three puzzle pieces interlocked with letters D N S photo

The thought of relinquishing control is a daunting task for anybody. And if you’re like any of the 100 IT decision-makers recently interviewed by Forrester, the perception of outsourcing your DNS – responsible for availability and performance of your website – is understandably met with some consternation and second-guessing. 

But what really happens when companies make the switch and opt for cloud-based managed DNS? To answer that question, we’re beginning a three-day blog series to clarify the misconceptions centered on cloud-based managed DNS services. And for good measure, we’ll also tackle the issue of cost.

So, in no particular order, let’s tackle one of the biggest myths associated with moving to a cloud-based, managed DNS service: Loss of DNS Control

For clients who use Neustar as their external cloud-based managed DNS service provider, the loss of DNS control is only an illusion. In fact, the majority of external managed DNS providers offer multiple options for companies to manage their DNS zones and records. For example, external DNS providers offer a web user interface as the first option for companies to manage their DNS. For the majority of clients, a web interface is sufficient for managing their DNS. 

Another option external DNS providers offer is an Application Programming Interface (API).  The API allows companies to create their own front-end applications to update records and zones on the external DNS provider’s network. For smaller companies who do not make frequent DNS changes, an API may not be frequently utilized.  However, for larger organizations, the API is a lifeline that allows them to make many of changes in a short amount of time without having to manually update thousands of DNS records in a web user interface. APIs are also a useful tool for pulling detailed reporting information about DNS usage, which can be customized and detailed by zone.

Most external DNS providers also offer the ability to their existing (internal) DNS infrastructure to interact with the external DNS providers network. The first option is traditionally called a Primary / Secondary DNS configuration.  This allows the customer to remain in full control of their DNS via their existing systems.  Any updates made to the internal DNS systems will be sent to the 3rd party DNS infrastructure via zone transfer.  In this particular setup, both the existing internal DNS infrastructure and the external DNS provider’s infrastructure are being used at the same time. 

The alternative setup is very similar to the Primary / Secondary setup, except the customer’s DNS servers are NOT used publically to answer queries.  Instead, the customer’s DNS servers are merely there for control purposes while the external DNS provider’s network are answering the queries. This is traditionally called the “Hidden Master” setup.  The Hidden Master setup is the best of both worlds.  Clients get to retain local DNS control while they get the benefit of an external DNS provider’s network. 

Migration Concerns

We placed migration of DNS from the customer’s internal servers to an external DNS service provider in the “loss of DNS Control” panel, although it could have fit into other categories. But here’s why migration shouldn’t be a concern: 

If a client is comfortable with doing the DNS migrations themselves, they need to make sure the external DNS provider offers the option through their DNS management portals or other tools that allow clients to move their DNS over.  This will usually be in the form of zone transfers and/or BIND file imports. 

Alternatively, some clients don’t have staffing, expertise or the time to handle the DNS migrations themselves. In those cases, the customer may be concerned about support availability and fast vendor response times to ensure a smooth and timely migration. If that happens, the client may want to inquire if the external DNS vendor has a professional services team available to handle the migration.

Professional services give the client a single point of contact for the duration of the migration.  The single point of contact will act as the project manager and coordinate the work that needs to be done with the appropriate people. Having a single point of contact is usually helpful in avoiding the runaround that could ensue if too many people are involved, and also affords the opportunity for a relationship to build between the client and managed DNS service provider.

For example, Neustar’s Security Professional Services team has years of experience in consulting and deploying solutions for internal and external DNS solutions, among other services. The Neustar Professional Services team typically schedules a kick off meeting, establishes timelines and milestones for migration and provides constant updates to clients on the progress of the migration.  Once the migration has been completed, the Professional Services team will review the configuration with the customer and ensure all questions have been answered before closing the engagement.