2010-12-22 00:00:00 | Technology

CDN performance heavily disrupted by DNS services

There have been some recent discussions about DNS services affecting the performance of CDNs. People are complaining that CDN powered content is terribly slow after they switched to other DNS services such as OpenDNS or Google DNS.

Most CDNs use DNS tricks to redirect end users to a nearby edge server. People are blaming DNS services that the performance of CDN based content is affected. But in reality, it’s the CDNs fault, they are abusing DNS:

I am not going to explain the inner workings of DNS but basically it works like a static phone book. When you want to call someone, you look up their name in the phone book, and it shows you the phone number. When your browser needs to connect to domain.com, it has to check this name with a DNS server, which will return an IP address like 1.1.1.1.

Many CDNs add tricks to DNS. They add geo optimization to DNS. They don’t use DNS as a static service. Instead, all end user IP addresses from a specified range (let’s say Europe) are sent to 1.1.1.1 while all users from another range (let’s say the US) are sent to 1.1.1.2. DNS is an interesting technology because it is transparent and it scales. But there is a huge problem.

DNS is open. Normally, when you connect to your ISP, they will provide a DNS server address to your internet connected device. Alternatively, your enterprise IT office will do so, or your home gateway can do so. You are free to choose any other (open) DNS service out there. If you don’t like your ISP’s DNS service you can use Google DNS or OpenDNS services. Or any other one you prefer. No one can force you to use a specific DNS service.

Here’s a very interesting article about DNS from Paul Vixie. He writes that DNS was never intended to be used dynamically and that CDNs are adding all kinds of unwanted tricks to DNS. I couldn’t agree more. Please read that article!

A CDN is all about 100% control over distribution, delivery and redirection.
If a CDN can’t offer 100% control over redirection, then it has a major problem.

And they really do have a major problem. DNS powered CDNs simply cannot guarantee optimal redirection. Because they don’t control the entire DNS chain. End users do requests via *their* DNS servers which are not owned or controlled by the CDN operator.

An example. Let’s say that content expires on an edge server. Or that the edge server is down. Or that the QoS is too low. For any reason, the CDN operator may want to change domain.com for a specific region from the main server 1.1.1.1 to an alternative server: 1.1.1.3. By using a TTL of 1 minute, all DNS servers around the world will update their records within a minute. So within a minute all new end users will be redirected to the alternative server. In theory, because if an ISP decides to ignore the TTL statements from a CDN, (which they do a lot) they will break this CDN functionality. The end users will still be sent to 1.1.1.1. The effect will be a dead link or a terrible experience. The CDN has no way to prevent this.

Another example is with Google DNS and OpenDNS. These are distributed DNS systems themselves. When an end user uses such a DNS service (for instance to get better DNS performance, or to be independent of their own offices’ or ISP’s DNS service, or for any other reason), the CDN may not be able to really understand the end users’ geo location. End users from Europe may be sent to a server in the US instead of to a nearby server. Which could result in a broken link, in a horrible performance drop, in increased transit costs and in inefficient resources usage for the CDN.

DNS was never intended to be used in a dynamic way. DNS does not offer any guaranteed redirection for a CDN operator. We have seen CDNs try to add even more tricks to their DNS system, like layered DNS redirection and unique DNS entries per title, but that makes it even more complex and it adds only more workarounds around the real problem which is using DNS for redirection.

Recently there have been discussions on the web about how alternative DNS services heavily impact CDN performance. Apple TV users are reporting slow services. iTunes users are reporting slow downloads.

People are blaming alternative DNS services. But that is the world upside down. Anyone should be free to use any available DNS service on the web. That is one of the key pillars under the web: openness and freedom. The real problem is with CDNs who assumed that they could add tricks to DNS. They built their entire infrastructure depending on a technology they cannot control… ouch…

And it is going to be worse in the future. DNS is over twenty five years old. The design lacks security and is a possible target, it is relatively easy to attack the DNS system. It’s distributed system is still very effective. But people are now looking towards a more P2P based design to make DNS even more scalable, more robust and less prone to attacks. When in the future DNS updates will be sent via a P2P mechanism, then it will really break all DNS powered CDN functionality…

Needless to say that of course we don’t abuse DNS and don’t use DNS tricks… so our StreamZilla CDN and all VDO-X CDN’s are not affected.

Interested to learn more? We are going to release our CDN technologies white paper in Q1 2011. Request to pre-read the document (will be shared under NDA) as soon as we have a readable version ready.