05.03.2012 By Tom Daly
Recursive DNS, Round Trip Times, Delegations & DNS Performance
Usually on the Dyn blog, you’ll hear us talking about the technology behind our authoritative DNS infrastructure, the benefits of IP anycast routing, the scale of our global infrastructure and more.
Often ignored, but still a major part of the DNS system, is the recursive DNS infrastructure, traditionally deployed by ISPs to serve their customers.
One way to think of the two pieces of the DNS is that the authoritative DNS (ADNS) is the Internet telephone book (a directory of DNS hostnames mapping to IP addresses) and the recursive DNS (RDNS) is like directory assistance, helping you look up an entry in the authoritative DNS.
There are tons of recursive DNS servers all over the world. In fact, on April 1st, 2012, Dyn’s IP anycast network communicated with nearly 3.2MM unique recursive DNS servers around the world. Every ISP in the world runs them for their customers. Enterprises need to run them to support their internal networks and there are third-party DNS options such as Internet Guide running all over the world.
Read More04.16.2012 By Tom Daly
From Swinging A 48 Hour Hammer To A Bad News First Environment
With each phase of growth and especially over the past three years, shifts in Dyn’s tides occurred due to a variety of factors, many times related to the number of people we’ve hired and other times due to the physical geography of our office.
One of the monumental shifts I’ve noticed recently (and likely took too long to reflect upon and realize) is that it has become harder for our teams to relay onward bad news to each other as soon as it is realized. Examples of this kind of bad news: “the schedule is going to slip” or “the scope needs to be reduced” or “we’re not going to win the deal we thought we would”.
When I started at Dyn in 2001, we had just four employees and we all sat at a bunch of desks in one room with all critical business functions occurring within a 100 foot square area. I was helping with customer support and system administration and occasionally dabbling in software development. CEO Jeremy Hitchcock was watching over the finances, writing some code and also keeping an eye on customers. Others were building software and scaling systems.
Read More03.21.2012 By Tom Daly
Hello Warsaw! Poland Joins Dyn’s Anycast Network
It’s an exciting day as we continue our worldwide quest to grow our global footprint of IP Anycast Points of Presence (POPs) around the world with the addition of our newest POP located in the capital city of Warsaw, Poland.
As per our Dyn Status post, this POP was injected into our IP Anycast network between 1800 and 2200 UTC today. As a strategic location, we expect Warsaw to reduce DNS latency in the Eastern Europe region and to enhance the level of redundancy we offer to our customers in that region.
Our Warsaw POP has been collocated with the PLIX DC, a carrier-neutral data center located in the downtown of Warsaw. PLIX DC is also home to the Polish Internet Exchange (PLIX), currently Poland’s largest Internet exchange, handling over 200Gb/sec of traffic on a daily basis.
Per usual, we’ve connected the POP to our typical IP transit carriers including NTT America, Tata Communications, Level(3) Communications and Cogent Communications.
Our data center operations team has been working hard to prepare equipment, get it shipped to the site and work with the PLIX DC team to get everything racked, stacked, connected and running. It’s a major accomplishment and we’re excited to see the results of their work turned up today. It’s pretty exciting to see a site go from blue (planned) to orange (active) on our Dyn Anycast Network Map!
What’s next?
With all of the excitement in bringing Warsaw online, we’d be remiss if we didn’t mention all of the other work we’ve been doing to enhance our infrastructure:
- We moved our Tokyo POP to a new data center, Equinix TY2, back in December.
- We moved our Singapore POP to a new data center, Equinix SG1, back in December.
- We’ve started an overhaul of our London POP to refresh and upgrade all of the systems currently serving Western Europe. A refresh and upgrade to our Chicago, IL, POP is also imminent.
- We’re actively pursing the identification, negotiation and turn up of two new POPs: Brazil and India.
Read More
03.13.2012 By Tom Daly
On The Journey For The Perfect Network Health Dashboard
This post was co-authored by Alex Sergeyev from Dyn Labs.
At Dyn, we obsess about network performance and the proof is in the tools we have built over the years to constantly monitor how our network is running. With a globally deployed Anycast DNS network, constant internal and external monitoring of our performance is critical. This constant surveillance of our network ensures that we keep providing top-notch services. One of the biggest challenges is being at the mercy of third party providers and their monitoring platforms when monitoring our Anycast network.
After all, we cannot monitor ourselves and be fully objective with the data.
One of the issues with using external monitoring providers has always been the ability to pull data from the monitoring provider within an acceptable interval. We really want to be seeing data within a few seconds of a test run completing so that we can correct any issue just as soon as it happens. For a long time, we’ve been working with monitoring providers that can get us our data in five or ten minutes at minimum and on a dashboard they render – hardly usable for our operations.
As we’ve mentioned before, one of our favorite monitoring providers is Catchpoint and thanks to their Data Push API, we’re able to receive a constant stream of feedback from their 50 global monitoring nodes in real time. Every five minutes, a Catchpoint node performs a series of tests against our DNS servers and instantaneously relays that information to the central Catchpoint collector, but also ships a copy of the results to a webserver on our network so we can begin reviewing those results immediately.
Enter the challenging part: how do we build a dashboard with ACTIONABLE data with 50 data sources and 4 targets (over 200 data points) over an hour’s time? Enter Alex Sergeyev from our Dyn Labs team, some ZeroMQ love and work with Websockets and D3.js. Alex built us a very slick visualization application that allows us to really see what’s happening in real time.
Read More03.06.2012 By Tom Daly
The Impact Of DNS Round Trips On Website Performance
My latest performance annoyance with DNS is the proliferation of long CNAME chains employed by various service providers around the Internet to topologically geolocate end-users and end-user networks. The concern is that many people don’t understand or appreciate the number of DNS queries that need to be performed due to these long CNAME chains, in many cases each with their own authoritative DNS infrastructures, of which many are not global anycast offerings like DynECT Managed DNS.
We’ve come across many sites where the main zone itself (say “example.com”) is using a robust anycast DNS network, only to CNAME critical web assets (such as www.example.com) off to less robust Unicast networks simply for enhanced performance through the use of Global Server Load Balancing (GSLB).
With the uptake of modular websites having an increasing dependence upon multiple DNS lookups to include and render external content, such as CDN for CSS and Javascript, social network integrations, and commenting systems, end to end DNS performance is becoming an increasingly critical element of page load times.
To back up this claim, we decided to study three popular banking websites, each known to use CNAME chains for the purpose of geolocation. For the sake of comparison, we setup a corresponding DNS hostname which mimicked the exaction geographic behavior of the original website FQDN and ran end to end page load measurements of the six FQDNs. Performance test data was taken from a variety of US locations using Catchpoint Systems monitoring.
Read More01.18.2012 By Tom Daly
Protesting SOPA and PIPA With Web Blackouts
Since our last post on the topic of SOPA back in December, there has been a few significant events that have caused our concerns regarding SOPA to move over to PIPA.
First, House Judiciary Committee Chairman Lamar Smith announced that he plans to make a manager’s amendment to SOPA to remove the DNS blocking provisions from the bill. It seems as though Congress has recognized the importance of the way the DNS is constructed and how the former provisions would have caused a fracturing of the DNS and put up false barriers to the ongoing deployment and support of DNSSEC.
As we blogged in December, the technical means for implementing SOPA now lie with the domain registrar and the authoritative DNS provider – the same way that Internet abuse handling techniques have handled these issues for years.
Second, Dyn has begun to monitor a piece of legislation known as the Protect IP Act (PIPA) that was introduced to the Senate by Senator Patrick Leahy. The Senate Judiciary Committee has passed the bill, but it has been placed on hold by Senator Ron Wyden. This bill also has provisions for DNS based redirection and blocking of sites, which we continue to believe that in implementation will result in a degradation of DNS services offered across the Internet.
Third, today marks a day of active web protest against SOPA and PIPA, indicating that an implementation of SOPA or PIPA would effectively subject the Internet to U.S. national censorship; a concept which becomes a technical feasibility under the implementation of SOPA or PIPA. Sites including Wikipedia and Google are participating in the protest by blocking out portions of their web sites from access today.
Frankly, these protests prove a point on what the result of such legislation could levy against Internet operations as a whole. You can learn more about this web protest here. If you look at the upper left of Dyn’s website, you can see an update of our logo to voice our opposition.
At Dyn, we continue to strongly oppose any legislation that puts the stability and availability of the global DNS system as risk. We believe that there are existing processes at the domain name registrar and authoritative DNS levels to deal with the issues raised by SOPA and PIPA and that DNS-level blocking or redirection would effectively break the DNS.
Read More01.11.2012 By Tom Daly
Anycast Vs. Unicast: The Skinny on Nameserver Routing
You’re the guy/gal charged with making sure your business’ web site and ecommerce storefront are running nice and fast, so you run a quick waterfall chart on your site and learn that DNS is limiting your site’s performance. You jump on the Internet, do some Google searches and learn about this thing called Anycast DNS.
You then follow some more links and learn about another thing called Unicast DNS. You read people talking about having both and others talking about having one or the other. You can’t really decipher between the two because there’s hardly any accessible documentation about it. I’m going to break this mystery down for you in this post, kicking it off with a simple guidance statement:
It’s all about the routing, redundancy and geography.
Read More01.04.2012 By Tom Daly
Introducing Labs: Let’s Go Do Some Science!
DNS, Email, Labs – you’ve seen the references, you’ve read about them and you know what those first two pieces of our business are, but you might not know too much about Labs.
Labs is our technology playground: our virtual sandbox of projects, our Skunkworks. It’s the place where we do things to help make the Internet a better place for everyone. And up until now, it’s been one of the more “virtual” departments of Dyn, but that all changes today with a new addition and a familiar face that will help us form and re-ignite the Labs department.
Read More12.12.2011 By Tom Daly
SOPA: Why Do We Have To Break The DNS?
Last month, we posted our position piece on the Stop Online Piracy Act, also known as SOPA or the E-Parasite Act. In this post, I’m going to examine the technical details of the act and how it relates to the operation of the global Domain Name System (DNS).
SOPA proposes the idea of using DNS-based filtering by Internet Service Providers (ISPs) as a means to remove U.S. support of a foreign infringing website.
While the bill doesn’t specifically define how the ISP should technically go about this, it does seem to indicate that an ISP should capture, redirect and modify DNS query / response pairs to ensure that a downstream user does not access the site. There’s a number of ways to “remove support” from a foreign infringing website at the DNS level, so we’ll take a look at the techniques that could be used at all the layers of the DNS and why some are more destructive than others.
Read More12.06.2011 By Tom Daly
Worldwide DNS Infrastructure Upgrades Continue: Australia, Hong Kong, Dallas
Back in January, Dyn’s Operations Team was given a monumental task: perform a series of infrastructure upgrades to Dyn’s global anycast DNS network without causing any downtime or degradation of service for our customers. This meant upgrades to each of our 17 anycast data centers – new routers, switches, servers and supporting gear.
I’ve already blogged about our significant upgrades to our US infrastructure, so now it’s time to talk about our efforts overseas.
Read More