OpenDNS and Neustar's Real-time Directory aim to speed DNS update times

OpenDNS and Neustar want to eliminate one of DNS's most frustrating problems -- excessive latency in the entire DNS structure. Michael Kassner tells you how it's supposed to work.

Domain Name System (DNS) has been getting a lot of attention lately. Case in point, Google just announced the release of Public DNS, their network of DNS resolving servers that use a concept called prefetching. Google claims that their technology will reduce latency throughout the whole DNS structure.

Some exciting news, well as exciting as DNS gets, was revealed in a press release by Neustar:

“Neustar, Inc. and OpenDNS today (December 10, 2009) announced the implementation of a Neustar-sponsored initiative that will provide near-real time updating of the Domain Name System (DNS) across the Internet, utilizing Neustar databases to form the DNS Real-time Directory. This provides a centralized cloud-based system that allows Neustar customers and participating providers to publish DNS modifications in real time to participating ISPs and recursive service providers, creating a better experience for Internet users around the world.”

Some history

Neustar’s idea has to do with “Time-to-Live” (TTL), an attribute that all DNS records have. TTL is a timer that dictates how long a DNS record is held by DNS resolving name servers. You may ask, why not store it indefinitely?

It’s because of the components of a DNS zone file. Using TTL forces the resolving name server to query an authoritative source for that particular DNS record when the local record expires. That, in a roundabout way, makes sure the local copy is reasonably accurate.

The problem

In a perfect world, it would make sense to have a short TTL. That provides the best chance for having the correct DNS record. Unfortunately, short TTLs would create excessive loading on the authoritative name servers — almost to a point of simulating a DDoS attack.

A typical DNS record TTL is 86,400 seconds. Therein lies the problem that Neustar wants to fix. A resolving name server could be using an inaccurate DNS record for up to 24 hours after the authoritative name server made changes.

I just went through this with a client. The client wanted to use a different public IP address for their e-mail server. I suggested making the change during the weekend to limit the negative effects. I also worked with the ISP to change the TTL to something much less than 24 hours. Despite all the preparation, the propagation was not total until sometime Sunday.

Another example

Another example of when TTL gets in the way happened to the Swedish domain .SE this past October. The Internet Infrastructure Foundation sent out an incorrect DNS zone file to authoritative name servers. The bad DNS record then proceeded to trickle down to all resolving name servers.

The foundation found the mistake within an hour and rectified it. Still, resolving name servers worldwide were returning invalid DNS records for the .SE domain. That was, until the record’s TTL expired or the record was manually flushed from the server.

One possible fix

The solution being offered by Neustar marries their UltraDNS platform with DNS Real-time Directory. In theory, the directory becomes the clearinghouse for all changes made to DNS zone files. When changes are made to a zone file, a message is sent (using UltraDNS) to all participating resolving name servers, telling them to clear the invalid record.

The next time a query is made for the flushed DNS record, the resolving name server must itself send a query to an authoritative name server. An accurate record is returned and forwarded to the computer trying to resolve the domain name. This approach would have eliminated the appearance of .SE Web sites being down due to the Swedish DNS mistake.

OpenDNS buys in

What makes Neustar’s technology immediately effective is OpenDNS’s involvement. OpenDNS adds credence to Neustar and provides a significant user base. David Ulevitch, founder and chief technical officer of OpenDNS, offered the following comment (quoted in Neustar’s press release):

“We were pleased to work with Neustar on this initiative. Collaborating with Neustar means OpenDNS is now not only one of the largest recursive DNS services on the planet, but also the most up-to-date. Neustar provides a world-class authoritative DNS service. OpenDNS provides a world-class recursive DNS service. We look forward to other service providers adopting the DNS Real-time Directory as the standard for real-time updates.”

Final thoughts

OpenDNS is a strong player in the world of DNS, especially when it comes to user security and privacy. This collaboration will make it more so.

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE These guidelines from TechRepublic Premium will help you define the necessary ingredients of a security policy and assist in its proper construction. They’re designed to work hand in hand with the subjective knowledge you have of your company, environment and employees. Using this information, your business can establish new policies or elaborate on those ...

PURPOSE Recruiting an Artificial Intelligence Architect with the right combination of technical expertise and experience will require a comprehensive screening process. This Hiring Kit from TechRepublic Premium provides an adjustable framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY ...

OpenDNS and Neustar’s Real-time Directory aim to speed DNS update times