VeriSign Enters The Managed DNS Market

Verisign entered into the managed DNS service market with three offerings aimed at large and small enterprises, as well as e-commerce sites and companies that want to outsource their secondary DNS. The managed DNS service was soft-launched on July 28th, but VeriSign couldn't announce the service due to the pending sale of their identity and authentication business to Symantec, which closed on August 9th. The Managed DNS market is still relatively small with established vendors like UltraDNS and Dyn offering services, but it could be growing as more organizations contend with complex name spaces and the need for reliable DNS on a global scale.

If your company's DNS server is taken off line due to a denial of service (DoS) attack against your DNS server, customers can't find you. The importance of DNS was highlighted in December 2009 when UltraDNS was targeted by a denial of service attack that disrupted access to several Amazon.com services, including Amazon Web Services and other online retailers like Wal-Mart and Expedia. UltraDNS was also targeted in April of the same year.

As VeriSign sheds its identity and authentication business, it has to look for new business opportunities. VeriSign did have a managed DNS service in 2003 that was targeted at consumers, but the current service offering is aimed at larger organizations that require reliable DNS. The company is well positioned to offer managed DNS due to its existing responsibilities for the root zone, the root zone A servers, and the .com and .net top level domains. Running those high profile zones has given VeriSign experience in managing highly utilized servers that are also under constant DoS attacks. VeriSign's goal is to take their experience and apply it to their own Managed DNS service.  

The service is not intended to be sold as a stand-alone service--though they will sell it that way, if needed--but as part of a large package that offers DoS protection and the iDefense Threat Intelligence service, which identifies rogue sites and botnets and actively mitigates attacks to your public sites. The DoS protection applies both to the DNS servers themselves by identifying unwanted DNS queries and only allowing legitimate ones through. In addition, VeriSign's high-speed network and global footprint provides adequate bandwidth to withstand DoS attacks. Protection against DNS and application DoS attacks can be coupled for a complete package.

VeriSign also claims to improve application response times. In e-commerce, page-load times, which start from the time a visitor clicks a link or types in a URL and ends when the page loads, have a measurable effect on sales. Mere seconds can raise shopping cart abandonment rates. Every step, including DNS name resolution, adds to the delay. VeriSign, like other managed DNS providers, uses a global network of DNS servers and protocols to direct queries to the closest DNS server that can quickly answer queries. When combined with a content delivery network like Akamai or Limelight, which position content close to users, fast DNS look-ups and fast content delivery can reduce load times significantly. In addition, VeriSign can use location services to identify where clients are and direct them to servers that are near their location.The Managed DNS service has a number of useful features to organizations such as built-in support for DNSSEC management that eases the key management and record signing for DNSSEC-signed zones. While DNSSEC hasn't taken off yet, the root zone was signed in July paving the way for a global DNSSEC roll-out and VeriSign is on track to sign the .net in Q4 2010 and sign .com by Q1 2010.

In addition, the Managed DNS offers advanced service support features like split DNS so that you can maintain separate name spaces for internal and external clients. The service also supports global server load balancing (GSLB), which directs clients to the closest server, improving application response time and distributing the overall load across many servers. GSLB also enables automatic fail-over; in the event that a server goes down, clients will be redirected to an alternative server. Due to VeriSign's distributed DNS service, DNS load balancing is available as well. Verisign is not getting into the IP Address Management (IPAM) space, but it is watching IPAM companies like Bluecat Networks who recently launched managed DNS service called Proteus Cloud Service service that integrates with their IPAM appliance.

Verisign's Managed DNS is available now. Pricing is based on the number of zones that are hosted and the number of queries. Enterprise and e-commerce DNS starts at $2,000 per month. For small to medium businesses, DNS starts at $50 per month, and secondary DNS starts at $1,000 per month.