Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Nominum's Skye: Still A Service Provider Product

Nominum, which provides IP addressing services like DNS and DHCP to service providers, announced a cloud based DNS service called Skye. The only cloud aspect is the business model where customers a pay as you go based on query volume rather than on a fixed monthly fee. Skye may make sense if your company is running numerous external sites and you want a more robust DNS solution than you have now, but I don't see enterprise customers giving Skye serious thought for internal use.

To understand Skye services, it's important to have a basic understanding of two DNS components: the authoritative name server and the caching name server. An authoritative name server is the name server that responds to queries for hosts under your domain. You enter host names for servers you own and tell the world how to reach them via DNS. A caching name server simply looks up host names from authoritative name servers and then caches the results so that it doesn't have to keep asking the same question over and over. The DNS addresses that you set for workstations and servers are often caching DNS servers. You can, and organizations often do, put an authoritative and caching name server on the same computer.

Skye is composed of four core services:

  • Skye Core is a caching DNS hosted by Nominum. Nominum claims that Skye Core is resistant to DNS attacks, such as cache poisoning, and is widely available throughout the Internet.
  • Skye Secure is a hosted authoritative DNS service that you control. Your company isn't responsible for maintaining a DNS server.
  • Skye Search is an ISP that attempts to provide search results when users mistype a hostname.
  • Skye Trust is a threat management service that uses DNS resolution to stop hosts from going to malicious hosts. This is similar to content filtering services, but functions at DNS.

The services of interest to the enterprise are most likely Skye Core, Secure, and Trust. But after listening to the presentation, I don't think Skye Core is a good fit for the enterprise. There are certainly risks in running a caching DNS server for your enterprise, but caching DNS servers are often contained within an enterprise network and don't have direct connections to the Internet. You still have to open a path to send and receive queries to and from Skye Core.

Finally, configuring a caching DNS server is fairly well known. Like any service, Skye Core relieves administrators from having to configure a caching name server, but that is a small benefit. Nominum doesn't offer a secure connection like a VPN between your network and theirs, so anyone with DNS traffic flying over the Internet can still intercept and subvert DNS resolution. Getting network access to the packets is a difficult step, but it is still a gap that Nominum doesn't address.

Skye Secure, in some situations, has benefits, but these are limited to a few scenarios. For instance, in cases where you need to let people outside your organization resolve DNS names for external resources like web sites, mail, etc, and you don't want to run an external DNS server yourself, and when you need more tools, control, and robustness than a hosting provider offers. For example, if you had a number of customers facing websites, using Skye Secure to act as an authoritative DNS server for your external hosts might be a useful service for robust DNS services.

  • 1