Knowing what DNS is can already show you the answer to what DNS outage is. The clients won’t resolve your domain name, so they will get an error and won’t be able to reach your site or use your application. The DNS downtime could lead to angry customers, lost sales, and bad branding. But you can avoid DNS outages. Do you want to know how?
DNS outage (DNS downtime) – what does it mean?
The DNS outage (a.k.a. DNS downtime or DNS failure) is a period of time when the domain name can’t be resolved to its IP address. The clients will send a DNS query for a domain name, but the DNS recursive will either answer with the old IP address from its cache, which will not respond, or it will try to query the DNS authoritative name server of the domain name won’t get an answer.
What causes DNS outages?
DDoS or a denial of service attack, is a type of cyber-attack that involves multiple devices that work together, targeting a victim’s computer, with a large amount of traffic intending to make it unable to answer any more queries. To prevent any problems that a DDoS attack can cause, you will need a load balancing that can share the traffic between your servers, even if it is very strong. And also, you will need DDoS-protected servers.
If you are using only one authoritative name server, whatever happens to it, can affect your DNS. If it needs updates and reboot, the time that it takes, the server won’t be able to respond to DNS queries. Updates and maintenance are needed, so you better have a Secondary DNS that can answer the queries meanwhile.
The cloud equipment does not magically hover over the Earth. Instead, it resides in multiple data centers. These places can have problems like long-lasting electricity outages, natural disasters affecting the area, fire, or other problems. If you are using a cloud service, these issues are out of your hands, but you can use multiple servers in multiple data centers. If one is down, still, there will be more to answer the queries.
Errors in DNS configuration can cause DNS downtime. It can be a human mistake, like badly addressing caused by misspelling the IP address or domain name, script error, wrong firewall configuration, etc.
If it is a misspelled problem, you can try to query the domain name and the IP address to see which does respond and which does not.
If it is the firewall, you can check the ports if they were allowed.
DNS propagation delay
When you add or remove DNS records (like A or AAAA records), the changes are not always instant. You are editing the zone file inside the Primary DNS server, and you can propagate to your Secondary DNS servers, but there are many DNS recursive servers that you don’t control. They can keep your old IP address and provide it to clients, even after you published a new one.
What you can do about the DNS propagation is to push the zone transfer to your Secondary servers and to keep lower TTL values for your DNS records.
It is not technically a DNS outage because it will affect only those with the older cached IP address of the domain name, but it was worth mentioning it.
How to avoid DNS downtime (outage)
The best way to avoid DNS outages is to have a robust DNS network that provides redundancy and can withstand strong traffic. The more servers you have, the better you are going to be prepared. Additional features might also facilitate the DNS administration and automate the process of handling problems.
Use Secondary DNS services
A secondary DNS service provides you with the opportunity to use multiple Secondary DNS servers, which can be set as Secondary authoritative nameservers. They will have a copy of the zone file with the DNS records. They can answer queries for your domain, just like the Primary one. The big advantage is that they will keep answering even if the Primary is experience downtime. Having Secondary DNS is your DNS backup solution.
Use DNS load balancing
DNS load balancing is also another nifty way to lower the chance of DNS outages. It is a mechanism for administrating the DNS traffic between the DNS server, based on criteria like the number of active connections, specific algorithm, time of connection, etc.
It will reduce the stress on a particular DNS server and spread it between the network.
It can help in case of a DDoS attack but also in a natural spike in traffic caused by increased clients’ queries. It can help you during a promotional period when you are experiencing higher traffic.
Be prepared with DNS Failover
DNS Failover is a trigger that will activate in case of a nameserver’s failure. It can automatically redirect the traffic without any human interaction, based on the information it gets from DNS monitors like ICMP ping, UDP requests, HTTP checks, etc. It is an easy way to keep your clients’ happy and provide DNS resolution, even if some of your DNS servers are experiencing some problems. We offer DNS Failover service with all of our paid plans.
What can you do when your domain is not reachable?
As DNS administrator of the domain name, you can:
- Suppose you have recently finished a DNS delegation. You might need to way up to 24 hours, so the changes are well propagated.
- Check if you have paid for your domain name. If you have forgotten to pay your domain name, it won’t answer queries anymore when it expires. Set reminders for domain renovation and don’t miss the time.
- Use the ping command to ping the DNS server from different locations to see if it is responding to any DNS requests. It is possible that you haven’t set up your nameservers correctly, and they are working but not answering queries for the domain name.
- Try to reach the DNS server by using its IP address. If you can reach it, there might be a badly configured A or AAAA record that does not link well the domain name and its IP address.
- Check your DNS monitor and see how the traffic is going. If you can’t see the monitor’s log, check if there were any unusual activities before the server stopped working. For example, it could have been a DDoS attack. If it is still happening, you can redirect the traffic and stop it.
As a client who can’t reach a site:
- You can have problems with the DNS cache of your device. You can flush the DNS of your device and your browser. This action will remove the previous DNS records that you have, and your device will search again for the A or AAAA record of the site you want to visit. If you had an older IP address, this could fix it.
- Maybe your router is the problem. The router has a recursive DNS server that may need to be restarted. Pull its plug, then wait around a minute and connect it again. It should reboot and start working well again.
Monitor your DNS server
Monitor your DNS for any strange pattern in traffic. There are different automatic monitors that you can set to see the traffic behavior. If something strange happens, you can see in almost real-time any changes and use the information to take action.
You can monitor the DNS from different locations. That way, you can see if the problem is very local, is it regional, continental, or global. It will be easy to spot the problem.
DNS monitoring works best in combination with DNS Failover. You can set the monitor with the parameters that you prefer, and it will notify you and show you the data. But when you also have DNS Failover, you can connect this data and trigger automatic even in case of a down server. It can deactivate DNS records and replace them with working. It can also react in case the server gets up and add it to the list again.
ClouDNS offers both DNS Failover and monitoring for all of its paid customers. You can set it up and activate it for your domain fast and easily.
A huge DDoS attack can lead to a DNS outage even if you have excellent infrastructure. But applying all the measurements can lower the time and the frequency of the DNS outages. Be prepared and intelligently manage your DNS traffic to be able to provide excellent service for your clients. Keep your business up!
The post What is a DNS outage (DNS downtime), and how to avoid it? appeared first on ClouDNS Blog.