Resilient External DNS Architecture


In the systems and networking environment, the growth and stability of an organization mainly depend on factors such as network infrastructure, system, data security, product scalability, and reliability. Regardless of the size of the business, to effectively manage the increasingly complex environments these factors are important but often ignored leading to compromised infrastructure. While free or open source solutions can provide minimal services to run the business, they can be maintenance exhaustive and lack the robustness to be considered "Enterprise Grade" in today's modern network technology. Therefore, businesses are seeking automated environments and are ready for customized solutions to adapt to the expected level of automated solutions.

Problem Statement : External DNS

Enterprise deploys a multi-tier security solution to mitigate every possible cybersecurity risk for all the public-facing applications hosted in data centres and cloud. To achieve 100% uptime, the enterprise also needs to focus on possible DNS DDoS outages which can lead to a complete outage of the public infrastructure across the globe. Many a times enterprise opt for cloud centric DNS solution provider for the public facing DNS records. Let us look at some of the prominent outages in recent years.

  • Cloud DNS provider said its morning outage affecting numerous websites was due to an IP outage by the internet service provider. - August 2020.
  • A configuration error in the backbone network caused an outage for Internet properties and DNS service providers that lasted 27 minutes. - July 2020.
  • For about 30 minutes, visitors to Cloud DNS provider sites received 502 errors caused by a massive spike in CPU utilization on network. - July 2019.
  • Dotcom-Monitor tracked a Cloud DNS outage today. Dotcom-Monitor clients that utilize DNS provider may have received error messages associated with the DNS outage lasting from 5-7 minutes starting at approximately. - August 2013.
Recommended Approach
Take Control: On-Premise DNS Solution

Considering the current security solutions which are deployed on-premise, TCPWave recommends opting on-premise DNS solution for the complete control of the DNS infrastructure. With the current approach, Enterprises can have complete control of the DNS infrastructure and mitigate the possible risk of DNS outages. By having on-premise DNS, the enterprises have complete control of the zone configurations and service availability.

Key-Security Features

The following figure illustrates the Key Security Features delivered as base solution:

Best of Breed: Hybrid Approach in Future

In the later phase, if the Enterprise opts for cloud-based DNS solutions from cloud DNS solution providers, can fully integrate with cloud providers for centralized on-premise management. TCPWave provides a unique advantage of simplified management of the cloud and on-premise DNS solution. By opting for the best of the breed, customers can keep control of the DNS zones/resource records by placing the DNS on-premise. The cloud DNS provider will continue to function as "secondary authoritative DNS".

TCPWave DNS Features

TCPWave was built with native cloud, automation, and virtual computing in scope. Most competing products have been designed and built before any of these robust technologies were born. Using agile engineering, REST as the core, and Java for the GUI, TCPWave is positioned to quickly adapt to today and tomorrow’s rapidly advancing technology.

The Next Steps
  • Reliable uptime .
  • Integration to automated systems.
  • Ease of migration.
  • Redundancy and or fast recovery times
  • Real-time Endpoint and topology visibility.