The DNS of Things

Peter Silva

Sr. Technical Marketing Manager

@psilvas

The DNS of Things

Q. WHERE IS

WWW.F5.COM?

A. 2001:19b8:10

1:2::f5f5:1d

© F5 Networks, Inc 2Confidential© F5 Networks, Inc 2

Mobility

SDDC/Cloud

Advanced threats

Internet ofThings

“Software defined”everything

HTTP is the new TCP

© F5 Networks, Inc 3

Internet Foundation? DNS

DNS DEMANDS

WHEN DNS BREAKS EVERYTHING BREAKS

DOMAIN NAME SYSTEM (DNS)

Translates a domain name…http://www.google.com

into an IP address:74.125.227.64 (IPv4)

http://www.f5.com =2001:19b8:101:2::f5f5:1d(IPv6)

More People

Mobile devices/apps

Complex sites

Increased latency

Cloud implementation

s

IPv6 added with IPv4

DDoS attacks

http://www.google.com

http://www.mxtoolbox.com/SuperTool.aspx?action=a:google.com

http://www.f5.com/

2001:19b8:101:2::f5f5:1d


Everything: DNS

• Internet of Things needs scalable DNS

services*

• Combination = 5 to 10 times Internet

revolution**

• 10bil devices in 2014 = 77bil mobile apps**

• 35% Y/Y DNS query increase***

• Ensure really fast connections and responses*

DNS

Look Ups

https://devcentral.f5.com/articles/the-internet-of-things-and-dns#.Us9hUJCA1eh


Demand: DNS

AVERAGE DAILY LOAD FOR DNS (.COM/.NET TLDS) QUERIES IN BILLIONS

DNSSEC DEPLOYMENT EXPANDING

TYPICAL FOR A SINGLE WEB PAGE TO CONSUME 100+ DNS QUERIES FROM ACTIVE CONTENT, ADVERTISING, AND ANALYTICS

SECOND MOST ATTACKED PROTOCOL

GLOBAL MOBILE DATA (4G/LTE) IS DRIVING THE NEED FOR FAST, AVAILABLE DNS

DISTRIBUTED, AVAILABLE, HIGH-PERFORMANCE GSLB FOR MULTIPLE DATA CENTERS

18X Growth 2011-20164G LTE

2.4GB/mo

Non-4G LTE

86MB/mo

Reflection/amplification DDoS

Cache poisoning attacks

Drive for DNSSEC adoption

Total service availability

Geographically dispersed DCs

DNS capacity close to subscribers

82

‘13‘12‘11‘10‘098

2

77

43 5

0 57


Growth of Nouns

2013:80

2014:100

2020:250

152

Million

Cars


Growth of Sensors


The Earth’s Connected Devices


Critical: DNS

76% are willing to wait

10 seconds or less for a single web page to load on Mobile phone before leaving.

Every 100ms delay Costs Amazon

1% in sales.

2013

2009DNS has grownover 91%in the last 5 years.

2013

2009 157%

As of December 2013, there were over 184 million active websites,

a growth of 157% over the last 5 years.


DNS Deployments

• Performance = Add DNS boxes

• Weak DoS/DDoS Protection

• Firewall is THE bottleneck

• Massive performance over 10M RPS!

• Best DoS/DDoS protection

• Lower CapEx and OpEx

CONVENTIONAL DNS THINKING

DNS DELIVERY REIMAGINED

InternetExternal Firewall

DNS Load Balancing

Array of DNS Servers

Internal Firewall

Hidden Master DNS

Authoritative DNSCaching Resolver

Transparent Caching

DNS Firewall

DNS DDoS Protection

Protocol Validation

High Performance DNSSECDNSSEC Validation

Intelligent GSLB

DMZ Datacenter

PARADIGM SHIFT

InternetMaster DNS Infrastructure

BIG-IP


AnswerDNS

Query

AnswerDNS

Query

AnswerDNS

Query

AnswerDNS

Query

AnswerDNS

Query

Efficient DNS

• Delivers High-speed response & DDoS protection with in-memory DNS.

• Authoritative DNS served out of RAM.

• Configuration size for tens of millions of records.

• Scale and consolidate DNS servers.

Clients

Internet

DNS in DMZ

DNS Server

OSAdminAuthRoles

NICDynamic

DNSDHCP

ManageDNS

Records


Optimized DNS

Easy integration into existing

DNS infrastructure for high

availability and security

Support over 10 million DNS

responses per second (RPS)

Manageable and predictable

data center utilization


The DNS Value

SCALABLE UP TO 20X

0

3

6

Low Query Query Growth Query Spike Query Decline

MaxDNS

DENIAL OF SERVICE MITIGATION

SUPPORT CLIENT REQUESTS AND CONSOLIDATE IT

IPv6 to IPv4

ROUTE BASED ON GEOLOCATION

COMPLETE DNS CONTROL

Access Denied:

SECURE DNS QUERY RESPONSES

http://f5.com


Market Pulse Research: Managing DNS CapacityKey Findings

• Respondents most frequently cite improved application availability and application performance

(speed) as highly important benefits of DNS.

• A majority (63%) report that their organizations’ DNS volume has increased over the past year. • Contributing factors: rollout of new services, applications. Cloud migration and traffic spikes.

• Most often, organizations manage DNS capacity by adding more servers (53%) and/or adding

more bandwidth (36%). Average of 24 DNS servers in use.

• With regard to current DNS implementations, outages are the top concern (70% highly

concerned). • Most concerning consequences: loss of productivity and a poor customer experience.

• Nearly one-third of respondents (29%) report their organizations have experienced DNS outages

in the past 12 months. Culprit? One-quarter of these (25%) report a traffic surge.

• Among those who indicate their organizations are planning to expand DNS services to the cloud,

increasing capacity is the most common driver. On-premise DNS primary case over the next year. Use of

public cloud DNS slight increase in next 12 months.


The Five Takeaways

Scalability: In times of high traffic, enterprises’ DNS servers must be able to handle shifting volumes of traffic.

Security: Denial-of-service attacks frequently target IP addresses that cause DNS server outages.

Intelligence: To be protective, IT must be proactive. That means being able to pinpoint application or service delivery

accuracy, based on location of users, with geolocation services.

Manageability: Enterprises need visibility into DNS services across cloud and on-premises networks, in order to ensure

uptime and performance. IT also needs to be able to identify unusual activity that may indicate probing for vulnerabilities.

Reliability: With more customers accessing corporate web sites, DNS server performance has the potential to impact user

experience and employee productivity. Given these trends, DNS servers must be extremely reliable.


Story Arch

deviantart.net


admissions.tufts.edu

https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&docid=hswyj5KWmi69-M&tbnid=t0w6Ws_r-VC6rM:&ved=0CAQQjB0&url=http://admissions.tufts.edu/blogs/jumbo-talk/post/disney-movies-in-5-easy-steps/&ei=_5VhUs6mF6ePigK3y4CoBA&bvm=bv.54934254,d.cGE&psig=AFQjCNH4xyZUjMwvPwcvOVab-w-wDc-8BA&ust=1382213391175745


DNS Story Arc

Introduction

Complication

Denouement

Climax

Body

Market Conditions

DNS Traffic

Add Infrastructure

ADC

Peace of Mind


Intelligent & Secure DNS that Scales

• Scale and manage DNS and apps globally

• Improve application performance and availability

• Robust, Flexible and Secure DNS Infrastructure

• Mitigate DNS DDoS Attacks

• Support hybrid IP Environments

• Complete DNS Security


LOWERS

Stress of DNS Outages.

REDUCES

Data center costs.

DIRECTS

Customers to the best data

center or cloud.

PROTECTS

Web Properties and

Brand Reputation.

IMPROVES

Web application

performance.

Intelligent DNS Scale


The F5 DNS Reference

Architecture

f5.com/solutions

@f5networks

Explore

f5.com/architectures

The DNS of Things

Technology

Transcript of The DNS of Things