DNS issues have plagued network practitioners for decades. I would venture a guess that any network engineer in the field has experienced a ticket crossing their desk, which ended up at DNS’s doorstep.
These issues are infamously tricky to suss out and get to the root cause of. It is so pervasive and common of an issue that there is a haiku about DNS problems that sticks with me:
- It’s not DNS
- There’s no way it’s DNS
- It was DNS
How do DNS issues end up being the root of many lengthy troubleshooting sessions for network engineers? First of all, DNS is a pretty crucial part of the application connectivity stack, so if it’s broken, it spells trouble.
It’s uniquely a hybrid service between network and application stakeholders, so ownership can be a grey area. Despite its importance, DNS is commonly neglected, forgotten about, and gets very little love.
I can recall countless times during network migrations, where the validation and testing phase stalls at ‘Application X is not working’. Usually, the cause is that someone forgot all about changing the appropriate DNS entries.
Another factor within static environments is that DNS entries change very little, so when they do need to be changed, folks forget how to.
Sometimes it’s not even clear where those DNS entries are if there are multiple places that the entries are stored. Routinely, there is poor (or no) documentation, so crucial knowledge of how to manage the DNS infrastructure is lost or walks out the door with employees when they move on. These are all age-old challenges with DNS and don’t consider some of the modern challenges, like the cloud.
DNS Gets ‘Cloudy’
The advent of cloud services allows for more dynamism of applications and services moving throughout a hybrid environment, but this necessitates automation for the consistency of DNS services.
The skill sets required to understand and build dynamic infrastructure are tough to come by and can face some resistance level inside an organization by folks uncomfortable with something new. This can fracture DNS infrastructure management with the cloud developers and application owners managing their DNS in different systems than the traditional IT stakeholders. So how does an organization deal with a truly distributed architecture?
Source of Truth
As applications journey from bare metal to virtualized and from on-prem to cloud, so do supporting infrastructures like DNS. In a modern cloud-first or hybrid cloud world, organizations need to think deeply about how they deploy and manage DNS services for these applications that can live anywhere and move at a moment’s notice.
One key thing to consider is; where does the ‘single source of truth’ (SSOT) for the DNS infrastructure live. The single source of truth is the notion of one centralized system that can hold a master schema of data then distribute it to other supporting systems. Still, it is only managed and modified in this single system. This is something that DNS, DHCP, and IPAM (DDI) infrastructure is built for and is very well suited for within public, private, and hybrid cloud environments. The space has evolved immensely and now supports the most dynamic environments through automation and API integration.
Where Does One Start?
The first step to successfully getting a handle on DNS infrastructure is to gather all stakeholders that influence DNS policy together to have a conversation. Layout how things work (or don’t work) today and the processes for managing DNS. Next is identifying the current supporting services and solutions employed, then consider what options exist for consolidation. If things are too scattered or far too manual to support your applications’ dynamic nature, more dynamic and automated solutions are strongly recommended. A modern DNS infrastructure services design is not a ‘nice to have’; it’s now a ‘must-have’ to achieve the efficiency and resilience that the modern business requires.
On Tuesday, December 8th, 2020, at 1 pm ET, BlueCat Networks hosts a virtual roundtable event called Who should own DNS in the cloud? to discuss these issues in more detail. This is a part of their Critical Conversations series, and you can learn more in their dedicated Network VIP Slack community – a conversation you won’t want to miss!