Why Premium DNS is No Longer Optional

Updated on October 26, 2017

You’ve probably heard the term “premium DNS” thrown around before and maybe you didn’t give it a second thought. Most people know that using a premium DNS provider can help them but don’t take the initiative to implement it, or perhaps don’t know how.

On October 21, 2016, the largest DDoS attack in history occurred, bringing down large companies such as PayPal, Spotify, Twitter, Reddit, and eBay. Some are even calling it the DNS Doomsday of the internet. Today we want to dive into how a premium DNS provider can help you in situations like these, if setup correctly, and prevent your WordPress site from going down.

What is DNS?

DNS (Domain Name System) is the backbone of the internet. You can think of it like a phone book for the world wide web. Every website and domain you visit are all mapped to an IP address.

When you type Google.com into your address bar, a DNS query is performed by your ISP to request the nameservers associated with the domain. The mapping to the IP address is then done behind the scenes by the server which allows you to then use the domain name to access it. Without DNS you would have to type something like 216.58.217.206 to get to Google. Wouldn’t that be fun!

how dns works

How DNS works

When you register your domain, the domain registrar will typically provide free DNS services. For example, NameCheap, GoDaddy, Google Domains, etc. all provide you with the ability to setup your nameservers and route your domain to the IP address of your web host. Google Domains is probably the best free DNS service offered from a domain registar as it has a very large infrastructure to piggy back off of. A couple other popular free DNS providers include Cloudflare and Hurricane Electric Internet Services. Check out this list of 10 free DNS providers for other alternatives.

However, if you are serious about your business and website we highly recommend going with a premium DNS provider, which we will go into more detail below.

The DNS Attack That Affected The Entire Internet

On October 21st, 2016, the worst possible thing happened for a lot of companies. A large distributed denial of service (DDoS) attack broke out against a popular premium DNS provider, Dyn, and managed to start taking services and sites offline.

Basically what happened is that they managed to take down Dyn’s nameservers, and as we explained above, without those the DNS lookups begin to fail. Dyn started reporting on this on their official status page and managed to provide consistent updates throughout the entire attack which lasted for approximately 11 hours.

dyn dns ddos attack status

Dyn DNS DDoS attack status

Below is an example of what one of Dynatrace’s SaaS customers was seeing on Friday the 21st from their DNS monitoring application. The attack was focused on the East Coast but it rippled throughout the entire United States and Europe.

ddos attack map

DDoS attack map

Companies affected included big names such as Twitter, Amazon, Github, Shopify, Weather.com, Basecamp, Freshbooks, SoundCloud, Spotify, Netflix, Reddit, Disqus, PayPal, and hundreds of others. We even noticed it here at Kinsta as Intercom, our ticket and chat support system, was also affected. The attack has now been attributed to the Mirai Botnet, which is a network of devices infected with self-propagating malware which used masked TCP and UDP traffic over port 53.

Because of what happened companies need to rethink their DNS strategy. Setting up a secondary DNS provider as a failover can help provide redundancy when issues like the above happen. And if anything, we at least recommend using a premium DNS provider, as opposed to a free one as they are more equipped to handle these issues. While attacks of this massive scale are rare, DDoS attacks in genera,l are not. In fact, according to data provided from easyDNS, DDoS attacks over time are getting much worse.

ddos over time

DDoS attacks over time

Even as of writing this article on October 31st, 123 Reg, a large domain registrar, was battling a DDoS attack against their DNS. You can expect in the years to come this will only increase.

Premium DNS Provider Benefits

There are a lot of good free DNS providers out there, but premium DNS providers offer a lot of advantages to ensure your website stays online; such as security, DNS failover, and better performance.

1. Security – Better Equipped for Large Scale Attacks

Large premium DNS providers are typically better equipped for protecting you from large-scale DDoS attacks such as the one on Friday the 21st. Dyn is a very reputable company and even though there was downtime, they did their best to keep customers informed and worked around the clock to get everything back up. It is important to remember that the attack was the largest ever recorded at 600 Gb/Sec. If that same attack had occurred against a free or smaller DNS provider, you can safely assume the results would have been even more catastrophic for its customers.

Scott, EVP at Dyn issued an official statement on October 26th:

This attack has opened up an important conversation about internet security and volatility. Not only has it highlighted vulnerabilities in the security of “Internet of Things” (IOT) devices that need to be addressed, but it has also sparked further dialogue in the internet infrastructure community about the future of the internet. As we have in the past, we look forward to contributing to that dialogue.

2. Failover DNS Strategy

Companies now need to re-think their DNS strategy and have a failover in place. Brian Armstrong, co-founder at Canopy, wrote a great article back in 2014 titled “You’re probably doing DNS wrong, like we were.” This was after a DDoS attack had taken down their DNS provider, DNSimple. He touches on the issue of TTLs and that companies should make them longer. TTL means time to live, or rather how long it will stay alive in cache before it is cleared. For example, if you had a TTL of a week, and your DNS provider went down for a day it is more likely that users wouldn’t be affected because your ISP has the DNS cached.

However, there is also a flipside to using high TTLs. On Friday the 21st, if you went to add a 2nd DNS provider, it wouldn’t have mattered much because the TTL was set to expire in days or weeks not minutes. This can be resolved by simply setting up multiple DNS providers ahead of time in preparation. So yes, high TTLs can be good, but they should be used in combination with a multiple DNS provider failover strategy. Check out this more in-depth article about DNS TTL settings.

The community must work together to come up with commercial or open source solutions to make DNS configurations compatible between vendors (this is for complex DNS setups like failover, geo load balancing, etc.). This is a no longer a nice-to-have, but a must-have. – Catchpoint

There are a lot of premium DNS providers that have tutorials on how to setup secondary DNS as a failover. The recommended configuration is to setup redundant nameservers with multiple DNS providers.

It is also important to note that depending on how you setup your secondary DNS it might hurt or help your DNS performance. DNS Made Easy has a great webinar explaining this a little more in-depth.

3. Performance

Another advantage of premium DNS is speed! Typically the free DNS provided by domain registrars like GoDaddy and Namecheap is very slow. Google domains is probably one exception to this rule simply because they have such a large infrastructure. DNS providers typically work just like a CDN, they have multiple POPs around the globe. Large DNS providers out there like Amazon, Cloudflare, Dyn, and DNS Made Easy all have massive infrastructure’s specifically designed for DNS with low-latency environments.

We ran a couple tests with the SolveDNS speed test tool. Here is an example of a domain using NameCheap’s free DNS and the response times.

Free NameCheap DNS

free dns speed

Free DNS speed test

And below is an example using Amazon Route 53’s premium DNS. As you can see in general, DNS lookup times are much faster with Amazon. You can run your own tests against providers, but it is simply important to remember that just like with web hosts, there are faster ones and slower ones. Typically premium DNS providers will have better speeds. Cloudflare is a free one that also has great performance, however they are tricky when you get into running multiple DNS providers.

Amazon Route 53 DNS

amazon premium dns speed

Amazon premium DNS speed test

How to Setup Premium DNS With Kinsta

We believe premium DNS is important and that is why we partnered up with Amazon Route 53, a global Anycast network. They offer DNS failover as well as latency and geolocation routing to help ensure your website is always online and stable. The routing is especially important as it makes sure that your DNS is routed to the nearest location with lowest latency. Amazon Route 53 premium DNS is included for free for all Kinsta customers. To set it up on your WordPress site just follow the steps below.

Step 1

In your My Kinsta dashboard click into “Kinsta DNS.”

Kinsta Amazon Route 53 DNS

Kinsta Amazon Route 53 DNS

Step 2

Click on “Add Domain” at the top right.

Add a domain to DNS

Add a domain to DNS

Step 3

You can then add your DNS records by clicking on “Add Record” at the top right. Your A record needs to point to your Kinsta IP address. Records supported:

  • A
  • CNAME
  • MX
  • SPF
  • TXT
  • SRV
Premium DNS records

Premium DNS records

Step 4

You will then need to add Amazon’s nameservers with your domain registrar or 3rd party DNS provider. You can access these by clicking into Nameservers on the DNS records page.

Premium DNS nameservers

Premium DNS nameservers

And that’s it! Your DNS is now served via Amazon Route 53.

Summary

Just like Catchpoint and the EVP at Dyn both mentioned above, the recent incident has companies rethinking their DNS strategies and web security in general. Some companies lost millions of dollars from the downtime that happened on Friday the 21st. Using a premium DNS provider and also implementing a DNS failover strategy with a secondary provider is more important than ever. It is just a matter of time until the next DDoS attack hits and you should be prepared.

Have any of your own thoughts on using premium DNS providers? If so, let us know below in the comments.

This article was written by Brian Jackson

Brian focuses on our inbound marketing efforts; everything from developing new online growth strategies, content creation, technical SEO, and outreach within the WordPress community. He has a huge passion for WordPress, has been using it for 8+ years, and even develops a couple premium plugins. Brian enjoys blogging, movies, bike rides, and flipping websites.

Hand-picked related articles

  1. Gravatar for this comment's author
    Amos Struck StockPhotoSecrets November 1, 2016 at 7:34 am

    Great article as always. Now I would love to see how to do this setup with your DNS plus DNSMadeEasy.

    1. Gravatar for this comment's author
      Brian Jackson November 1, 2016 at 8:30 am

      Oh hey Amos! So a multiple DNS strategy isn’t yet available with our Kinsta’s premium DNS, however, because of the recent incident we are looking at ways to improve this. Most people would assume to set this up that you could just add additional nameservers from a 2nd provider and your good to go. But it is more complicated than that. It actually requires being able to edit the nameservers with both providers. Stay tuned for updates from us on this feature.

      1. Gravatar for this comment's author
        Amos Struck StockPhotoSecrets November 1, 2016 at 1:27 pm

        Thanks Brian and Hi! Can you elaborate how to set this up with a second provider and the correct TTL times to prevent a issue?

        1. Gravatar for this comment's author
          Brian Jackson November 1, 2016 at 10:01 pm

          Hey Amos, they have some documentation here: http://www.dnsmadeeasy.com/services/secondarydns/ Their support team is also great, I have dealt with them before. Setting up secondary DNS is a little more involved than some think. For TTLs, there is no right or wrong but generally I would set them a little higher, like 3-5 days once everything is setup correctly.

  2. Gravatar for this comment's author
    iKnowTech November 2, 2016 at 8:19 am

    For a small site, it actually seems like premium DNS would actually be more of a risk for possible DNS related downtime, if you ask me. If entire infrastructures for a Premium DNS provider can be taken down by DDoS attacks, simply by using a Premium DNS service you put yourself at greater risk of being exposed to such an attack. Seems like the risk of DDoS attack on the actual DNS servers provided by a respected reseller hosting plan or similar would be much smaller targets and probably typically fly below the radar of these large attacks.

    1. Gravatar for this comment's author
      Brian Jackson November 2, 2016 at 9:35 am

      Definitely a good point :) But then you have to way the pros and cons reliability, performance, etc… of that reseller’s DNS services. A failover strategy with 2 separate premium DNS providers is really the safest and most beneficial route.

  3. Gravatar for this comment's author
    Alessandro Dragonetti November 2, 2016 at 8:20 am

    Hi Brian,

    do you believe that CloudFlare is another good option for Premium DNS?

    1. Gravatar for this comment's author
      Brian Jackson November 2, 2016 at 9:46 am

      Cloudflare definitely has a large infrastructure and has proven to know what they are doing it when it comes to DDoS attacks on a massive scale. Their network is also very fast! I know it is possible to use their DNS without full proxy. But it can get tricky though when it comes to setting up failover strategy with them as I am not sure if they give you the ability to edit nameservers. If you are simply looking for reliable DNS, then they definitely are a good choice.

  4. Gravatar for this comment's author
    Lewis Seals December 28, 2016 at 7:52 pm

    There has been much discussion but no concrete site evidence for Name Cheap Premium DNS servers. I had a subscription to their service and when optimizing my site saw a lot of latency in the dns time. Highest time for dns was around 256 ms from a Seattle based server.

    To give further evidence latency dns test for their own domain were roughly half of what I was getting meaning if I got 256 ms the were getting around 128 which is slow considering they are reported to have around 72 ms. This suggests that they throttling their dns service for end users.

    I asked if they could optimize the setting of the server but was told that I was in the normal range, which begs the question what is “premium” about this service? I changed to Cloudflare free dns servers and was amazed at the speed increase. For example, the Seattle based server is only 6 ms.

    While it was only $4.00 there is probably little to no benefit in the premium service as compared with their regular name service. While on the other hand Cloudflare which seems a little gimmicky to me for some reason has some very fast dns times. In order to get the dns only you need to pause the website for that feature. While I do not particularly want to go through them for DNS it is a very fast service for free.

    To conclude if anyone is searching the internets for “Namecheap Premium DNS” or does “Namecheap Premium DNS Work” or even “IS Namecheap Premium DNS Worth It.” Please no that is not and you would get better performance and reliability with “FREE” Cloudflare dns service.

    Also they will blame you not matter what evidence you show and not give your money back!

    This is a public service announcement. God bless you!

    1. Gravatar for this comment's author
      Brian Jackson December 29, 2016 at 9:08 am

      Hey Lewis, I have personally tested NameCheap premium DNS and saw almost the same performance results as their free DNS. Amazon Route 53, Cloudflare, DNS Made Easy, all have significantly faster DNS lookup times.

  5. Gravatar for this comment's author
    Chris Anspach April 21, 2017 at 2:47 pm

    is masking available with this feature?

  6. Gravatar for this comment's author
    Chris Anspach April 21, 2017 at 2:49 pm

    I’m a newbie, I got everything working, but it still says zrealty.kinsta.com instead of zrealty.co. godaddy won’t allow masking with external name servers. Any solutions?

    1. Gravatar for this comment's author
      Brian Jackson April 21, 2017 at 3:03 pm

      Hey Chris, you need to update your URLs under the settings in your WordPress site. See here: https://kinsta.com/knowledgebase/fresh-install/ And we are always available via chat 24×7 from the MyKinsta dashboard if you need help. Thanks!

Leave a Reply to iKnowTech Cancel reply

Use WordPress?

Join 20,000+ others who get our FREE weekly newsletter with WordPress tips on how to drive more traffic and revenue to your business!

You have Successfully Subscribed!

Send this to a friend