Archive for May, 2010

Review of moving from NeuStar UltraDNS to Dynect Managed DNS Service

May 21st, 2010 7 comments

For many years I have used the UltraDNS service from NeuStar on behalf of several companies I have worked for, as it has been incredibly reliable and easy to use.  I cannot, however, say it has been exactly inexpensive, and in recent years innovation has seemingly slowed to a crawl.  Each time in the past that I have evaluated the field of other options, there has not been any “worthy” contenders in the space, until now that is.

After recently completing an evaluation and trial run of’s Dynect service, we went ahead and switched over to their service for some very high volume domains that generate millions of queries a day.

A few notes on the transition process

The Neustar zone export tool had issues and was truncating zone file output on some of our zones (and loosing records in the process!).  This is a serious bug (though one they may not be too heavily incentivized to fix).  I have reported this bug to NeuStar and they informed me they were already aware of the issue.

So next up, I tried enabling the Dynect servers IP address to be allowed to do a zone transfer from UltraDNS, but it turned out, Dynect had a bug where they could not do zone transfers directly using AXFR from UltraDNS (they are actively working to fix this they tell me).

I ended up doing an AXFR out of UltraDNS from my desktop PC using DIG (after allowing my IP to do the transfer in the NeuStar control panel) and then pasting it into Dynect’s import tool.  This process was slightly annoying, but in the grand scheme of things not a big deal (it took more time to validate all the data got moved over properly than anything else).

Notes on the Dynect platform

The real time reporting of queries per second is awesome functionality that I now consider to be critical.  This is available from Dynect on a per zone, per record type, or per individual record basis.  I did not know what I was missing before.  It has allowed me to find a couple “issues” with my zone records that I would have otherwise been unaware of.  With UltraDNS I had no idea how many queries I had used until the end of the month came around and I got a bill that included almost no detail.

One of these issues was the lack of AAAA (IPv6) records on one particular host entry that gets millions of queries per day.  Newer Windows Vista and Windows 7 machines will attempt an IPv6 lookup in addition to (or before?) the IPv4 lookup as IPv6 is enabled by default.  Since this site is not yet IPv6 enabled, we do not serve out an AAAA record and so instead the remote DNS server uses the SOA (Start of Authority) “minimum” value as the TTL (Time To Live) on the negative cache entry it adds to it’s system.  The net result of this is that IPv4 queries get cached for the 6 hour TTL we have set, but IPv6 queries which result in a “non existant” answer only get cached for 60 seconds (which is the SOA minimum value Dynect uses).  This results in huge query volumes for IPv6 records in addition to the IPv4 records, and this issue will only get worse as more end clients become IPv6 enabled but the site in question remains IPv4 only.

Dynect does not allow end users to muck with the SOA values (other than default TTL) which is highly unfortunate in my mind.  NeuStar UltraDNS did allow these changes to be made by the end user on any zone.  The good news is that Dynect was able to manually change my SOA minimum values to a longer interval for me (somewhat begrudgingly).  They claim the lack of user control is by design (to keep people from messing something up that then gets cached for a long interval), though in my mind there needs to be an advanced user mode for those ready and willing to run that risk.

The other issue Dynect’s real time reporting shed light on for me was a reverse DNS entry that I was missing on a very high volume site, which was again causing high query volume to that IP as the negative cache interval was 60 seconds.  I rectified this by adding an appropriate PTR record.

I do have to point out that I am not so thrilled with either the simple editor or the expert editor that Dynect provides.  The tree control with leafs for every record is seemingly clunky to me, and the advanced editor is not the end all be all either (as certain functionality does not exist there, and it leaves you to edit certain records like SRV with multiple data values in a single text box).  But these don’t really get in my way of being very happy with the service.

Perhaps of more concern to me is Dynect’s lack of a 24×7 NOC.  Granted they have an on-call engineer 24×7, though for something as critical as DNS I would encourage them to staff a NOC as soon as their business can support it.  This is a service offering  UltraDNS has that I have utilized and been happy with in the past.

Another feature Dynect seems to do well is the ability to see what changes have been made to your zones (auditing ability).  I have not dove into it too much with Dynect or UltraDNS, but it seems to exist as a core feature in a more useful fashion than I have seen on UltraDNS.  One thing that I never could figure out on UltraDNS was how to go back and look at audit history for deleted records (not to mention confirmation of record modification or deletion).

I should note at this point one major difference between the pricing mechanisims for UltraDNS and Dynect.  My experience with Ultra has been that they do things on a per bucket of 1000 queries basis.  Dynect on the other hand bills on a 95th percentile basis of Queries Per Second (QPS) on a 5 minute interval, similar to what ISP’s bill for bandwidth.  Depending on your usage patterns, either one of these billing models could be more adventagious to you.

Also, I am not going to dive into too much detail here, but UltraDNS and Dynect both offer gloabal server load balancing solutions that differ in one very key way- UltraDNS has a new solution that uses a Geolocate database to direct queries to a desired server based on source IP address, where as Dynect’s offering only provides the ability to do this based on their Anycast node locations.  There are pro’s and con’s to each, perhaps that will become a future blog post.

Wrapping it up

UltraDNS is a great service that has proven itself reliable in the long run.  I would recommend their service to others in the future.  They do need to keep up with the changing technology however (new releases to the admin console indicate they are starting to head in this direction).

Dynect has assembled a fully competative (and better in some ways) offering that I would now classify as a viable option for most UltraDNS customers.  My migration to their solution was very smooth and so far there have been no issues.  I welcome Dynect to the Managed External DNS Service space and the healthy competition they provide.

I should also note that their sales and support team has treated us/me well.  They genuinely seem to care about this stuff and I don’t come away with the slimy feeling after talking to them.


Categories: Network Tags: