these DNS failures.

Turns out half the internet has a Single-Point-of-Failure called “Cloudflare”
https://easydns.com/blog/2020/07/20/turns-out-half-the-internet-has-a-single-point-of-failure-called-cloudflare/

Secure 100% DNS Uptime with Proactive Nameservers
https://easydns.com/dns/proactive-nameservers/

Since DNS is widely used by web services, the degree of impact in the event of a failure also increases. On July 17, 2020 Pacific Time, a large-scale failure occurred that 50% of Cloudflare's network went down due to misconfiguration of the router installed in the data center. This issue had the effect of suspending services such as Discord and Feedly.

Cloudflare impacts large-scale failures that bring down 50% of the network, large sites such as Discord and Feedly-GIGAZINE

Jeftovic said easyDNS also uses Cloudflare to prevent DDoS attacks , but was not affected by the Cloudflare failure. It explains that some DNS names of easyDNS do not use Cloudflare.

Jeftovic said that it is 'unavoidable' that a large-scale DNS service like Cloudflare goes down, but it is important to use multiple DNS services to avoid failures. It is explained that there are 'Active/Active' method that always uses multiple DN services and 'Active/Passive' method that switches to the backup DNS service when a failure occurs as the configuration when using multiple DNS services. ..

There are many ways to implement the 'active/active' method, such as setting up a secondary DNS server by zone transfer . easyDNS also offers an active/active configuration with a service for Amazon Route 53 . However, easyDNS is the only service that provides a 'active/passive' configuration that automatically specifies the DNS service to be used during normal times and automatically switches when a failure occurs, Jeftovic said. This service is named ' Proactive Nameservers '.

Proactive Nameservers first prepares a backup nameserver and synchronizes the zone information with the main server. The main name server and the backup name server are alive and monitored , and when the main name server fails, delegation of authority to delegate domain management to the backup name server and zone management to the backup server Moved to. It is said that the mechanism is to restore the authority when the main server is restored.

Jeftovic said, 'We wrote in the book that organizations that provide DNS services dislike ' single points of failure ' almost to say that they are sick, but we may be the only one,' he said. It points out the danger of depending on the service.