← back to TurboBytes blog

Why You Should Use Two DNS Providers

Published on Thu, Apr 2, 2015 by Aaron

Most domains have one DNS provider configured as authoritative. A handful of the big players use two. For example Amazon, TripAdvisor and IMDB use Dyn and UltraDNS. LinkedIn, AOL and eBay use their own nameservers in combination with those of a third party DNS provider.

Here at TurboBytes we use NSONE and AWS Route53 in our Multi-CDN platform, and our friends at MaxCDN recently started using these providers as well. We had two reasons for using two DNS providers:

  1. improve the reliability of our service
  2. improve DNS lookup times
The combined network map of NSONE and AWS Route53 is impressive (view) and most resolvers have a built-in mechanism for quick failover and response time optimization (SRTT; more on this later).

In this article we'll show you - using our RUM for DNS performance data - that using two DNS providers indeed results in lower response times and higher reliability, for example in Brazil, as you can see in our Authoritative DNS Performance Reports.

NSONE and AWS Route53 in Brazil

We'll take a look at two possible situations:

  1. Performance of both providers is 'as usual'
  2. Performance of one provider is significantly worse than normal

Case 1: Performance of both providers is ‘as usual’

Both providers have a POP in Sao Paulo and AWS Route53 also has a POP in Rio de Janeiro. From that alone you’d expect Route53 to outperform NSONE in terms of response time. And that is indeed the case:

DNS response time in Brazil

The days where both Route53 and NSONE have 'a normal day' (not: March 25 and 26), you can see in the chart that

  1. Route53 was faster than the combo
  2. the combo's response time was almost on par with Route53: the difference is small
This can be explained by the SRTT (Smoothed Round Trip Time) mechanism that most resolvers have: the resolver figures out which nameserver gives best performance and sends most - but not all - queries to that nameserver.

One may expect that the SRTT mechanism also results in a low Fail Ratio. And it does: in this 14 day time frame, the Fail Ratio of the combo was clearly better than that of a single provider.

DNS fail ratio in Brazil

Our RUM beacons a Fail when the authoritative was too slow, down or sent a bad response. More info.

In the first chart you saw that on March 25 and March 26, Route53 response time increased by ~ 30% and became worse than NSONE's response time. Let's look a bit more closely at dual provider DNS performance in case the performance of one of the providers goes bad.

Case 2: one provider has degraded performance

So far we’ve been taking a country level view. Let’s zoom in on a few networks to have better insight in what happened in Brazil in the past 14 days and especially on March 25 and 26.

AS28573 (NET Servios de Comunicao S.A.)

DNS response time in Brazil on AS28573

About 31% of our performance tests in BR were initiated by end users connected to AS28573 and most of them used resolvers on the same network. Route53 response time was not very consistent and most days better than NSONE. On March 25 and 26, Route53’s response time jumped and so did the response time of the combo, but not so much. Do the resolvers here do SRTT? One can argue it’s not crystal clear. Let’s zoom in on those two days in March:

DNS response time in Brazil on AS28573 - March 25 and 26

And now we know: resolvers on AS28573 do SRTT.

AS18881 (Global Village Telecom)

DNS response time in Brazil on AS18881

AS18881 was the #2 network in Brazil, with 17% of our performance tests initiated by end users connected to that network. Again, most of them used resolvers on the same network. Normally, Route53 and NSONE median response times are not too far apart (5 - 15 ms difference), and it’s clear the resolvers here do SRTT and favored Route53. If the resolvers did not do SRTT, on March 21 the blue line would have peaked too just like NSONE did. Thank you SRTT!

AS7738 (Telemar Norte Leste S.A.)

DNS response time in Brazil on AS7738

The #3 network in Brazil for us at that time and - together with AS28573 - the network that made a difference on March 25 and 26: Route53 response times jumped from ~ 130 ms to ~ 215 ms daily median, SRTT kicked in and most queries flowed to NSONE.

Query Share

So far we’ve made statements about resolvers doing SRTT based on performance data only, but we can do better.
In our RUM for DNS, we have a way to track the ‘Query Share’ of each provider in the combo: we know what % of responses were served by NSONE and what % by Route53. See the table below for the Query Share per provider for the 3 aforementioned ASNs for March 31.

ASN NSONE query share Route53 query share Fail %
AS28573 58.51% 41.38% 0.11%
AS18881 20.36% 79.59% 0.05%
AS7738 23.15% 76.77% 0.08%

Conclusions & Summary

Assume all DNS providers have performance degradations

We’ve shown data here for just two providers, NSONE and AWS Route53, but you can be assured the other providers have performance hiccups too (hint: more blog posts coming soon).

SRTT is awesome

Queries from your end users to your authoritative nameservers go through resolvers, and many resolvers have a built-in mechanism for failover and RTT/latency optimization. Isn’t that just great? We think it is.
FYI, not all resolvers do SRTT (hint: more blog posts coming soon).

Performance matters, but it’s not everything

We acknowledge there are several valid reasons not to use more than one DNS provider, but if you care a lot about DNS performance and the reliability of your sites and apps, you should consider using two DNS providers.

 

We always welcome your thoughts, ideas and feedback. Please share below in the comments section and don't forget to check out our Authoritative DNS Performance Reports.

Comments