PowerDNS Blog

DNS: As we add more user-visible features, “open” becomes more important

Written by Bert Hubert | Jun 13, 2016 8:06:00 AM

DNS is an ancient protocol. Despite being invented in 1983, any software written at that time would still be compatible with the Domain Name System as it is used today.

During most of its life DNS has been invisible. If it worked properly, no user ever knew it was there. DNS usually only invades the user experience when a change has been made and we are told to wait for the new IP address to ‘propagate.’ But good DNS is like good plumbing: invisible and always open (i.e. working).

This invisibility has not always been for the best. When DNS is overloaded or intermittently fails to provide the right answers the IT admins responsible for it often don’t notice. With PowerDNS software, and the metrics  we publish, everyone can see that it is functioning properly. Our fundamental belief and driving force is that transparently reporting DNS software performance  makes for a great user experience and loyal customers. This is at the heart of our philosophy, our business model and the way our software is used by millions of technology companies worldwide.

DNS for value added services: malware prevention and parental control

Lately DNS is gaining end-user visibility. Service providers — looking to better position security value-added services — are discovering that DNS, far from being a passive bit of required (but boring) infrastructure, actually has a major role to play.

DNS-based malware protection helps prevent subscribers getting infected with viruses, or becoming part of a botnet. DNS-based malware detection can also discover which users are already infected through third party networks. Equally, DNS can be used to deliver affordable ‘safe browsing’ or ‘child-safe internet’ for all or some of a user’s devices, and all from the network.

The network and DNS in general are interesting places to host such additional services because malware can’t hide from the network. Providing parental control through the network means that all devices are instantly covered, without having to install an app on each desktop, laptop, phone or tablet. Finally, because it all happens from one place and does not need expensive inline DPI equipment, this approach is very cost effective for service providers.

With this new role, DNS now can become something users interact with. Malware settings can be changed (‘strict’ or ‘light’ filtering), and parental control can similarly be tuned to household preferences. This now becomes a product management opportunity to open up new touchpoints and a channel as end-users struggle to find such online products and services to control how the Internet is used within their home.

Suddenly, DNS becomes part of product management

Up until now, DNS was not addressed by Product Management. Much like DHCP or Radius servers, it was not considered to be something that subscribers interact with. But as soon as subscribers are offered features they care about,if these new features fail to please this will lead to churn.

Before a service provider deploys any new piece of technology it will of course perform stringent tests: does it scale, does it work on our current hardware, does it meet our customer’s expectations?

But all end-user visible technologies are subjected to an additional test: can we rely on this vendor to keep our customers satisfied indefinitely? If the malware filtering quality decreases, customers will complain. If the child-safe browsing lets through inappropriate content, users will be justifiably angry.

The importance of being open

An “open vendor” commits itself to supporting many open standards and to providing well documented interfaces to its value adding functionalities. While it is important to provide turn-key solutions that work out of the box, future-proofing one’s business and scaling long term growth.

An open approach guarantees that service providers don’t end up locked in to a vendor choice. Should the chosen vendor fail to deliver the expected standards of malware protection or child-safe browsing, the service provider should be able to select from a range of other vendors.

The risks of „closed“ solutions

Many DNS vendors have not yet realized the power of openness. Instead of embracing open standards, modular technology and well documented APIs, they have chosen to supply black boxes of fixed functionality and performance. Malware filtering is only available from approved vendors, and may even be provided with no indication as to its source. Categorization services are similarly tied to the product.

While this may initially be manageable with stringent testing, such closed setups are prone to future vendor lock-in and exciting trips to the procurement department a few years down the road.

While this is a very well recognized risk when buying any piece of network equipment, now that DNS is part of the end-user visible feature-set (with a control panel), changing the whole platform has suddenly become exponentially harder!

http://blog.open-xchange.com/wp-content/uploads/2016/06/Powerdns.png

 

PowerDNS is committed to supplying open solutions

It should not come as a surprise that PowerDNS is committed to openness. We have been open source since 2002 and believe that NDA-ridden documentation is a terrible practice for delivering performance, trust and long-term partnership with our users and customers.

PowerDNS offers malware prevention, malware detection and safe browsing through open standards, with fully operator-customizable filtering policies. This allows us to partner up with the best providers of malware intelligence and web categorization –today and in the future.

To learn more about how to protect your users from malware and how to provide them with child-safe internet, please find more information on the PowerDNS Platform page or contact sales.