Introduction
This blog post is the culmination of year's effort researching and developing methods for analyzing and comparing managed DNS services. During this time, we provided access to our analysis and solicited feedback from any DNS provider that would listen. We would like to thank our contacts with UltraDNS, Cotendo, Amazon Web Services and NetDNA for the feedback they provided. As always, it is our intent to provide objective, fair and actionable analysis. We have not been paid by anyone to conduct this testing or write this post. If you have feedback, we'd like to hear it.
This blog post is also intended as an introduction to a new monthly report entitled State of the Cloud - DNS available for purchase on our website. The full version of the August 2012 edition of this report is available for free in html format or pdf format (10MB). Future editions of this report will include both free and premium editions where the free version will include everything but some of the more advanced content such as marketshare analysis. This blog post provides an introduction to and summary of the August 2012 edition of this report.
View Full Report - August 2012
What is DNS?
Domain Name System or DNS for short, is the part of the Internet that lets users access websites (and other Internet services) using easy to remember words and phrases called hostnames like amazon.com or google.com. Without DNS, users would be required to use cryptic numeric-based identifiers called IP addresses (e.g. 72.21.194.1). When a user types a hostname into their browser address bar, one of the first steps undergone is to translate the hostname to an IP address. This translation process involves querying a DNS server that has been assigned responsibility for that hostname. These are called authoritative DNS servers. If the authoritative DNS server is not accessible, the browser will be unable to resolve the IP address and display the website.
DNS server software is freely available and is not overly complex to setup or run. The core functionality of a DNS server is simple… the translation of hostnames to IP addresses. It requires only minimal bandwidth and CPU resources to maintain a DNS server. Many organizations host their own DNS servers without much effort.
Managed DNS
Managed DNS is a service that allows organizations to outsource DNS to a third party provider. There many reasons why an organization may elect to outsource DNS hosting... here are a few:
- Simplicity Organizations don't have to worry about setting up and maintaining their own DNS servers. Management of DNS records is also easier because providers enable this using a simple browser-based GUI or API
- Performance Providers that specialize in DNS have often invested significant time and capital setting up global networks of servers that can respond quickly to DNS queries regardless of a user's location
- Availability Managed DNS providers employ dedicated staff to monitor and maintain highly available DNS services and are often better equipped to handle service anomalies like DDOS attacks
- Advanced Features Managed DNS providers often offer features that are not part of the standard DNS stack such as integrated monitoring and failover and geographic load balancing
Whatever the reasons are, managed DNS is a fast growing sector in the cloud.
Enterprise versus Self Service
Managed DNS providers can be generally divided into two categories:
- Enterprise providers typically offer more advanced features, personalized support and account management, and often have larger DNS server networks. These providers typically utilize a formal sales and contract negotiation process for new customers where pricing is variable depending on the customer's negotiating prowess, usage volume and term commitment. Pricing is typically orders of magnitude higher than self service providers. Some enterprise providers offer low volume, low cost introductory packages that are lead-ins to their standard service offerings
- Self Service providers typically offer simple, contract free, self management DNS services. Pricing is often catered more towards smaller organizations with limited budgets. Self service providers usually (but not always) have smaller DNS server networks and offer fewer advanced features. Based on our analysis, these services are generally as reliable as enterprise services
After speaking with multiple enterprise providers, it is our impression that they generally consider self service providers as non-competitors targeting a different customer demographic.
Comparing Managed DNS Services
Comparing DNS services is not as simple as running a few benchmarks and calling it good. There are multiple criteria where comparisons may be drawn. In this post, we'll present some criteria we believe to be relevant, the techniques we have used to implement them, and the resulting analysis. The following DNS providers are included:
- Neustar UltraDNS is one of the oldest managed DNS providers founded in 1999. Their network includes 16 DNS POPs (points of presence) on 6 continents. UltraDNS is a leading provider in marketshare with 403 of the Alexa top 10,000 sites according to our recent analysis
- Dyn has evolved over the years from offering various free DNS services to its current form as an enterprise DNS provider. Although they still support a self service DNS under the DynDNS brand, our analysis includes only their enterprise service. The Dyn network consists of 17 DNS POPs in 4 continents. Dyn's enterprise service is slightly behind UltraDNS in marketshare with 319 of the Alexa top 10,000 sites according to our analysis.
- Cotendo/Akamai Cotendo was acquired by Akamai in 2012. The Cotendo DNS network consists of 29 DNS POPs in 5 continents. Combining Akamai and Cotendo DNS makes them the leading provider in marketshare for Alexa top 1,000 sites according to our analysis. Akamai's DNS service, Enhanced DNS currently utilizes different DNS infrastructure from Cotendo and is presented separately in this post
- AWS Route 53 is part of the Amazon Web Services suite of cloud services. It launched in 2011 and is the newest service included in this post. Route 53 uses a self-service, low cost model. The DNS network consists of 33 DNS POPs in 5 continents. Route 53 marketshare has grown significantly in 2012 according to our analysis. It currently lacks many of the more advanced features offered by enterprise providers including DNSSEC and integrated monitoring
- easyDNS is a smaller, self-service provider founded in 1998. Their network consists of of 16 DNS POPs in 3 continents
- DNS Made Easy is another smaller, self-service DNS provider founded in 2002. Their network consists of 12 DNS POPs in 3 continents
End-User Performance
There are many factors that affect DNS performance. When a user types a hostname into a browser address bar the path taken for resolving that hostname to an IP address varies between users. Generally, the first point is the user's ISP DNS resolver. These are specialized DNS servers that cache lookups and are used only for DNS resolving. If this DNS server does not have an answer, it will query the next level up (often another ISP DNS server), and this process continues until the authoritative server is queried. This process is referred to as a recursive DNS lookup. From an end-user's perspective, DNS performance is the total lookup time including the entire recursive chain. To improve performance, managed DNS providers typically deploy mnay DNS servers globally and use an Anycast network to reduce latency and thus reduce lookup times. A well designed DNS network will generally provide better and more consistent performance for end-users globally. However, because DNS lookups are almost always cached, after the first lookup, DNS generally has little impact on website performance.
To measure end-user DNS performance, we developed a browser based test that measures the time difference between downloading a small (4 byte) file using both cached and non-cached hostnames. We use a special type of DNS record called a wildcard name that allows the test to generate random hostnames that are guaranteed to require an authoritative DNS lookup. Multiple measurements are taken during each test and the median is recorded. We've run this test using thousands of unique users globally every month. We also utilize a Geo IP database to determine where the user running the test is located which allows us to generate the region specific analysis for each DNS service show below.
The following charts display the results of our end-user DNS performance analysis for July 2012. The bars in each chart represent a managed DNS service and a specific geographic region. The vertical axis is the median DNS lookup time in milliseconds (1000 milliseconds equals 1 second) for all users and tests in that region (typically hundreds or thousands of unique users). The line spanning horizontally on the chart represents the median lookup time for all regions. In general, DNS lookup times in the 50-200 millisecond range are very good.
In North America, bandwidth and connectivity are relatively simple and affordable. All providers performed generally well in these regions with limited variation between them.
Performance in Europe regions was only marginally slower than North America and we observed slightly higher performance variation between providers.
Bandwidth and connectivity are significantly more costly and complex in Asia, Oceania, and South America. We observed slower performance and higher variation between providers in these regions.
Synthetic Performance
Another method of measuring DNS performance is to query authoritative DNS servers directly (bypassing recursive lookup chains). This method utilizes test agents located in data centers and provides a more repeatable, consistent and controlled testing environment. However, because these tests are conducted by just a handful of servers located in data centers, and bypasses recursive lookup chains, it is less relevant to the performance an end user would experience. For our testing, we are utilized a network of 110 servers (57 US, 28 EU, 25 AsiaPAC and other locations) conducting tests every 5 minutes. The charts below use the same format as the end-user charts.
Due to the lower cost and easier deployment of bandwidth and connectivity, performance in North American regions was generally good and showed minimal variation between providers. Akamai uses a combination of Anycast and Unicast (non latency minimizing) networks which is likely the reason for their lower performance in this analysis
Performance in Europe was also generally good. Many of our test agents are likely located in close proximity to the DNS servers (i.e. in the same or a nearby data center)
In Asia and Oceania, where bandwidth and connectivity is more expensive and complex to setup, we observed lower performance and higher performance variation between providers
Availability
Managed DNS provider networks consist of many DNS POPs (a single POP consists of 1 or more DNS servers) distributed globally. When used in combination with Anycast routing, these DNS servers can be configured to automatically failover to other POPs. Additionally, the DNS protocol can include more than one authoritative server and incorporates retry logic such that DNS clients will try to query multiple DNS servers until a response is received. These factors enable DNS to provide continual availability as long as at least 1 DNS POP is available.
To calculate availability, we utilized the 110 monitoring agents querying provider DNS servers every 5 minutes throughout the month. Every authoritative DNS server was queried during each test. Two metrics are were captured... availability of at least 1 DNS server and availability of all DNS servers. The former is the more important as it reflects what an actual user would generally experience. All providers offered very high availability. The following table represents the results on this analysis for July 2012:
DNS Propagation Latency
Another comparison criterion is the time required to push a DNS record update to a provider's DNS network. We refer to this metric as DNS Propagation Latency. This criterion is more relevant to an organization making frequent or automated DNS updates, where those updates are critical to some functionality. To measure DNS propagation latency, we used 110 global test agents. At the exact moment a DNS change was submitted, those agents were instructed to directly query provider DNS servers and record the amount of time that change took to complete. Testing was conducted for both primary and secondary DNS (secondary DNS is a replication-only service). The tables below show the results of this analysis (Propagation Latency is a median value for all 110 test agents and all provider DNS POPs):
Secondary DNS is a replication service, DNS propagation times are longer because the secondary service has to wait for the primary service to replicate first. During our testing, DNS Made Easy was the primary DNS service. Not all providers offer secondary DNS service.
DNS Provider Marketshare
Marketshare is a good indicator of the robustness of a provider DNS network. Providers that manages DNS for popular websites have a demonstrated capability to effectively support very high DNS volume.
To capture DNS provider marketshare we determined which DNS providers are used for the top 10,000 Alexa sites (Alexa publishes a list of the most popular websites). Some DNS providers allow customers to mask their DNS servers using custom hostnames (a featured referred to as vanity DNS servers). To include these, we correlate vanity DNS servers using IP address matching (matching class C IP addresses to those of known provider DNS servers). To verify correlations, we perform authoritative lookups of the hostnames using actual provider DNS servers.
We also track provider marketshare distribution changes by comparing provider marketshare this month to that of the previous month. The following are the results of this analysis for the month of July 2012:
Top 20 Provider Alexa 10,000 Changes - July 2012
Confirmed Alexa Top 10,000 Changes - July 2012
Because the makeup of the top 10,000 Alexa websites changes from month to month, the marketshare change analysis may not represent actual provider change. The change metrics above, represent the number of actual confirmed provider changes between July 1 and Aug 1 2012. During this time, we observed significant usage growth for both Route 53 and Dyn.
Features
Advanced features are one of the biggest ways that DNS providers distinguish their services. The following is an overview of a few common features and their associated support with each DNS provider:
Health Checks - DNS Failover
DNS failover involves dynamic DNS resolution based on the availability of target hosts. These hosts are monitored continually by DNS providers using ICMP (ping) or more advanced methods such as HTTP content monitoring. If a primary target host fails a health check, DNS resolution automatically change to a backup target host. |
UltraDNS | Dyn | Cotendo | Route 53 | DNS Made Easy | easyDNS |
---|---|---|---|---|---|
Yes | Yes | Yes | No | Yes | Yes |
Health Checks - DNS Load Balancing
Like DNS failover, DNS load balancing monitors target hosts. However, with load balancing there target hosts are not considered active or failover - instead, all hosts receive a even (or weighted) distribution of traffic. If a target host goes down, the DNS service will stop sending traffic to it by ceasing to resolve that IP address. |
UltraDNS | Dyn | Cotendo | Route 53 | DNS Made Easy | easyDNS |
---|---|---|---|---|---|
Yes | Yes | Yes | No | No | No |
Location Based Routing (Geo IP)
Location based DNS routing allows a DNS hostname to resolve dynamically depending on the geographic location of the user (or more specifically, location of the user's DNS resolver). To accomplish this, the geographic location is determined using Geo IP databases like Neustar IP Intelligence (formerly Quova) or MaxMind. This location is then run through custom, user-defined DNS rules that may affect the IP address the hostname resolves to. For example, a hostname might resolve to a server in Singapore for users in Asia, and a server in the US for others thereby improving webpage load times. |
UltraDNS | Dyn | Cotendo | Route 53 | DNS Made Easy | easyDNS |
---|---|---|---|---|---|
Yes | Yes | Yes | Yes1 | No | No |
1Route 53 provides a unique feature called Latency Based Routing, where DNS resolves to a target host with the presumed lowest latency to the end user (the target host must be in one of 7 AWS data center regions)
Zone Based Routing (Anycast)
Zone Based Routing is functionally similar to Location Based Routing, but instead of using a Geo IP database to determine the user's geographic location, it uses the DNS server that the user is querying. In Anycast networks, this DNS server will typically reside in the same general geographic region as the DNS client. In practice, this limits the number of location specific rules to the number of Anycast zones in the provider's network (typically in the single digits). For example, Dyn's network consists of 7 Anycast zones, thus allowing up to 7 location specific target hosts. Because of this, zone based routing is more limited relative to location based routing. Additionally, zone based routing can be problematic in some geographic regions where Anycast networking is less predictable (i.e. Asia) or when POPs are taken down for maintenance |
UltraDNS | Dyn | Cotendo | Route 53 | DNS Made Easy | easyDNS |
---|---|---|---|---|---|
No | Yes (7 regions) | No | No | Yes (4 regions) | Yes (4 regions) |
DNSSEC
DNSSEC (Domain Name System Security Extensions) is a specification for securing DNS records. DNSSEC was designed to protect clients from forged DNS responses by digitally signing DNS responses. By checking the digital signature, DNS clients can verify the authenticity of those responses. Usage of DNSSEC is growing, but due to complexity and lack of support is still relatively low.
Provider or User Managed DNSSECManual generation and management DNSSEC certificates can be cumbersome. Some providers simplify this by generating and deploying certificates automatically thereby eliminating many of the administrative complexities. |
UltraDNS | Dyn | Cotendo | Route 53 | DNS Made Easy | easyDNS |
---|---|---|---|---|---|
Yes (provider managed) | Yes (provider managed) | No | No | No | Yes (user managed) |
Pricing
Enterprise DNS providers, generally do not disclose pricing publicly. Part of this likely has to do with the negotiable nature of their pricing. In order to determine pricing for these services (where it was not available publicly), we contacted each provider for a pricing quote. Actual pricing may vary depending on a customer's ability to negotiate.
DNS Query Pricing (monthly)
Provider | 1 million | 10 million | 100 million | 1 billion | 10 billion |
---|---|---|---|---|---|
AWS Route 53 | $0.50 | $5 | $50 | $500 | $2,750 |
UltraDNS | $50-$1951 | $865-$1,2002 | $2,200-$3,0002 | $5,1252 | $17,5002 |
Cotendo | Not offered3 | $500 | $1,000 | $5,000 | $10,0000 |
Dyn | $604 | $295 (10 QPS) | $600 (40 QPS) | $2,250 (400 QPS) | $5,495 (4000 QPS) |
DNS Made Easy | $2.505 | $55 | $2187 | $1,5207 | $7,3707 |
easyDNS | $9.956 | $20 | $2008 | $2,0008 | $20,0008 |
- $50 plan includes US and EU DNS POPs only
- UltraDNS discounts query pricing by up to 50% when bundled with advanced features list below. The prices provided here are based on some bundling
- The lowest usage tier for Cotendo DNS is 10 million queries/mo
- Dyn Enterprise DNS Lite - includes 1.2 million queries/mo
- Must prepay annually
- Enterprise Plan - Pricing is for 5 million queries/mo
- Based on $1500/yr corporate membership (includes 50 million queries/mo)
- Based on Enterprise plan and published overage rate - discounts may be available
Advanced Feature Pricing (monthly)
Provider | Health Checks - Failover | Health Checks - Load Balancing | Location Based Routing (Geo IP) | Zone Based Routing (Anycast) | DNSSEC |
---|---|---|---|---|---|
AWS Route 53 | NA | NA | $0.25/million queries10 | NA | NA |
UltraDNS | $2251 | $5632 | $5003 | NA | Included |
Cotendo | $1304 | $1304 | Included | Included | NA |
Dyn | $1005 | $2005 | $4006 | $2006 | Included |
DNS Made Easy | $0.427 | NA | NA | $558 | NA |
easyDNS | Included9 | NA | NA | Included9 | Included |
- UltraDNS refers to this feature as Sitebacker. Price is based on 10 million query bundle pricing (25% discount) with 2 monitored target hosts. Each additional target host is $113/mo ($150 without bundle discount) up to 5, then $90 up to 10, then $68
- UltraDNS refers to this feature as Traffic Controller. Price is based on 10 million query bundled pricing (25% discount) with 3 monitored target hosts. Each additional IP is $188/mo ($250 without bundle discount)
- Pricing based on 10 million query bundled pricing (25% discount) with up to 5 target hosts. Each additional target host is $100/mo
- Per hostname with up to 10 monitored target hosts
- Priced based on # of monitor samples per month, $3 per 1000 samples - pricing provided is based on 3 target hosts, 1 monitoring node and 3 minute monitoring intervals. Pricing reduces to $0.30/1000 for 10 million samples/month
- Per hostname
- Must prepay annually - the Business and Corporate plans include 3 and 10 failover hostnames respectively and up to 5 monitored target hosts using 2-4 minute monitoring intervals
- Requires $60/yr business plan. $1500/yr Corporate plan includes 1 geo-targeted hostname at no additional charge
- Only 15 minute monitoring intervals are supported
- Query surcharge for latency based routing - only target hosts in AWS data centers are supported. Query pricing reduces to $0.125/ million queries for volume above 1 billion queries/mo
Summary
There is a lot to consider when comparing managed DNS providers. We've included what we believe to be a few relevant, objective and comparable evaluation criteria in this post and our new DNS report. Organizations should consider the criteria that are most relevant to them when evaluating providers. If advanced features are needed, an enterprise provider may be the best choice. If just plain DNS is needed, a self service provider like AWS Route 53 may be a better and more cost effective service. The most important factor is to make your selection based on relevant and objective criteria, not marketing spin.
It appears as though you have spent a great deal of time preparing this blog so thanks for the effort. As an account executive for one of the listed companies, I have to say it was extremely inconsiderate to waste the time of AEs from the company's that you got quotes from. To publish information under the guise of being a prospective client is at best a grey area. Especially, since as you mention, price and value are only best gathered while working with an expert consultative account executive. Since you've gone ahead and already done this my thought are...
ReplyDeleteThere are some inaccuracies and misleading information regarding certain providers.
For example, "Latency based routing" is called BGP routing and it's core flaw is that on an Anycast routed network the fastest response (because that's what Anycast delivers) is not necessarily coming from the appropriate geographic location. Heavy traffic or scheduled maintenance for example can bring about quicker responses from other countries or even continents. Also, while some of these providers have the capability to provide geo routing (Dyn is still in beta) the database they utilize for their data can be drastically different affecting the accuracy: Quova, Maxmind etc... The source data is critical as it affects the quality of the solution.
Next, the fact that Akamai owns Cotendo doesn't mean they host DNS for all Akamai customers and therefore doesn't necessarily give Akamai's content hosting clients a marketshare of the DNS landscape.
Now when considering speeds, from wherever your end user perspective locations are as they are all that matter in web surfing, you have to consider the volume, SLAs, advanced services (beyond the ones listed) innovation and scaling to make the most informed assessment.
For example, of the Alexa top 20, UltraDNS and Dyn are the only providers to provide a managed primary DNS solution versus internal. Ultra has three: Facebook, LinkedIn, Amazon; and Dyn answers for Twitter.
The volume these sites generate dwarf the other providers mentioned combined. UltraDNS alone processes close to 1/4 off all internet lookups on a given day worldwide, over 16 billion queries daily. Yet still, they perform at almost the highest speeds globally averaged on the chart while maintaining an infrastructure that can be trusted by the highest valued organizations in existance.
Given that DDOS is a growing trend in the post 2010 web space it would have also been prudent to discuss DDOS attack procedures. Many of the providers you list will either blackhole your site under an attack or charge you insane overages.
Other comparable topics: Resolver Technology, Infrastructure Components, Support, Upcoming Enhancements... all of these topics could have been gathered while wasting the time of hard working people.
For the record, I see that to get information from our company you even went as far as to sign a contract and then cancel with the rep, I assume to get the best pricing. Please consider how that would feel if it was your job that someone was messing with!
Thanks for your feedback. I'd like to clarify on a few of the points you touched on in your comments:
Delete1. The "Latency Based Routing" feature supported by Route 53 is not the same as IP Anycast BGP routing - Route 53 actually utilizes latency metrics from the AWS CloudFront CDN to resolve DNS based the AWS region that will provide the lowest latency. The shortcomings of Anycast routing you mentioned are mentioned in the "Zone Based Routing" feature section
2. The full report includes discussion on Geo IP databases including the database technologies (Neustar IP Intelligence/MaxMind) used by the providers that support the "Location Based Routing" feature
3. Akamai provides DNS hosting as well as CDN - the marketshare metrics included in this report are based on the number of Akamai DNS customers as well as Cotendo DNS
4. The marketshare section does emphasize already that providers who support the top Alexa websites have a proven capability to handle very high DNS traffic volume and the associated issues that come with it (i.e. DDOS) - also, Amazon uses both UltraDNS and Dyn
5. Some of the other topics you suggested (e.g. resolver technology, infrastructure) are already covered in the full report available for free - for brevity sake, we did not cover every topic included in the report
6. Be advised that we communicated extensively with the product director and managers at UltraDNS throughout this year (as well as AWS and Cotendo) in the design of this report and the associated testing methods - they provided some very useful suggestions and feedback that was incorporated and we are appreciative of their input
7. We are a paying UltraDNS customer - the reason the contract you mentioned was not completed is not because we backed out, but because you were unable to execute it. There was some confusion and we submitted payment online which put us into a more expensive contract, and therefore you were unable to honor it - we apologize if you feel that we wasted your time, that was certainly not our intent
Thank you! Thank you! Thank you! for the very detailed report! It is very refreshing as a person who has had to make these decisions in the past with little information other than the BS that the sales people try to shove down your throat. Pricing enterprise services is the hardest aspect of any project, and I for one prefer companies that are open and honest up front vs ones that hide behind a team of sales staff. IF AMAZON CAN LIST PRICES FOR THEIR CLOUD SERVICES THERE IS NO EXCUSE FOR YOU NOT TO!
DeleteI must say if you felt your job was messed with due to this report, I would really wonder about the stability of the company you work for.
DeleteThe fact that you don't know the difference between latency based routing and BGP is pretty bad considering that you sell this stuff. Latency is as I am sure you know, the ms it takes to travel back and forth. BGP takes into effect a whole bunch of other things including route cost which is manually set by the engineers that set it up.
The fact that you actually brought up the contract makes me never want to use UltraDNS, which I will now make sure I don't do. Contracts are supposed to be kept confidential or at the very least not thrown about by some low level account exec in a blog post because he felt wronged.
The best part about it? Your company could not execute the agreement per Jason. Do you realize how much you dragged your companies name through the mud with this post?
The fact that they did not throw this in your face in the initial blog post is nice of them. They could have very easily brought up the fact that your company could not hold their end of the contract up and did not until you attacked them.
As Jason mentioned, if you are going to attack a blog post for posting excerpts from a full report because it did not make your company look good, at least make sure that the full report is not linked to. If it is, read the full report.
I really hope your manager comes here and explains how you screwed up, otherwise this looks to be a company response and will really hurt your company.
Totally unprofessional behavior on the part of the UltraDNS account exec. I'm absolutely appalled that you'd bring up private contract details in this public sphere, and am also annoyed that you'd keep yourself anonymous.
DeleteIf UltraDNS has any sense, they'll find out which account exec made this post and fire them immediately.
Will you be considering putting cloudflare in the list of DNS provider as well?
ReplyDeleteYes, CloudFlare is already included in testing, but not in the report currently.
DeleteOh and may be Zerigo as well..
DeleteI was wondering if OnApp DNS is possible, they properly have the most POPs due to their federation. Would be interested to know how well it goes.
We are testing Zerigo, they just aren't included in this first report. We are currently more focused on covering the providers utilizing IP Anycast DNS networks which Zerigo does not.
DeleteIf anyone's interested in running a similar end-user DNS test, have a look at the dns plugin in boomerang (the performance testing library I opensourced while at Yahoo!). It's available on github under the BSD license at
ReplyDeletehttps://github.com/lognormal/boomerang/blob/master/dns.js
The method described above sounds a lot like what we do in that code.
Great Job, Jason.
ReplyDeleteNice write up. I know that we've been reading the results at Dyn and how we can improve. Thanks for the detail and thoroughness on this report.
ReplyDeleteJeremy Hitchcock (CEO at Dyn)
Awesome Blog and Report
ReplyDeleteThanks for all the hard work
You can do DNS Load Balancing with Health Checks with DNSMadeEasy (using a combination of multiple A records and failover configurations for each record), though admittedly it's a bit more crude compared to some of the more expensive options.
ReplyDeletehttp://help.dnsmadeeasy.com/dns-failover/configure-dns-failover-with-round-robin/
DNSMadeEasy also offers a geo IP routing service, which they call Global Traffic Director:
http://www.dnsmadeeasy.com/services/global-traffic-director/
http://help.dnsmadeeasy.com/gtd/configure-gtd-with-dns-failover/
Price is $55/mo/domain record but pre-paid annually (as are all their services).
Great review!
ReplyDeleteGreat report, I just started looking for something like this and had no idea I'd come across something this well researched. Did you choose the contenders based on lead marketshare, or are folks like Verisign in the top group but not in the report for one reason or another?
ReplyDeleteMostly based on lead marketshare. We are currently testing other providers including Verisign and CloudFlare, and will add them to the report over time.
DeleteNice report, but full one for $450/month??
ReplyDeleteThe basic free report contains 90% of the content, and this August version of the full report is also free.
DeleteAny reason Akamai is not represented in the client test graphs? They are there for the DC test graphs...
ReplyDeleteAnd it's interesting the generally poor performance of Akamai in your DC tests. Was there any hint as to why this was the case in your testing? They work very hard to be close to, or even on-net with, most medium to large ISPs and tend to be present at peering exchanges to mop up the rest but perhaps their DNS infrastructure is not as widely spread as their CDN infrastructure.
Akamai appears to use a combination of unicast and anycast DNS delegation, perhaps for DDOS mitigation. The unicast name server are located globally and tend to have higher latency. Real user testing was not conducted because we do not currently have DNS hosting with Akamai (it requires a wildcard hostname record). However, we are working with an internal contact now to get that up and running beginning in November.
DeleteThe presence of unicast authorative servers would definitely hurt for any resolvers with no, or stale, RTT data for those servers. Not to mention those resolvers who don't use it or deliberately "fuzz" it (e.g. Bind8 RTT banding).
DeleteVery interesting report, thanks for releasing it.
Thanks Jason for an extremely well researched and professional report.
ReplyDeleteGreat information. You guys may also want to check out www.dnsreviews.com
ReplyDeletea wealth of information here from real users.
It's very rare to find such detailed information that is unbiased - for free. There must be lot's of people out there like me, that are looking at switching DNS providers and your report is very helpful. Keep up the great work - it is much appreciated ;-)
ReplyDeleteThanks for this. One complaint though - the Y axes do not go to zero in the latency graphs. This exaggerates the differences and is very misleading.
ReplyDeleteOn "DNS Propagation Latency": the company at work uses UltraDNS and for the past couple of months it took noticeably longer time for a new DNS record to be "ready". Recently I did four tests on DNS propagation latency (using the term from this review) using three domains with UltraDNS, by submitting requests to create a total of four sub-domain A records through either web UI or API call, and then digging continuously for these A records against the authoritative name servers listed in parent domain SOA using automated scripts. The dig results went through three phases, 1) consistently no result available 2) sporadically correct query results are returned 3) finally correct results are consistently returned. And the times that it took to reach consistent result phase were 192s, 169s, 152s, and 178s for the four tests. And according to UltraDNS support (that has been pretty responsive), a propagation latency between 0 to 5 minutes is normal. But such numbers are significantly worse than what is reported in this review. What does my company have to do to get propagation latency as featured in this report consistently? I'd also like to hear other people's input on the DNS propagation latency that they are seeing from their providers.
ReplyDeleteOh, in case anyone wonders, the submission and querying for new A records were both done in Northern California, at different time of the day, and with fast network pipes.
Fabulous report!!! any plans to do similar assessment for the 'Self service' products- pleeez? that's what newbies/tiny non-profit people want to know.
ReplyDeleteThanks for this report. It has really helped. I hate how some companies don't even give you prices without asking for a quote. That comment from UltraDNS is unacceptable. I recently had a very rude sales person from them who laughed when I said $99 is very expensive for a quote with 500,000 queries. He then said, "choose Route 53 and stop wasting my time".
ReplyDelete