CloudHarmony | Blog: August 2012

Introduction

This blog post is the culmination of year's effort researching and developing methods for analyzing and comparing managed DNS services. During this time, we provided access to our analysis and solicited feedback from any DNS provider that would listen. We would like to thank our contacts with UltraDNS, Cotendo, Amazon Web Services and NetDNA for the feedback they provided. As always, it is our intent to provide objective, fair and actionable analysis. We have not been paid by anyone to conduct this testing or write this post. If you have feedback, we'd like to hear it.

This blog post is also intended as an introduction to a new monthly report entitled State of the Cloud - DNS available for purchase on our website. The full version of the August 2012 edition of this report is available for free in html format or pdf format (10MB). Future editions of this report will include both free and premium editions where the free version will include everything but some of the more advanced content such as marketshare analysis. This blog post provides an introduction to and summary of the August 2012 edition of this report.

View Full Report - August 2012

What is DNS?

Domain Name System or DNS for short, is the part of the Internet that lets users access websites (and other Internet services) using easy to remember words and phrases called hostnames like amazon.com or google.com. Without DNS, users would be required to use cryptic numeric-based identifiers called IP addresses (e.g. 72.21.194.1). When a user types a hostname into their browser address bar, one of the first steps undergone is to translate the hostname to an IP address. This translation process involves querying a DNS server that has been assigned responsibility for that hostname. These are called authoritative DNS servers. If the authoritative DNS server is not accessible, the browser will be unable to resolve the IP address and display the website.

DNS server software is freely available and is not overly complex to setup or run. The core functionality of a DNS server is simple… the translation of hostnames to IP addresses. It requires only minimal bandwidth and CPU resources to maintain a DNS server. Many organizations host their own DNS servers without much effort.

Managed DNS

Managed DNS is a service that allows organizations to outsource DNS to a third party provider. There many reasons why an organization may elect to outsource DNS hosting... here are a few:

Simplicity Organizations don't have to worry about setting up and maintaining their own DNS servers. Management of DNS records is also easier because providers enable this using a simple browser-based GUI or API
Performance Providers that specialize in DNS have often invested significant time and capital setting up global networks of servers that can respond quickly to DNS queries regardless of a user's location
Availability Managed DNS providers employ dedicated staff to monitor and maintain highly available DNS services and are often better equipped to handle service anomalies like DDOS attacks
Advanced Features Managed DNS providers often offer features that are not part of the standard DNS stack such as integrated monitoring and failover and geographic load balancing

Whatever the reasons are, managed DNS is a fast growing sector in the cloud.

Enterprise versus Self Service

Managed DNS providers can be generally divided into two categories:

Enterprise providers typically offer more advanced features, personalized support and account management, and often have larger DNS server networks. These providers typically utilize a formal sales and contract negotiation process for new customers where pricing is variable depending on the customer's negotiating prowess, usage volume and term commitment. Pricing is typically orders of magnitude higher than self service providers. Some enterprise providers offer low volume, low cost introductory packages that are lead-ins to their standard service offerings
Self Service providers typically offer simple, contract free, self management DNS services. Pricing is often catered more towards smaller organizations with limited budgets. Self service providers usually (but not always) have smaller DNS server networks and offer fewer advanced features. Based on our analysis, these services are generally as reliable as enterprise services

After speaking with multiple enterprise providers, it is our impression that they generally consider self service providers as non-competitors targeting a different customer demographic.

Comparing Managed DNS Services

Comparing DNS services is not as simple as running a few benchmarks and calling it good. There are multiple criteria where comparisons may be drawn. In this post, we'll present some criteria we believe to be relevant, the techniques we have used to implement them, and the resulting analysis. The following DNS providers are included:

Neustar UltraDNS is one of the oldest managed DNS providers founded in 1999. Their network includes 16 DNS POPs (points of presence) on 6 continents. UltraDNS is a leading provider in marketshare with 403 of the Alexa top 10,000 sites according to our recent analysis
Dyn has evolved over the years from offering various free DNS services to its current form as an enterprise DNS provider. Although they still support a self service DNS under the DynDNS brand, our analysis includes only their enterprise service. The Dyn network consists of 17 DNS POPs in 4 continents. Dyn's enterprise service is slightly behind UltraDNS in marketshare with 319 of the Alexa top 10,000 sites according to our analysis.
Cotendo/Akamai Cotendo was acquired by Akamai in 2012. The Cotendo DNS network consists of 29 DNS POPs in 5 continents. Combining Akamai and Cotendo DNS makes them the leading provider in marketshare for Alexa top 1,000 sites according to our analysis. Akamai's DNS service, Enhanced DNS currently utilizes different DNS infrastructure from Cotendo and is presented separately in this post
AWS Route 53 is part of the Amazon Web Services suite of cloud services. It launched in 2011 and is the newest service included in this post. Route 53 uses a self-service, low cost model. The DNS network consists of 33 DNS POPs in 5 continents. Route 53 marketshare has grown significantly in 2012 according to our analysis. It currently lacks many of the more advanced features offered by enterprise providers including DNSSEC and integrated monitoring
easyDNS is a smaller, self-service provider founded in 1998. Their network consists of of 16 DNS POPs in 3 continents
DNS Made Easy is another smaller, self-service DNS provider founded in 2002. Their network consists of 12 DNS POPs in 3 continents

End-User Performance

There are many factors that affect DNS performance. When a user types a hostname into a browser address bar the path taken for resolving that hostname to an IP address varies between users. Generally, the first point is the user's ISP DNS resolver. These are specialized DNS servers that cache lookups and are used only for DNS resolving. If this DNS server does not have an answer, it will query the next level up (often another ISP DNS server), and this process continues until the authoritative server is queried. This process is referred to as a recursive DNS lookup. From an end-user's perspective, DNS performance is the total lookup time including the entire recursive chain. To improve performance, managed DNS providers typically deploy mnay DNS servers globally and use an Anycast network to reduce latency and thus reduce lookup times. A well designed DNS network will generally provide better and more consistent performance for end-users globally. However, because DNS lookups are almost always cached, after the first lookup, DNS generally has little impact on website performance.

To measure end-user DNS performance, we developed a browser based test that measures the time difference between downloading a small (4 byte) file using both cached and non-cached hostnames. We use a special type of DNS record called a wildcard name that allows the test to generate random hostnames that are guaranteed to require an authoritative DNS lookup. Multiple measurements are taken during each test and the median is recorded. We've run this test using thousands of unique users globally every month. We also utilize a Geo IP database to determine where the user running the test is located which allows us to generate the region specific analysis for each DNS service show below.

The following charts display the results of our end-user DNS performance analysis for July 2012. The bars in each chart represent a managed DNS service and a specific geographic region. The vertical axis is the median DNS lookup time in milliseconds (1000 milliseconds equals 1 second) for all users and tests in that region (typically hundreds or thousands of unique users). The line spanning horizontally on the chart represents the median lookup time for all regions. In general, DNS lookup times in the 50-200 millisecond range are very good.

End-User DNS Performance - North America July 2012
In North America, bandwidth and connectivity are relatively simple and affordable. All providers performed generally well in these regions with limited variation between them.

End-User DNS Performance - Europe July 2012
Performance in Europe regions was only marginally slower than North America and we observed slightly higher performance variation between providers.

End-User DNS Performance - Other July 2012
Bandwidth and connectivity are significantly more costly and complex in Asia, Oceania, and South America. We observed slower performance and higher variation between providers in these regions.

Synthetic Performance

Another method of measuring DNS performance is to query authoritative DNS servers directly (bypassing recursive lookup chains). This method utilizes test agents located in data centers and provides a more repeatable, consistent and controlled testing environment. However, because these tests are conducted by just a handful of servers located in data centers, and bypasses recursive lookup chains, it is less relevant to the performance an end user would experience. For our testing, we are utilized a network of 110 servers (57 US, 28 EU, 25 AsiaPAC and other locations) conducting tests every 5 minutes. The charts below use the same format as the end-user charts.

Synthetic DNS Performance - North America July 2012
Due to the lower cost and easier deployment of bandwidth and connectivity, performance in North American regions was generally good and showed minimal variation between providers. Akamai uses a combination of Anycast and Unicast (non latency minimizing) networks which is likely the reason for their lower performance in this analysis

Synthetic DNS Performance - Europe July 2012
Performance in Europe was also generally good. Many of our test agents are likely located in close proximity to the DNS servers (i.e. in the same or a nearby data center)

Synthetic DNS Performance - Other July 2012
In Asia and Oceania, where bandwidth and connectivity is more expensive and complex to setup, we observed lower performance and higher performance variation between providers

Availability

Managed DNS provider networks consist of many DNS POPs (a single POP consists of 1 or more DNS servers) distributed globally. When used in combination with Anycast routing, these DNS servers can be configured to automatically failover to other POPs. Additionally, the DNS protocol can include more than one authoritative server and incorporates retry logic such that DNS clients will try to query multiple DNS servers until a response is received. These factors enable DNS to provide continual availability as long as at least 1 DNS POP is available.

To calculate availability, we utilized the 110 monitoring agents querying provider DNS servers every 5 minutes throughout the month. Every authoritative DNS server was queried during each test. Two metrics are were captured... availability of at least 1 DNS server and availability of all DNS servers. The former is the more important as it reflects what an actual user would generally experience. All providers offered very high availability. The following table represents the results on this analysis for July 2012:

DNS Provider Availability July 2012

DNS Propagation Latency

Another comparison criterion is the time required to push a DNS record update to a provider's DNS network. We refer to this metric as DNS Propagation Latency. This criterion is more relevant to an organization making frequent or automated DNS updates, where those updates are critical to some functionality. To measure DNS propagation latency, we used 110 global test agents. At the exact moment a DNS change was submitted, those agents were instructed to directly query provider DNS servers and record the amount of time that change took to complete. Testing was conducted for both primary and secondary DNS (secondary DNS is a replication-only service). The tables below show the results of this analysis (Propagation Latency is a median value for all 110 test agents and all provider DNS POPs):

Primary DNS Propagation Latency - July 2012

Secondary DNS Propagation Latency - July 2012
Secondary DNS is a replication service, DNS propagation times are longer because the secondary service has to wait for the primary service to replicate first. During our testing, DNS Made Easy was the primary DNS service. Not all providers offer secondary DNS service.

DNS Provider Marketshare

Marketshare is a good indicator of the robustness of a provider DNS network. Providers that manages DNS for popular websites have a demonstrated capability to effectively support very high DNS volume.

To capture DNS provider marketshare we determined which DNS providers are used for the top 10,000 Alexa sites (Alexa publishes a list of the most popular websites). Some DNS providers allow customers to mask their DNS servers using custom hostnames (a featured referred to as vanity DNS servers). To include these, we correlate vanity DNS servers using IP address matching (matching class C IP addresses to those of known provider DNS servers). To verify correlations, we perform authoritative lookups of the hostnames using actual provider DNS servers.

We also track provider marketshare distribution changes by comparing provider marketshare this month to that of the previous month. The following are the results of this analysis for the month of July 2012:

Alexa Top 1000 DNS Marketshare - Aug 2012
Alexa Top 10000 DNS Marketshare - Aug 2012

Top 20 Provider Alexa 10,000 Changes - July 2012

Confirmed Alexa Top 10,000 Changes - July 2012

Confirmed Alexa Top 10,000 Changes - July 2012
Because the makeup of the top 10,000 Alexa websites changes from month to month, the marketshare change analysis may not represent actual provider change. The change metrics above, represent the number of actual confirmed provider changes between July 1 and Aug 1 2012. During this time, we observed significant usage growth for both Route 53 and Dyn.

Features

Advanced features are one of the biggest ways that DNS providers distinguish their services. The following is an overview of a few common features and their associated support with each DNS provider:

Health Checks - DNS Failover

DNS failover involves dynamic DNS resolution based on the availability of target hosts. These hosts are monitored continually by DNS providers using ICMP (ping) or more advanced methods such as HTTP content monitoring. If a primary target host fails a health check, DNS resolution automatically change to a backup target host.

UltraDNS	Dyn	Cotendo	Route 53	DNS Made Easy	easyDNS
Yes	Yes	Yes	No	Yes	Yes

Health Checks - DNS Load Balancing

Like DNS failover, DNS load balancing monitors target hosts. However, with load balancing there target hosts are not considered active or failover - instead, all hosts receive a even (or weighted) distribution of traffic. If a target host goes down, the DNS service will stop sending traffic to it by ceasing to resolve that IP address.

UltraDNS	Dyn	Cotendo	Route 53	DNS Made Easy	easyDNS
Yes	Yes	Yes	No	No	No

Location Based Routing (Geo IP)

Location based DNS routing allows a DNS hostname to resolve dynamically depending on the geographic location of the user (or more specifically, location of the user's DNS resolver). To accomplish this, the geographic location is determined using Geo IP databases like Neustar IP Intelligence (formerly Quova) or MaxMind. This location is then run through custom, user-defined DNS rules that may affect the IP address the hostname resolves to. For example, a hostname might resolve to a server in Singapore for users in Asia, and a server in the US for others thereby improving webpage load times.

UltraDNS	Dyn	Cotendo	Route 53	DNS Made Easy	easyDNS
Yes	Yes	Yes	Yes¹	No	No

¹Route 53 provides a unique feature called Latency Based Routing, where DNS resolves to a target host with the presumed lowest latency to the end user (the target host must be in one of 7 AWS data center regions)

Zone Based Routing (Anycast)

Zone Based Routing is functionally similar to Location Based Routing, but instead of using a Geo IP database to determine the user's geographic location, it uses the DNS server that the user is querying. In Anycast networks, this DNS server will typically reside in the same general geographic region as the DNS client. In practice, this limits the number of location specific rules to the number of Anycast zones in the provider's network (typically in the single digits). For example, Dyn's network consists of 7 Anycast zones, thus allowing up to 7 location specific target hosts. Because of this, zone based routing is more limited relative to location based routing. Additionally, zone based routing can be problematic in some geographic regions where Anycast networking is less predictable (i.e. Asia) or when POPs are taken down for maintenance

UltraDNS	Dyn	Cotendo	Route 53	DNS Made Easy	easyDNS
No	Yes (7 regions)	No	No	Yes (4 regions)	Yes (4 regions)

DNSSEC

DNSSEC (Domain Name System Security Extensions) is a specification for securing DNS records. DNSSEC was designed to protect clients from forged DNS responses by digitally signing DNS responses. By checking the digital signature, DNS clients can verify the authenticity of those responses. Usage of DNSSEC is growing, but due to complexity and lack of support is still relatively low.

Provider or User Managed DNSSEC

Manual generation and management DNSSEC certificates can be cumbersome. Some providers simplify this by generating and deploying certificates automatically thereby eliminating many of the administrative complexities.

UltraDNS	Dyn	Cotendo	Route 53	DNS Made Easy	easyDNS
Yes (provider managed)	Yes (provider managed)	No	No	No	Yes (user managed)

Pricing

Enterprise DNS providers, generally do not disclose pricing publicly. Part of this likely has to do with the negotiable nature of their pricing. In order to determine pricing for these services (where it was not available publicly), we contacted each provider for a pricing quote. Actual pricing may vary depending on a customer's ability to negotiate.

DNS Query Pricing (monthly)

Provider	1 million	10 million	100 million	1 billion	10 billion
AWS Route 53	$0.50	$5	$50	$500	$2,750
UltraDNS	$50-$195¹	$865-$1,200²	$2,200-$3,000²	$5,125²	$17,500²
Cotendo	Not offered³	$500	$1,000	$5,000	$10,0000
Dyn	$60⁴	$295 (10 QPS)	$600 (40 QPS)	$2,250 (400 QPS)	$5,495 (4000 QPS)
DNS Made Easy	$2.50⁵	$5⁵	$218⁷	$1,520⁷	$7,370⁷
easyDNS	$9.95⁶	$20	$200⁸	$2,000⁸	$20,000⁸

$50 plan includes US and EU DNS POPs only
UltraDNS discounts query pricing by up to 50% when bundled with advanced features list below. The prices provided here are based on some bundling
The lowest usage tier for Cotendo DNS is 10 million queries/mo
Dyn Enterprise DNS Lite - includes 1.2 million queries/mo
Must prepay annually
Enterprise Plan - Pricing is for 5 million queries/mo
Based on $1500/yr corporate membership (includes 50 million queries/mo)
Based on Enterprise plan and published overage rate - discounts may be available

Advanced Feature Pricing (monthly)

Provider	Health Checks - Failover	Health Checks - Load Balancing	Location Based Routing (Geo IP)	Zone Based Routing (Anycast)	DNSSEC
AWS Route 53	NA	NA	$0.25/million queries¹⁰	NA	NA
UltraDNS	$225¹	$563²	$500³	NA	Included
Cotendo	$130⁴	$130⁴	Included	Included	NA
Dyn	$100⁵	$200⁵	$400⁶	$200⁶	Included
DNS Made Easy	$0.42⁷	NA	NA	$55⁸	NA
easyDNS	Included⁹	NA	NA	Included⁹	Included

UltraDNS refers to this feature as Sitebacker. Price is based on 10 million query bundle pricing (25% discount) with 2 monitored target hosts. Each additional target host is $113/mo ($150 without bundle discount) up to 5, then $90 up to 10, then $68
UltraDNS refers to this feature as Traffic Controller. Price is based on 10 million query bundled pricing (25% discount) with 3 monitored target hosts. Each additional IP is $188/mo ($250 without bundle discount)
Pricing based on 10 million query bundled pricing (25% discount) with up to 5 target hosts. Each additional target host is $100/mo
Per hostname with up to 10 monitored target hosts
Priced based on # of monitor samples per month, $3 per 1000 samples - pricing provided is based on 3 target hosts, 1 monitoring node and 3 minute monitoring intervals. Pricing reduces to $0.30/1000 for 10 million samples/month
Per hostname
Must prepay annually - the Business and Corporate plans include 3 and 10 failover hostnames respectively and up to 5 monitored target hosts using 2-4 minute monitoring intervals
Requires $60/yr business plan. $1500/yr Corporate plan includes 1 geo-targeted hostname at no additional charge
Only 15 minute monitoring intervals are supported
Query surcharge for latency based routing - only target hosts in AWS data centers are supported. Query pricing reduces to $0.125/ million queries for volume above 1 billion queries/mo

Summary

There is a lot to consider when comparing managed DNS providers. We've included what we believe to be a few relevant, objective and comparable evaluation criteria in this post and our new DNS report. Organizations should consider the criteria that are most relevant to them when evaluating providers. If advanced features are needed, an enterprise provider may be the best choice. If just plain DNS is needed, a self service provider like AWS Route 53 may be a better and more cost effective service. The most important factor is to make your selection based on relevant and objective criteria, not marketing spin.