If there's no such thing as a free lunch, how can there be a free service that handles a network management function as critical as DNS? That's what corporate IT executives are wondering as they consider two vendors touting free DNS services that are supposedly ready for the enterprise.
Both vendors -- OpenDNS and NeuStar -- are offering free recursive DNS service, which is the type of DNS service that lets employees surf the Web by typing domain names into their browsers and translating them into the corresponding IP addresses.
The free services don't include external DNS, which is how a Web site such as Amazon.com publishes the latest information about its DNS and IP address changes to its customers over the Internet.
The question for corporate IT executives is whether the free recursive DNS services are too good to be true.
"There really is no reason why you wouldn't go down this road unless you've already invested heavily in an external DNS infrastructure, which is what all the major e-commerce sites have done," says Robert Whiteley, senior analyst with Forrester Research. "The vast majority of the market is still in need of making sure employees have better access to the Web."
Whiteley says outsourcing DNS is a good idea for many midsize organisations because they typically don't have expertise on staff to manage this critical function.
"DNS is the new black art," Whiteley says. (Though DNS is by no means new, celebrating its 25th birthday in 2008). "DNS is something that not a lot of companies have a good grasp of. There are few people who can manage their DNS environment well, who can scale it, secure it and bring it back online in the case of a disaster."
That's why Whiteley says the free recursive DNS services are a good choice for many companies.
"It's perfectly legit," Whiteley says, adding that DNS is "a blind spot for lots of organisations. Lots of organisations spend countless dollars on forward proxies, Web proxies and URL scrubbers to essentially achieve a similar capability. Now they don't have to be mucking around in DNS so much. Now they can offload recursive DNS so they can concentrate on other evolving threats."
OpenDNS pioneers free DNS
OpenDNS is the pioneer in the area of free DNS services. Launched 18 months ago, it provides what it says is a faster, more reliable alternative to DNS services offered by ISPs. Individuals and companies sign up for the free OpenDNS service, and it handles their DNS queries for them.
It makes money by selling advertising on its re-direction service. When users type a wrong address in their browsers, OpenDNS redirects them to the most likely site. The re-direction page has advertisements. OpenDNS also provides Web content filtering services and operates PhishTank.com, a community site that fights phishing.
Originally focused on consumers, OpenDNS says its customer base has grown to 3 million users, including 10,000 schools and thousands of small to-midsize businesses.
"ISPs are not that good at DNS," says David Ulevitch, president of OpenDNS. "That's why a lot of people are starting to unbundle DNS from their ISP. We can offer more features and more control over their network. DNS is the unsung hero of the Internet. When it goes away, it's a massive disaster. But when it works, nobody thinks about it."
Among its enterprise customers is Jackson Public Schools, the largest school district in Mississippi with 36,000 users. The school district processes as many as 15,000 DNS requests per hour from its students, teachers and administrators.
OpenDNS' service has been "rock solid for us," says Gavin Guynes, director of IT services with Jackson Public Schools, which switched from BellSouth's DNS service to OpenDNS a year ago. "We've seen no drawbacks to date."
Guynes says he likes the extra services offered by OpenDNS, including the re-direction service and Web filtering.
"We're trying to combat spyware, spam and all of that," he says. "People have a tendency to misspell stuff and go to sites they shouldn't. OpenDNS cuts down on a lot of that."
Guynes adds that its performance "has been great...and the reliability has been perfect."
Handbag designer Kathy Van Zeeland switched to OpenDNS last May, after using a free DNS service from its ISP. Kathy Van Zeeland has 65 users in offices in New York City and Long Island.Colby Makowsky, director of IT for Kathy Van Zeeland, says switching to OpenDNS has been "a win/win for our users and our team down here in IT."
Makowsky says he likes the extra features it brings, including blocking of adult websites and help combating phishing attacks.
"I also like being able to see our DNS stats on their Web site," Makowsky says. "DNS is something that's typically just there. Before, we didn't have any insight into it. We couldn't see what was going on. We would just assume it's working, or if it wasn't working we'd be trying to figure out why."
Ulevitch says OpenDNS offers more than recursive DNS services. For example, it will announce this month the ability to block 30 additional categories of websites, such as gambling and social networking.
"What we're really providing to people is control over DNS, which is what every IT administrator needs," Ulevitch says. "We're trying to give people as much information as possible, including stats about their DNS usage, their top 50 domains. We give them the ability to block Facebook or MySpace. And we run the industry-leading antiphishing service."
"OpenDNS is appropriate for any corporate environment," he adds. "Companies have nothing to lose by trying it out."
NeuStar enters fray
The newcomer to the free DNS arena is NeuStar, which launched its DNS Advantage service in December.
NeuStar operates the .biz and .us top-level domains. In 2006, it bought UltraDNS, a service provider that offers managed external DNS services. Now it is offering free recursive DNS services to the 7000 corporations that use its managed external DNS services, as well as to any other company that wants to sign up.
NeuStar says a dozen enterprise customers of its managed external DNS services have signed up for its free DNS Advantage service. One early customer is system integrator InVision Networks.
"We decided to make the switch from using in-house recursive DNS services to using DNS Advantage because we were interested in enhancing the overall reliability and performance of the Internet experience for our end users," Brian Young, president of InVision Networks said in a statement.
NeuStar says it has more DNS servers deployed around the globe than OpenDNS and a more robust DNS infrastructure to support its paid services.
"We have 20 publicly available DNS servers around the world, as well as locations inside the networks run by AOL, Comcast, Yahoo and AT&T," says Ben Petro, senior VP of NeuStar Ultra Services. "Our DNS servers are in Equinix locations, with quad Gig Ethernet capabilities and multiple service providers. We have no single point of failure."
NeuStar is using the same DNS infrastructure for its free recursive DNS service that it uses for managed external DNS services provided to Amazon.com, Forbes.com and others.
"Seventeen of the top 20 e-commerce sites are on our managed service," Petro claims. "They pay thousands of dollars a month for this service."
NeuStar admits that it isn't offering free recursive DNS services as a charity case. The company says the knowledge it will gain about DNS usage trends by offering recursive DNS will help improve the quality of its managed external DNS services, which are highly profitable.
"Let's assume Amazon.com has a failure within their time-to-live window. That's the window of time they set to change their DNS records. There's nothing they can do. They have to wait for the time-to-live window to expire. But if we manage their external DNS service, we can change their time-to-live window wherever we provide recursive DNS services," Petro explains. "The more recursive DNS services we provide, the faster and more reliable our other managed DNS services become... Offering recursive DNS services helps our traffic management and load balancing tools, too."
Petro says its free DNS Advantage service is faster, more reliable and more secure than what ISPs offer. The service includes Web filtering, typo re-direction and protection against distributed denial-of-service attacks.
"It's not a gift," Petro says. "It's something that absolutely enables us to improve our managed services. Our [external DNS] customers will pay more if our services are highly tuneable all the way down to the recursive level."