Recently, Robert Reich argued that the centralization of DNS on the “platforms of giants” has led to the vulnerability of the internet, as witnessed by the massive assault on DNS provider Dyn. Last Friday’s attack led to problems accessing popular sites, including Twitter, Reddit, PayPal, and Netflix, and has left the world reeling. Our dependence on the internet and the scope of this attack drives the need for answers.
Reich argues that to prevent these colossal assaults, we need to retain the original structure of the internet – a widely distributed, decentralized system, which is counter to the belief that there is safety in numbers.
DNS hosting services have led to much greater centralization than the internet was originally designed, it is true. But this service has been essential to many organizations, including small business, which lacked domain expertise and capital. Customers of hosting services have enjoyed enterprise-level hosting, including protection against denial of service, which requires specialized expertise.
But what happens when your DNS host is unable to protect you from the attack and indeed, your customers cannot reach your website BECAUSE you are on that service – you are drug down beneath the waves with your fellow tenants to drown? This is where Reich’s analogy makes quite a bit of sense – and it begs a series of questions. Do you become more vulnerable as each tenant is added? Is the risk worth the reward? Do you have the resources to go it alone and self-host, and should you?
If you are considering this potential strategy in the wake of the attack, you should know that you will actually be able to increase your DNS security by requiring a secure architecture that provides built-in protection against high volume DDoS attacks.