DNS management becoming critical to businesses but poorly understood
244 views 
Experts are asking whether it's time to shine a bright light on the "black art" of Domain Name System (DNS) management.
"DNS is one of those topic areas that I've always called a black art," said Robert Whiteley, senior analyst at Forrester Research. "It is very poorly understood, relative to how important it is."
DNS is essentially an immense, worldwide distributed database. DNS servers across the world help translate Internet domain names, which are comprehensible to humans, into the IP addresses that networks understand.
When a user goes into a Web browser and types a Web address such as SearchNetworking.com, the browser asks the operating system to translate the name into an IP address. The operating system first looks at the host file, then it looks at the local cache. If it finds nothing there, it goes to a local DNS server. If that server doesn't know, it moves on to local root servers and start of authority (SOA) servers.
"It becomes very complex very quickly," said Paul Parisi, CTO of DNSstuff.com, a provider of Web-based DNS management tools. "It's extremely large, so there are lots of points where people can make mistakes. Each one of these objects has a surface area for attack, and each one of these interfaces has a surface area of attack."
Enterprises usually maintain their own local DNS servers to connect their websites, email servers and other applications to the Internet. But these DNS servers have such a low profile in companies that DNS expertise becomes rare.
"Historically, DNS is one of those things that a lot of companies set up and then they kind of forget about it for a while," Whiteley said. "If you look at the vast majority of enterprise class DNS servers, they're these very old, aging bind environments running on Unix, Solaris or something like that. And people haven't touched their DNS infrastructure in quite some time. It's just worked."
However, new and popular networked technologies such as VoIP, Web services, SharePoint and Exchange use DNS, putting new stresses on those old DNS servers.
Post new comment