The DNS Resolver - that Neglected Afterthought that is Critical to Everything in Your Network.pdf

File uploaded by Barry Greene Employee on Aug 2, 2017
Version 1Show Document
  • View in full screen mode

The DNS Resolver is assumed to “just work” … until it does not work. When the DNS resolver fails, the Internet fails.


DNS Resolver architecture (rDNS for short) is this most critical part of their network. Routers, switches, DWDM, circuits, bandwidth, servers, and other parts of the network are all useless unless the rDNS architecture is designed and maintained to meet the customer’s experience expectations. Adding to the afterthought is the security risk associated with the last of a “security resilient” design around rDNS. Operators place expensive firewalls and load balancers in front of their rDNS, not understanding the impact to quality nor the increased risk as the architecture becomes an expensive single point of failure.


The irony is that there are very cost effective and proven approaches to security resilient rDNS architecture that work. This workshop will review a range of DNS Architecture best common practices. It will start with the DNS Resolver architectures, then move to the Authoritative Architecture.


This module will review core principles for DNS Resolver architectures that do not require expensive load balancers, firewalls, and dedicated DNS appliances. The principles are the secrets behind massive DNS resolver deployments at Google, Akamai, Dyn, AT&T, Charter, and many other major DNS operations.