Free DNS Can Hurt Web Performance

After working with one of our clients earlier in August, I tweeted the following:

“I am just amazed how many companies use their registrars DNS as primary DNS … not GOOD! ”

In reply to the tweet I received several questions, and it became clear that registrar-provided-DNS needed a discussion all of its own. (I have previously talked in our blog about the importance of DNS on web performance)

Usually a company buys a domain from a registrar, (such as Godaddy, Network Solutions, 1and1, etc.) Then they either delegate that domain to their own DNS system, or rely a 3rd party service to manage it (such as Dyn, Cotendo, Verisign, Nominum, Cloudfloor, UltraDNS, DNSmadeeasy, etc.), or rely on the registrar’s DNS services.

Don’t get me wrong – the DNS services offered by a registrar are more than sufficient for the great majority of the websites in the internet like blogs, personal sites, or sites with small presence. Even if you are medium size website, a registrars DNS could work just fine if you rely on long TTLs and don’t need any advanced features like geographical load balancing or fast failovers capabilities.

On the other side, a registrar’s DNS might not be your best choice if you are a website with global presence and web performance is key to your success, or you are a third party service that impacts the performance of your clients (like adserving) and have SLAs. In addition if you rely on CDNs to serve the static content, why rely on a registrar for the DNS entries pointing to the CDN? You are investing into speed – might as well invest on all the components impacting speed – and DNS is the first one to impact it.

Registrars offer their services for free and often the price reflects in their performance. Keep in mind not all registrars are equal – their level of investment in their infrastructure varies and so does their quality. Either way, the most common reasons as to why the DNS performance of a registrar could be poor are:

• Their DNS Servers are not well-distributed geographically and/or not relying on technologies like IP Anycast to route DNS queries to the closest servers.
• Their ISP peering points might be limited.
• Their DNS servers are not the fastest or not reliable. We have seen many timeouts as a direct result of poor performance from registrar-provided DNS.

At Catchpoint we monitor the DNS performance from multiple geographical locations relying on three distinct methods:

• Measure DNS Resolution as part of a web performance monitoring. Relies on a DNS resolver and it respect TTLs
• Emulate a DNS Resolver (performs recursive queries to resolve the domain) with a clean cache.
• Directly query a specific NS server, and measure the performance of that server.

To illustrate the performance problems, let me present two actual client cases we dealt with this year. (To protect the privacy of our clients we are not making public who they are, the domains, or the registrars):

Example 1: A Catchpoint client observed multiple DNS failures through our IE8 browser based monitoring. The client relied on a registrar to host the CNAME to their CDN. We analyzed which NS servers involved in the domain resolution and ran a performance analysis for each server.

The following scatterplot displays the raw data collected on IE8 Agent on a 3 day period in February/March 2011:

Each one of those red dots represent a failure to resolve DNS and they were all caused by a registrar used.

Example 2: An adserving company was relying on a Registrar for their DNS. They were experiencing slow performance and had high impressions discrepancies with other adserving solutions. The following chart shows the Response time of a simple ad call with the DNS resolution time.

At Webperf meetups I emphasize that when monitoring web performance it is vital to see the entire picture, and that picture includes DNS – DNS is the first, critical link between you and your customers.

And finally, some of the recommendations we give regarding DNS handling:

• Avoid Short TTLs where possible. (especially if you must rely on registrar DNS infrastructure)
• Avoid multiple CNAMEs.
• Use distributed DNS infrastructures based on your user base, or use third party that specialize in DNS resolution.
• When hosting your own DNS infrastructure, make sure you have the capacity to handle DDOS attacks & traffic surges.
• Use Catchpoint’s tools to effectively and reliably monitor your complete DNS response paths.
• Make sure to keep your internal LAN DNS records separate from your production DNS.
• You can also make sure your CDNs and other 3rd parties rely on Anycast. Article from Patrick Meenan about the importance of Anycast and it’s impact on Web performance.

In conclusion, make sure you rely on the right DNS service based on your needs. Just like any other purchase, there is correlation between price, features and quality – free or cheap services do not offer the best speed and reliability – and might lack some of the features you need. If speed is key to the success of your company, invest money into a third party DNS service and make sure you configure it right.

Mehdi – Catchpoint.