Verisign entered into the managed DNS service market with three offerings aimed at large and small enterprises, as well as e-commerce sites and companies that want to outsource their secondary DNS. The managed DNS service was soft-launched on July 28th, but VeriSign couldn't announce the service due to the pending sale of their identity and authentication business to Symantec, which closed on August 9th. The Managed DNS market is still relatively small with established vendors like UltraDNS and Dyn offering services, but it could be growing as more organizations contend with complex name spaces and the need for reliable DNS on a global scale.
If your company's DNS server is taken off line due to a denial of service (DoS) attack against your DNS server, customers can't find you. The importance of DNS was highlighted in December 2009 when UltraDNS was targeted by a denial of service attack that disrupted access to several Amazon.com services, including Amazon Web Services and other online retailers like Wal-Mart and Expedia. UltraDNS was also targeted in April of the same year.
As VeriSign sheds its identity and authentication business, it has to look for new business opportunities. VeriSign did have a managed DNS service in 2003 that was targeted at consumers, but the current service offering is aimed at larger organizations that require reliable DNS. The company is well positioned to offer managed DNS due to its existing responsibilities for the root zone, the root zone A servers, and the .com and .net top level domains. Running those high profile zones has given VeriSign experience in managing highly utilized servers that are also under constant DoS attacks. VeriSign's goal is to take their experience and apply it to their own Managed DNS service.
The service is not intended to be sold as a stand-alone service--though they will sell it that way, if needed--but as part of a large package that offers DoS protection and the iDefense Threat Intelligence service, which identifies rogue sites and botnets and actively mitigates attacks to your public sites. The DoS protection applies both to the DNS servers themselves by identifying unwanted DNS queries and only allowing legitimate ones through. In addition, VeriSign's high-speed network and global footprint provides adequate bandwidth to withstand DoS attacks. Protection against DNS and application DoS attacks can be coupled for a complete package.
VeriSign also claims to improve application response times. In e-commerce, page-load times, which start from the time a visitor clicks a link or types in a URL and ends when the page loads, have a measurable effect on sales. Mere seconds can raise shopping cart abandonment rates. Every step, including DNS name resolution, adds to the delay. VeriSign, like other managed DNS providers, uses a global network of DNS servers and protocols to direct queries to the closest DNS server that can quickly answer queries. When combined with a content delivery network like Akamai or Limelight, which position content close to users, fast DNS look-ups and fast content delivery can reduce load times significantly. In addition, VeriSign can use location services to identify where clients are and direct them to servers that are near their location.