Domain name system (DNS) servers are an important piece of infrastructure in any organization. The job they do is as simple as it is critical … convert a name to an IP address to make a resource reachable across a network.
In an enterprise, however, DNS servers often move inside the infrastructure and when they stop working properly, productivity can be impacted because applications and resources can’t be reached which hinders people from doing their jobs.
Internal DNS challenges can be created by several root causes, most tied to configuration mistakes or errors that can be difficult to solve if you are not sure what to look out for. Improperly configured DNS records, high TTL (time to live) values, DDoS attacks, hardware or network failures and high DNS latency are all potential culprits that can create a DNS problem.
Failing DNS servers can cause severe problems and news of large internet outages caused by DNS issues are more commonplace. In July of this year, Akamai, a large content delivery network that helps move data around the internet, experienced a “bug” in its Edge DNS Service. The DNS outage took down large portions of the internet and affected the websites of Delta Airlines, Capital One, UPS, Costco, Home Depot, several financial services institutions and many others.
When an organization’s DNS server fails, bad things can happen. One of the systems impacted can be an Active Directory (AD) server. Active Directory Domain Services (AD DS) uses DNS as its domain controller location mechanism. AD operations such as authentication, updating or searching all rely on DNS to locate Active Directory domain controllers. According to Frost and Sullivan, “The use of AD is so common that approximately 90% of the global Fortune 1000 companies use it as a primary method to provide seamless authentication and authorization.” So when it fails it can impact all areas of the enterprise.
Further complicating the role DNS servers play in an organization's network is the shift from insecure perimeter-based security solutions like VPNs to Zero Trust architecture to secure an ephemeral perimeter. The days of looking at networks as connecting a data center to headquarters and branch offices are over. Networks now connect Alice and Bob from wherever they are located to applications they need to do their jobs regardless of where those applications reside. And there is a good chance that Alice and Bob are relying on DNS to reach those applications
You can now start to see how DNS is in the middle of everything and how impactful it can be when it is not working properly.
New version of Appgate SDP solves more complex enterprise DNS challenges
Up until last week’s release of Appgate SDP 5.5 version, DNS was set by the identity provider when a user was trying to reach an Appgate SDP Gateway protected resource. This worked well for most of our customers, but we recognized we could improve the flexibility and capability of DNS in the platform and that was a major focus for this new version.
In the 5.5 release we have substantially improved the way Appgate SDP, an industry-leading Zero Trust Network Access (ZTNA) solution, works with DNS to provide enhanced flexibility in complex enterprise networks, including:
- Improvements to the Client software to make DNS behavior uniform across all operating systems
- A DNS forwarder that can act as a DNS proxy for Clients
- Dynamically resolving multiple subdomains without human intervention or maintaining IP lists in like GitHub, e.g., images.github.com
- Determining DNS by policy to enable a user’s geo-location to determine how their DNS is set, which is particularly powerful for multinational customers
DNS is a vital and powerful part of any corporate network. Improperly configured and/or improperly maintained DNS can have a substantial detriment on an organization’s overall ability to function. Appgate SDP puts the power of DNS to work in our customers’ environments with superb flexibility in how it is used and an enhanced, secure user application experience. It is another way that we deliver “people-defined security.”