[AfrICANN-discuss] Free DNS: Is it worth the cost?

Thu Feb 7 11:22:02 SAST 2008

This story appeared on Network World at
http://www.networkworld.com/news/2008/020508-free-dns.html

Free DNS: Is it worth the cost?
OpenDNS, NeuStar give away services, but buyers worry there's a catch

By Carolyn Duffy Marsan, Network World, 02/05/08

If there's no such thing as a free lunch, how can there be a free
service that handles a network management function as critical as DNS?
That's what corporate IT executives are wondering as they consider two
vendors touting free DNS services that are supposedly ready for the
enterprise.

Both vendors -- OpenDNS and NeuStar -- are offering free recursive DNS
service, which is the type of DNS service that lets employees surf the
Web by typing domain names into their browsers and translating them
into the corresponding IP addresses.

The free services don't include external DNS, which is how a Web site
such as Amazon.com publishes the latest information about its DNS and
IP address changes to its customers over the Internet.

The question for corporate IT executives is whether the free recursive
DNS services are too good to be true.

"There really is no reason why you wouldn't go down this road unless
you've already invested heavily in an external DNS infrastructure,
which is what all the major e-commerce sites have done," says Robert
Whiteley, senior analyst with Forrester Research. "The vast majority
of the market is still in need of making sure employees have better
access to the Web."

Whiteley says outsourcing DNS is a good idea for many midsize
organizations because they typically don't have expertise on staff to
manage this critical function.

"DNS is the new black art," Whiteley says. (Though DNS is by no means
new, celebrating its 25th birthday in 2008). "DNS is something that
not a lot of companies have a good grasp of. There are few people who
can manage their DNS environment well, who can scale it, secure it and
bring it back online in the case of a disaster."

That's why Whiteley says the free recursive DNS services are a good
choice for many companies.

"It's perfectly legit," Whiteley says, adding that DNS is "a blind
spot for lots of organizations. Lots of organizations spend countless
dollars on forward proxies, Web proxies and URL scrubbers to
essentially achieve a similar capability. Now they don't have to be
mucking around in DNS so much. Now they can offload recursive DNS so
they can concentrate on other evolving threats."
OpenDNS pioneers free DNS

OpenDNS is the pioneer in the area of free DNS services.

Launched 18 months ago, OpenDNS provides what it says is a faster,
more reliable alternative to DNS services offered by ISPs. Individuals
and companies sign up for the free OpenDNS service, and it handles
their DNS queries for them.

OpenDNS makes money by selling advertising on its re-direction
service. When users type a wrong address in their browsers, OpenDNS
redirects them to the most likely site. The re-direction page has
advertisements. OpenDNS also provides Web content filtering services
and operates PhishTank.com, a community site that fights phishing.

Originally focused on consumers, OpenDNS says its customer base has
grown to 3 million users, including 10,000 schools and thousands of
small to-midsize businesses.

"ISPs are not that good at DNS," says David Ulevitch, president of
OpenDNS. "That's why a lot of people are starting to unbundle DNS from
their ISP. We can offer more features and more control over their
network. DNS is the unsung hero of the Internet. When it goes away,
it's a massive disaster. But when it works, nobody thinks about it."

OpenDNS counts among its enterprise customers Jackson Public Schools,
the largest school district in Mississippi with 36,000 users. The
school district processes as many as 15,000 DNS requests per hour from
its students, teachers and administrators.

OpenDNS' service has been "rock solid for us," says Gavin Guynes,
director of IT services with Jackson Public Schools, which switched
from BellSouth's DNS service to OpenDNS a year ago. "We've seen no
drawbacks to date."

Guynes says he likes the extra services offered by OpenDNS, including
the re-direction service and Web filtering.

"We're trying to combat spyware, spam and all of that," he says.
"People have a tendency to misspell stuff and go to sites they
shouldn't. OpenDNS cuts down on a lot of that."

Guynes adds that OpenDNS' performance "has been great…and the
reliability has been perfect."

Handbag designer Kathy Van Zeeland switched to OpenDNS last May, after
using a free DNS service from its ISP, Paetec of Rochester, N.Y. Kathy
Van Zeeland has 65 users in offices in New York City and Long Island.

Colby Makowsky, director of IT for Kathy Van Zeeland, says switching
to OpenDNS has been "a win/win for our users and our team down here in
IT."

Makowsky says he likes the extra features he gets with OpenDNS,
including blocking of adult Web sites and help combating phishing
attacks.

"I also like being able to see our DNS stats on their Web site,"
Makowsky says. "DNS is something that's typically just there. Before,
we didn't have any insight into it. We couldn't see what was going on.
We would just assume it's working, or if it wasn't working we'd be
trying to figure out why."

Ulevitch says OpenDNS offers more than recursive DNS services. For
example, OpenDNS will announce this month the ability to block 30
additional categories of Web sites, such as gambling and social
networking.

"What we're really providing to people is control over DNS, which is
what every IT administrator needs," Ulevitch says. "We're trying to
give people as much information as possible, including stats about
their DNS usage, their top 50 domains. We give them the ability to
block Facebook or MySpace. And we run the industry-leading
antiphishing service."

"OpenDNS is appropriate for any corporate environment," he adds.
"Companies have nothing to lose by trying it out."
NeuStar enters fray

The newcomer to the free DNS arena is NeuStar, which launched its DNS
Advantage service in December.

NeuStar operates the .biz and .us top-level domains. In 2006, NeuStar
bought UltraDNS, a service provider that offers managed external DNS
services. Now NeuStar is offering free recursive DNS services to the
7,000 corporations that use its managed external DNS services as well
as any other company that wants to sign up.

NeuStar says a dozen enterprise customers of its managed external DNS
services have signed up for its free DNS Advantage service. One early
customer is InVision Networks, a Burr Ridge, Ill., system integrator.

"We decided to make the switch from using in-house recursive DNS
services to using DNS Advantage because we were interested in
enhancing the overall reliability and performance of the Internet
experience for our end users," Brian Young, president of InVision
Networks said in a statement.

NeuStar says it has more DNS servers deployed around the globe than
OpenDNS and a more robust DNS infrastructure to support its paid
services.

"We have 20 publicly available DNS servers around the world, as well
as locations inside the networks run by AOL, Comcast, Yahoo and AT&T,"
says Ben Petro, senior vice president of NeuStar Ultra Services. "Our
DNS servers are in Equinix locations, with quad Gig Ethernet
capabilities and multiple service providers. We have no single point
of failure."

NeuStar is using the same DNS infrastructure for its free recursive
DNS service that it uses for managed external DNS services provided to
Amazon.com, Forbes.com and others.

 "Seventeen of the top 20 e-commerce sites are on our managed
service," Petro says. "They pay thousands of dollars a month for this
service." (See a list of NueStar Ultra customers here.)

NeuStar admits that it isn't offering free recursive DNS services as a
charity case. The company says the knowledge it will gain about DNS
usage trends by offering recursive DNS will help improve the quality
of its managed external DNS services, which are highly profitable.

"Let's assume Amazon.com has a failure within their time-to-live
window. That's the window of time they set to change their DNS
records. There's nothing they can do. They have to wait for the
time-to-live window to expire. But if we manage their external DNS
service, we can change their time-to-live window wherever we provide
recursive DNS services," Petro explains. "The more recursive DNS
services we provide, the faster and more reliable our other managed
DNS services become…Offering recursive DNS services helps our traffic
management and load balancing tools, too."

Petro says its free DNS Advantage service is faster, more reliable and
more secure than what ISPs offer. The service includes Web filtering,
typo re-direction and protection against distributed denial-of-service
attacks.

"It's not a gift," Petro says. "It's something that absolutely enables
us to improve our managed services. Our [external DNS] customers will
pay more if our services are highly tunable all the way down to the
recursive level."