What is a DDoS attack?

DDoS attack stands for Distributed Denial-of-Service attack and represents a cyber-attack that aims to disrupt normal traffic and make the target (website, server, network) unavailable for regular users. There are few different types, but in general, a DDoS attack is an attempt to overwhelm the target (a computer, few connected computers or a whole DNS network) with high traffic from multiple sources.

The cybercriminals can generate this strong wave of traffic by:

• Using a network of pre-infected devices (computers, mobiles, IoT devices, etc.)  called a botnet
• Amplify attack that uses other servers to resend the traffic to a target after significantly increasing the size of the packets
• Occupy the existing connection and not allow new ones
• Exploit the vulnerabilities of a protocol, such as the UDP or another. 

There are many DDoS threats, this is why you want to a DDoS defense too. DDoS attack protection could keep your business safe and notify you of problems.

How does it work?

There are different types of DDoS attacks (volume-based attacks, protocol-based attacks, and application-layer attacks), but in general, they all have the same stages:

1. Pre-production of the attack. At this moment, the cybercriminals will create a network of botnets (infected devices) that later they will use for attacks. For example, hackers can bypass the security of IoT devices, or they can send phishing emails to users, and when the users open the emails, they can get infected with malicious code. 
2. Launching of the attack. Now it is time to use the botnet. Time for choosing a victim and sending the traffic towards the targeted server. There are different reasons for the attacks, but the goal is to saturate the target with traffic and take it out of service. 
3. The success of the attack. After a while, if the target does not have DDoS attack protection, or it is not strong enough, eventually it won’t be able to function correctly. There is a limit to how many active connections a server can have, even if it is very powerful. It will start to deny service and stop working. Normal users will not be able to use the server until the traffic drops again and the server can begin responding to normal queries. 
4. Final result. The bad actors could have achieved different goals, and now they get their reward. It could be money or just satisfaction with the success of the attack.

Signs of DDoS attacks 

DDoS attacks are extremely harmful and could lead to large reputational and financial losses. That is why it is crucial to be mindful and observe for any early signs of an appearing attack. There are specific characteristics of each DDoS attack type, but in general, what you can expect during an attack is: 

• Strange traffic, coming from one IP address or various but similar IP addresses (same range of addresses). 
• Traffic coming from devices with a similar profile (the type of devices, OS, etc.) and same patterns. 
• Out-of-ordinary traffic spikes like a huge spike, in the middle of the night without any sense or repeatable traffic, with a particular interval. 
• Traffic only to a single page, and no further exploration of your website.  

DDoS vs. DoS 

Let’s first briefly define a Denial of Service (DoS) attack. In this type of online attack, a source is maliciously infected in order to send big amounts of traffic to a target. The purpose is to saturate the system, to make it crash by exhausting its technical resources (CPU, RAM, etc.), or by exploiting a specific vulnerability and injecting a proper, harmful input. Then the service for users will be denied.

Now, let’s jump to the differences between DDoS vs. DoS attacks:

• Sources for attacking. In DoS attacks, the perpetrator only needs one Internet-connected device (source) to flood its victim with lots of forged requests or exploit a specific vulnerability within its software. DDoS attacks are executed from multiple sources, thousands, even millions of devices connected to the Internet.
• Way of execution. Generally, DoS weapons are apps like Low Orbit Ion Cannon or homemade codes. DDoS perpetrators use botnet armies, massive groups of malware-infected devices like PCs, routers, mobiles, Internet of Things (IoT) connected to the Internet. The traffic a DDoS attack can produce is heavy, much bigger than a DoS attack can.
• Damage scope. Both attacks can be very aggressive. But still, modern technology makes it easier to defend and even track the malicious source of a DoS attack, increasing the chances of identifying it and defeating it. It becomes a one-to-one fight (DoS). During a DDoS attack, you are fighting against multiple devices, possibly located in different countries or continents. You would have to track and stop all of them simultaneously. This is more like a war, and it definitely will demand so much more time and resources for the victim to defend and try stopping the attack. Thus, the damage scope of a DDoS is wider than the DoS one.

DDoS attacks Protection

There is a solution that can stop most of the DDoS attacks, even a strong attack involving heavy traffic, called DDoS Protection. It is an additional service to a regular managed DNS plan. 

To successfully mitigate a DDoS attack, you need to have the following 3 elements:

1. Active monitoring. You need a Monitoring solution system that checks for signs of attacks like increased traffic, suspicious traffic from particular IP addresses, and strange patterns of requests. 
2. Reactive service. One thing is to see the danger. Another is to take action. Good DDoS protection service must have auto triggers that will take action. This may include load balancing, traffic filtering, and an alarm system. 
3. Traffic load balancing. When we talk about heavy traffic, you need to direct the traffic to more servers. That way, you will balance the hit on one and disperse it to more. The more DNS servers your plan includes, the better possibility you have to resist the DDoS attack. 

You need to have an intelligent DDoS attack protection service that can distinguish between heavy traffic because of your excellent promotion or real danger. You don’t want to block your real users at any moment.

Discover Web monitoring from CloUDNS

What is the motivation of DDoS attackers?

Cybercriminals can have multiple reasons to use a DDoS attack, and the most common are:

• Extortion. The attacks can send waves of traffic towards the target and disturb the functionality of its services, causing technical problems, downtime, and miss of sales, demanding money for stopping the DDoS attack.
• DDoS-for-hire to attack the competition. On the Dark Web, people can hire hackers for DDoS attacks. Some people pay for such an attack to be directed towards their competitors. It is especially popular during important sales moments like Christmas, Black Friday, Cyber Monday, or Easter promotions. If the competitor is down, it won’t receive visitors on its site, and they will go to another place. The one who paid the attack hopes a part of these visitors directs to its site.
• Cyberwarfare. The governments of some countries use DDoS attacks to target the opposition’s news sites, their communication, or other crucial services. The goal is to control the narrative and not allow free speech in their country. These attacks could be especially strong because countries have a lot of money for sponsoring them.
• Gamers’ conflicts. You could be surprised, but the gaming industry has already reached almost 200 billion dollars in revenues per year, so the stakes are high. Rival gamers use DDoS attacks to bother their competitors and try to lower their scores. Sometimes, they use DDoS to stop a competition game they are losing and demand a re-match.
• Hacktivism. Hackers also have an opinion. They might have a problem with the government, with a particular organization or event. Modern activism has many new ways to protest and express a point that includes cyberattacks.

Types of DDoS attacks

Over time, cyber criminals managed to create multiple technical approaches for taking out their victims through DDoS. Each of the techniques falls into one of the three general types of DDoS attacks, which are the following: 

Volume-Based or Volumetric Attacks

These are the most classic type of DDoS attacks. They use different methods for generating massive volumes of traffic to overwhelm the capacity of the victim’s resources. As a result, servers are overwhelmed with requests, networks are overwhelmed with traffic, and databases are overwhelmed with calls. Additionally, they saturate bandwidth and produce large traffic, which results in it being impossible for legitimate user traffic to flow into the targeted website.

Protocol Attacks

Protocol attacks, also known as state-exhaustion attacks, abuse protocols to overwhelm a particular resource, most commonly a server but occasionally firewalls or load balancers. They are designed in a way that allows them to consume the processing capacity of network infrastructure resources. Their target is usually Layer 3 and Layer 4 protocol communications and, more precisely, their weaknesses. These attacks are often measured in packets per second.

Application-Layer Attacks

These DDoS attacks target weaknesses in applications in order to force the application itself to fail. In contrast to other attacks that mainly concentrate on disrupting infrastructure, these attacks are initiated on Layer 7 (the Application layer) by opening connections and starting processes and transaction requests that consume limited resources, such as disk space and available memory. Yet, it can even result in overloaded CPUs or exhausted memory, which impacts the server and other applications. Layer 7 attacks are well-known that are difficult to prevent since it can be challenging to distinguish malicious traffic from regular traffic. Application DDoS attacks are usually measured in requests per second.

In real-world cases, criminals can actually use a combination of these types of DDoS in order to increase the intensity of the attack.

Popular DDoS attacks used by hackers

Let’s talk a little bit more about the most popular types of DDoS attacks initiated by cybercriminals!

Smurf Attack

The Smurf attack is performed over the ping tool (ICMP echo request). The ping tool is used to check the reachability of connected devices.  When you send a ping request to the destination address, you should receive a confirmation. In this DDoS attack, the ping is sent to a device but from a masked IP. The return confirmation doesn’t go to the original source, but it is redirected to the target of the attack. All the infected devices will do the same, and they will send the traffic to the victim.

Teardrop Attack

A Teardrop attack works by sending modified, oversized data packets to the victim’s device to make them inaccessible. Frequently, perpetrators use a specific bug for destabilizing the fragmentation codes or the reassembly feature of the TCP/IP protocol. This opens the door for the teardrop attack to happen.
Reassembling the maliciously modified data packets won’t be possible. This will produce repeated attempts to complete the task. And the constant cycle of these repetitions will cause the overlapping of the packets. Finally, to increase the strain, big traffic loads will be sent to the target for a definitive crash.

Ping Of Death

The Ping Of Death (POD) attacks using a common and valid tool with malicious objectives – the Ping command. Altered or oversized data packets are sent to the target through the ping command.
Consider that a correct IPv4 data packet (IP header included) must be 65,535 bytes. This is the standard allowed by the Internet protocol (IP). Perpetrators violate it and make the target struggle while trying to reassemble altered packets repeatedly. Target’s resources like memory will be exhausted, causing different problems, crashing included.
POD became popular because attackers don’t need deep knowledge about its victim, only its IP address.

Slowloris

A highly dangerous attack executed a single computer vs. a server. A sophisticated technique that takes down a server without disrupting the rest of the network’s ports and services. Slowloris operates by sending many partial requests to the server. It keeps sending more and more HTTP headers continuously but without completing those requests. These forged requests keep many connections open to the server for a longer time than usual to overwhelm the maximum concurrent connection pool. As a result, the system will slow down, additional connections from legit users will be denied.

Zero-day DDoS attack

A Zero-day, also called a zero-minute attack, is one that takes advantage of new vulnerabilities. People are not yet aware of them. Usually, those vulnerabilities appear on new updates or patches, but they can also exist since the software is launched. The name of the attack refers to the fact it is happening before the vulnerability perpetrators used is publicly known.

This attack can have a positive purpose when software companies pay people in exchange for reporting vulnerabilities of new products before their official release. But it also points to the reality that attacks are far from disappearing.

Preparing a DDoS attack

To launch a DDoS attack, first, the criminals need to “recruit” enough connected devices that later will generate the traffic. To do so, they infect those machines with different malicious software (from emails, visiting unprotected sites and more) and create so-called botnets – hijacked devices ready to be used when it is time for the attack. There are even markets for botnets, where you can buy an attack on a website of your choice.

The Consequences of DDoS attack

Experiencing such a harmful threat is highly unpleasant and can have a huge negative impact. Some of the possible outcomes of a successful attack include:

• Operational Disruption: One of the immediate consequences of a successful DDoS attack is the disruption of normal operations. Websites become sluggish or entirely inaccessible, leading to frustrated users, decreased productivity, and financial losses. E-commerce platforms, financial institutions, and online services are especially vulnerable, as downtime translates directly into revenue loss and damage to customer trust.
• Financial Loss: DDoS attacks can cause severe financial harm. Businesses may face not only the direct costs of mitigating the attack and restoring services but also indirect costs associated with reputational damage and lost customers. The financial damage can lead to legal consequences, especially if sensitive client information is compromised during the attack.
• Reputational Damage: Trust is a delicate matter in the digital space, and a DDoS attack can destroy it instantly. When customers cannot access services or experience disruptions, they may lose confidence in the affected organization and its ability to protect their interests. Rebuilding a reputation can be a long and difficult process.

How long does a DDoS attack last?

The duration of a DDoS attack can vary significantly based on the resources available to the attackers and the defensive measures of the target. DDoS attacks can last from a few minutes to several weeks. On average, however, most DDoS attacks last for around 24 hours, though some intense attacks can go on for days or even weeks.

Short-duration attacks can be a part of a coordinated strategy where attackers test a target’s vulnerabilities with brief bursts, estimating the response and preparedness of the target’s systems. These “hit-and-run” style attacks can cause considerable disruption in a short time, particularly if they target time-sensitive operations like financial transactions or sales events.

Prolonged DDoS attacks typically aim to exhaust the target’s resources or force them to pay a ransom in exchange for stopping the attack. Long-term attacks can be devastating as they may prevent an organization from functioning entirely, leading to major operational and financial issues.

Preparedness and robust DDoS protection are essential to mitigate the effects of both short and prolonged attacks.

Which industries are being targeted and why?

Certain industries are more frequently targeted by DDoS attacks due to their high online activity, competitive nature, and dependence on continuous uptime. Here are some of the industries most affected and why they are popular targets:

• Financial Services and Banking: Financial institutions are high-value targets due to their critical role in managing and securing funds and customer data. Attackers may aim to disrupt operations, damage reputation, or extort these institutions for ransom. A successful attack on a bank can lead to significant financial loss, operational chaos, and damage to customer trust.
• E-commerce and Retail: Online retail is another major target, especially during peak shopping seasons like Black Friday and holidays. Attacks during these times can severely impact sales revenue, as website downtime directly translates to lost customers and sales.
• Government and Public Sector: Government websites, especially those related to public communication, law enforcement, and emergency services, are frequent targets. These attacks may be politically motivated, intending to disrupt public access to information. Governments are also targeted to disrupt official communication channels.
• Gaming and Entertainment: The gaming industry is particularly vulnerable, as users expect real-time access and responsiveness. Gamers often participate in competitive or time-sensitive events where even short downtimes can lead to significant frustration and financial loss for companies. DDoS attacks are frequently employed to disrupt gaming servers.
• Media and News Websites: News outlets and media websites are also prime targets. Hacktivists may use DDoS attacks to silence certain news outlets or delay the publication of specific content. Attacks on these sites can reduce public access to information, potentially affecting the narrative on important topics.

How to prevent a DDoS attack and stay safe?

The cyber-criminals can make a vast network of botnets, but it doesn’t mean you can’t be protected. ClouDNS provides you two options to stay away from DDoS troubles.

You can choose and subscribe for a DDoS protected DNS.

All plans provide unlimited Layer 3-7 DDoS Protection. Whichever you pick from them, you will be able to use 4 DDoS protected DNS servers, 50+ Anycast locations and unlimited DNS queries. For big companies, we recommend our DDoS Protection L subscription with 400 DNS zones that you can manage.

DDoS Protected Plans

Or you can use a Secondary DNS as a backup DNS, so you always have a backup copy of your DNS records.

It adds resilience, reduce the outage periods by answering requests even if the Master is down.

Conclusion

The more extensive your DNS network is, the better. The massive traffic from the attackers can be distributed between your servers in the different locations, and it will ease the load. Don’t forget that modern DDoS attacks target different communication layers, so you will need intelligent DDoS protection to respond fast and accurately. 

To be safe, always choose quality DNS service provider like ClouDNS.

The post DDoS attacks and how to protect ourselves appeared first on ClouDNS Blog.

DNS explanation

DNS or Domain Name System is the backbone of the internet. It connects all the users to the content they need. That means it is a directory service which converts human-readable domain names into numerical IP addresses. It is a constant exchange of information, but sometimes the DNS fails and this causes downtime. A blackout period that can be evaded by using a Backup DNS.

Backup DNS

Backup DNS, also known as Secondary DNS or alternative DNS is a system of one or more DNS servers, who have a copy of the zone data (DNS records) of the Master (Primary) DNS server. It adds resilience, reducing the outage periods by answering requests even if the Master is down.

Backup DNS services provide an additional measure of insurance against service outages. They allow a website to remain up and running even if the primary DNS fails, often by serving DNS requests from a different location. Additionally, backups may use the same protocols as primary servers, or be hosted in distributed cloud networks, which increases reliability and performance. 

How does it work?

Backup DNS works through a few simple steps. Here are they:

1. First, when a user requests a website or application, the DNS query is sent to the primary DNS server. 
2. The primary DNS server then resolves the domain name to the corresponding IP address. But if the master DNS server is down, the request is rerouted to the backup DNS server. 
3. Then, the backup server resolves the domain name and returns the IP address to the requesting device, allowing access to the website or application.

Benefits of Backup DNS

Backup DNS is an essential part of any website or application infrastructure. The primary benefit of having it is improved website or application availability in the event of any primary DNS service failure. Your website or application will remain up and running even if the primary DNS fails, by redirecting users to a different DNS server. 

With a robust Backup DNS service, businesses are better protected from malicious attacks such as Distributed Denial of Service (DDoS) attacks. In addition, for even better safety from these types of cyber threats, there are DDoS Protected DNS services that add another layer of protection.

Backup DNS services can also provide faster DNS lookup times, improved representation of your website or application by serving identical content around the globe, and seamless switching in case of server outages. 

Another benefit lies in its scalability. It is designed to scale with any increase in traffic, both in terms of the number of queries handled and the size of the DNS database. As your website or application grows, Backup DNS can help ensure that you don’t lose any traffic simply due to lack of capacity. Additionally, this services often come with built-in features such as failover capabilities, Anycast DNS, and more, which can all improve the overall performance and reliability of your website or application.

What is the worst that can happen? Dyn DNS attack of 2016

Just ask the Dyn DNS users who were victims of the massive DDoS attack of 2016. Many well-known websites and services were affected: Airbnb, Amazon, Twitter, BBC, CNN, Etsy, Github, PayPal, Spotify, and more. Their users were left without service for quite some time. The attackers created a massive amount of traffic that caused the victim’s system to get stuck and eventually crashed. They did that by using an enormous amount of botnets IoT devices (internet of things). There are plenty of connected devices with low protection that can be easily hijacked. The number of such IoT devices is rapidly growing, but their security level is not improving. This means we will have plenty of similar DDoS attacks in the future.

Who needs Backup DNS?

Backup DNS is beneficial for any organization whose website or application is critical to their success, as it adds an extra layer of protection and reliability. 

It is particularly important for businesses that serve large amounts of online traffic, such as online retail, media, etc. This is because having a reliable Backup DNS prevents disruption of service and lost revenue. 

Additionally, businesses that are subject to malicious attacks, such as governments. banks, healthcare institutions, also benefit from Backup DNS services, as these services can help prevent attackers from overwhelming their primary DNS server.

Additionally, small businesses that are just starting out and may not have the budget of large companies also benefit from this backup service. Why? Because this service is at an affordable price and ClouDNS offers a 30 day free trial for no cost testing. Check out our Secondary DNS service! 

Ultimately, Backup DNS is an invaluable tool for organizations of any size.

Conclusion

If you have more DNS servers, working together on a grid, the traffic that comes from such a DDoS attack will distribute between them. Some of your servers may go down for a while, even your master DNS can go down, but thanks to the DNS backup, the rest will continue, and your clients won’t be left without a service.

The post What is Backup DNS? appeared first on ClouDNS Blog.

DNS zone is a delegated partition of the Domain namespace, container of DNS settings and DNS records inside a DNS zone file. The DNS records point domain names to IP addresses, show information about services, serve for verification and authentication purposes and more. 

The DNS namespace can have single or multiple DNS zones, each managed by a particular DNS host/service. It has a hierarchy structure where the top is the root level, followed by the top-level domain, domain, subdomain, etc. This division helps for administrative purposes. It decentralizes the DNS, making it possible to be managed on different levels, and also reduces the tasks of nameservers by dividing their responsibilities. It is like an enormous pie. Each piece of it allows better separation of the administrative load and helps with redundancy.

There are three types of DNS zones – Primary (Master) DNS zone for control, Secondary (Slave) DNS zone for redundancy and better performance and Reverse DNS zone for network troubleshooting and for email servers IP to validation.
 
The first contains all the original DNS records, and the second gets them from the Primary DNS zone. The process is called DNS zone transfer. The Primary DNS server could push it, or the secondary can get the changes when its cache expires. 

Don’t directly associate a DNS zone with a specific domain. A Domain Name System zone may contain single or multiple host names for the same domain; the important thing is that it is used for controlling a fraction of the namespace. DNS zones can be on the same servers too.

We also recommend that you read “What is Authoritative DNS server?“

Different types of DNS zones

There are different types of DNS zones, but in this article, we will set our eyes on just two:

• Primary (Master) DNS zone – holder of the original zone file (all the DNS records for the zone). You can manage a host through this zone.
• Secondary (Slave) DNS zone – holds a copy of the Domain Name System file. You can use them for better performance, for hiding your Primary, for backup and redundancy.
• Reverse DNS zone (rDNS) – Responsible for mapping IP addresses back to their associated domain names. This is the opposite of what a typical (forward lookup) DNS query does.

Primary DNS zone

Primary (Master) zones contain a read/write copy of the zone data. There could be only one Master zone on one DNS server at a time. All the DNS records added manually or automatically, are written in this Primary zone of the DNS server.
The data is stored in a standard text file – .txt. The advantage is that it is easy to back it up and to recover in case of problems.
Something essential is that to be able to make changes to the Domain Name System zone, the Primary zone must be available. If the server with your Primary DNS is down, you won’t be able to make any changes.
If you want to have redundancy, you must have the zone data accessible on multiple servers.

If you want to learn how to create a Primary zone in ClouDNS, check the following step-by-step tutorial:

• Click on the sign-in button and enter your email address and your password. Once you have logged in, you will see your Dashboard. From the list, you will notice that you do not have any registered DNS zones. 
• Click on the “Add new” button. In the pop-up window, click on “Master zone”. You can create your Domain Name System zone with the NS records you want. However, we recommend you to use the suggested ones.

If you want to check your domain’s NS records, we recommend you take a look at the second command from our article: 10 Most used Dig commands

• In the text field, enter your domain name without HTTP, HTTPS, or WWW. Example: yourdomain.com. Once you do it, click on the “CREATE” button.

You have successfully created your Primary (Master) zone. From the top menu, you will be able to manage your Master DNS zone with all of the available options. Here you will see all the DNS records you can create and use for your needs. From the list, you can see your hostname, the type of the record, where they are pointed to, and what the TTL is.

You can also check our wiki page about Master DNS zone.

Premium Primary DNS hosting - Try for free

Secondary DNS zone

The Secondary DNS zone is a read-only copy of the zone data. Most of the times Secondary (Slave)  zones are copies of Master zones. They can also be copies of other Slave zones or Active Directory Zones.
If you try to change a DNS record on a Secondary zone, it can redirect you to another zone with read/write access. By itself, it can’t change it.
One of the primary purposes of a Slave zone is to serve as a backup. When the Primary zone is down, it can still answer requests for the zone from its copy.

Check the following step-by-step tutorial to learn how to create a Secondary (Slave) Zone in ClouDNS.

1. Click on the sign-in button and enter your email address and your password.
2. Once you have logged in, you will see your Dashboard. From the list, you will notice that you do not have any registered DNS. 
3. Click on the “Add new” button and then click on “Slave/Backup zone” 
4. In the first field, enter your domain name without HTTP, HTTPS, or WWW. Example: yourdomain.com. In the second field, on the right, add the IP address of your Master Server. Once you do it, click on the “Add Slave” button.

You have successfully created your Secondary (Slave) zone. From the top menu, you will see the available options for your Slave Zone. Here is also the IP address of your Primary Server. 

If you want to use Secondary DNS zones, you can also review our Secondary DNS page, and decide which of our premium plans is right for you.

Now you know what a DNS zone is and the difference between these two types – Primary DNS zone and Secondary DNS zone. For any additional questions about your DNS infrastructure, you can contact our customer support.

Reverse DNS zone

A reverse DNS (rDNS) zone is a DNS zone established for the purpose of resolving IP addresses into domain names. While a standard (forward) DNS query resolves a domain name into an IP address, an rDNS or reverse DNS query does the opposite, mapping an IP address back to its associated domain name.

The Reverse DNS zone encompasses two types: Master and Slave. The Slave Reverse DNS zone acts as a safeguard, maintaining a read-only copy of the reverse DNS records while remaining in sync with the Master zone to distribute load efficiently. In contrast, the Master Reverse DNS zone is the authoritative source that houses the original mappings of IP addresses to domain names. All modifications and updates to these records are made in the Master zone. For guidance on setting up Master Reverse DNS zones, refer to the following instructions.

The utility of rDNS zones can be seen in several areas:

• Network troubleshooting: rDNS is useful for diagnosing network routing problems and pinning down the source of network attacks. By using reverse DNS lookup, network administrators can identify the hostnames associated with IP addresses appearing in log files.
• Email Verification: The SMTP protocol used for email has a step where the recipient’s mail server checks the sender’s IP address in a reverse DNS lookup. This can be used as a simple way to verify the legitimacy of the email sender and helps in spam prevention.
• For Certain Internet Services: Some Internet services, such as FTP servers, often use reverse DNS lookups as part of their control strategies.

Suggested article: FTP vs HTTP: Understanding the Key Differences

In DNS, each octet (unit) of the IP address is reversed and placed in the in-addr.arpa (for IPv4) or ip6.arpa (for IPv6) domain. For example, the IP address 192.0.2.0 is represented in a reverse DNS zone as 0.2.0.192.in-addr.arpa. The PTR (pointer) record is then used to map this to a domain.

DNS Zone VS. Domain

In the domain namespace, the biggest difference between the domains and zones is that domains provide logical structure, and the zones provide an administrative structure. 

A domain is a subtree of the domain namespace. It shares its name with that of the top-most node, like yoursite.eu (eu domain). It could be divided into various zones that can be controlled separately.

A zone is a partition of the domain namespace that requires a Primary nameserver and can be managed separately. A zone can coincide with the domain and covers all of its subdomains, or it could be just a partition of the domain. You could have separate zones for mail.yoursite.com and ftp.yoursite.com for your domain yoursite.com.

DNS Zone Delegation

DNS zone delegation is the process of assigning authority over a specific portion of a domain’s namespace to a different DNS server. This is typically done by the owner of the primary domain when they want to delegate control over a subdomain to another party or server. The delegation is accomplished by adding NS (Name Server) records to the parent zone, pointing to the DNS servers that will manage the delegated subzone. This allows the parent zone to direct queries for the subdomain to the appropriate authoritative DNS servers, ensuring efficient and accurate resolution of DNS queries within the delegated zone.

For example, a large organization might manage a primary domain like example.com and have various subdomains such as hr.example.com, blog.example.com, and dev.example.com. By delegating these subdomains to different DNS servers, the organization can optimize its DNS management, ensuring faster query resolution and greater overall stability. 

Conclusion

In conclusion, DNS zones are the building blocks of the Domain Name System, enabling efficient management of DNS records and administrative responsibilities. They play a vital role in ensuring the reliability and accessibility of online services by facilitating proper domain-to-IP address mappings.

Premium Secondary DNS hosting - Try for free

The post What is a DNS zone? Primary and Secondary DNS zone and how to create it appeared first on ClouDNS Blog.

The DDoS attacks are also increasing. According to Kaspersky Lab 33% of organizations experienced a DDoS attack in 2017, compared to 17% in 2016. So we also want to know if the top shopping websites are well prepared for future attacks.

In this article, we will check with our DNS tool all of the top 50 E-Commerce websites. We will see if their speed and DDoS protection is fine or they will need to improve. Based on our research we will make recommendations how these websites can improve.

DNS Tool

For this research, we will be using our DNS lookup tool

It shows how fast the servers are responding from six different international locations – 1. Roubaix, France, 2. Atlanta, USA, 3. Sao Paulo, Brazil, 4. Sydney, Australia, 5. Johannesburg, South Africa and 6. Singapore.

It is a small and very helpful tool that you can use for diagnostic of your DNS. It is easy to use, and it let you download a PDF report of your findings.

What are we checking?

Name servers

We are checking how many name servers are listed on the parent server. It is recommended to be more than two; three is ok, four is better. This adds resilient to your DNS network; it will result in better up time. If one or two are down for maintenance, the rest will still satisfy the needs of your customers. Another benefit is the increased security. More servers can handle better the traffic and this way they resist more to DDoS attacks.

NS records

NS records delegate a sub-domain to the name servers you have. They should be synchronized.

SOA record

Another that needs to show the same result for all of the name servers. It shows the start of authority, so it must indicate the same master name server, timestamp and few more characteristic.

A record distribution

By location for the domain and the www.domain (same but with www).

Speed

And finally one of the most important for an e-commerce website, the speed. As said above, a slow site can push the visitors away and lose a lot of sales.

Top 50 E-commerce websites

For the case study, we will also use the following SimilarWeb rank list.

Results

You can find all reports that we generated and additional information in this spreadsheet.

1.Amazon.com

The first one in the list is Amazon.com. They are using Dyn DNS and Neustar UltraDNS and average response time of the name servers is 50.66ms. We don’t know why they don’t use their DNS network – Route 53.

2. Taobao.com

Very slow global speed – 350.59ms. They don’t use any DNS provider, which is interesting since they are owned by Alibaba, and Alibaba has AliDNS. We don’t know why Alibaba does not use their DNS services.

3. eBay.com

Congratulations eBay, that’s the way to do it. Using Verisign as their Primary DNS provider and Dyn as a Secondary DNS. Low speed in South Africa, but they have ebay.co.za for that.

4. Tmall.com

Another property of Alibaba. Low speed even in Singapore (above 130ms). Not good Tmall. Alibaba do you plan to use your DNS for your websites?

5. Craigslist.org

Not a typical shopping site, but it’s on the list, so we need to check it out. Average speed 162.98ms. Even the two name servers in Atalanta show 64 and 63 ms. We think their users deserve better speed than that. No backup DNS.

6. AliExpress.com

In 2016, AliExpress claimed they reduced load time by 36% and recorded a 10.5% increase in orders and a 27% increase in conversion rates. Our report shows that they are using Alibaba Cloud. But unfortunately, this doesn’t help. The average response time of the name servers is 215.78ms. Just two name servers are showing speed less than 100ms. And this is a global site which depends on international users. We suggest adding a Secondary DNS provider. A company which generated almost 23 Billion in revenue in a single day, surely can set aside few thousands of dollars annually for this.

7. JD.com

An average response time of the name servers is 399.32ms. If they want to beat Alibaba at least, they have to provide good speed for their users. Singapore speed is also very low – name server in Singapore shows 145ms.

Next stop four properties of Amazon in different locations. Let’s see if some of them are using Route 53 this time.

8. Amazon.de

Excellent speed Amazon.de – 50.60ms. Using two DNS providers again – Neustar and Dyn. No sign of Route53 though. Interesting.

9. Amazon.co.uk

Good job Amazon.co.uk. – the best global speed of the top 10 websites – 45ms. Using ten name servers and two DNS providers again – Neustar and Dyn. This is a recipe for success. Still no sign of Route53 though.

10. Amazon.co.jp

Two DNS providers again – Neustar and Dyn and good average response – 76.06ms.

11. eBay.co.uk

Using Verisign as their Primary DNS provider and Dyn as a Secondary DNS as eBay.com. Good overall speed.

12. Walmart.com

The whopping amount of 12 name servers. Not the fastest global speed, but since the majority of their audience is coming from the US, the result is excellent. Using two DNS providers, Akamai and Neustar UltraDNS. Some say that they got in the online business too late, but they are sure fast learners and understand that speed and security is the only way to compare to Amazon.

13. Avito.ru

According to SimilarWeb, the majority of their traffic is coming from Russia, Ukraine and the rest of the CIS countries. Wow, 2.17ms. Global speed and maybe we have a winner. They are using Cloudflare and no secondary DNS provider. Fast speed on all 6 test POPs. We can’t say much, except that they are doing an excellent job. Only if they had backup DNS, it would have been the perfect example.

14. Mercadolivre.com.br

Latin America’s most popular e-commerce website. According to Similarweb 98% of the Mercadolivre.com.br traffic is coming from Brazil. No DNS providers, The speed is not good even in Brazil – above 100ms.

15. Amazon.in

Around 10% of their traffic is international, so it’s good for them to have good global speed. And they do. Using Dyn and UltraDNS, they achieve excellent speed – 68.96ms, except South Africa.

16. Rakuten.co.jp

No DNS providers = slow global speed. Not much to say here. Guess they don’t rely on revenues outside Japan.

17. Allegro.pl

Again no DNS providers = slow average response. Yes, you’ll say they don’t need it because they are targeting mostly users in Poland, but what about the searches outside PL. Around 5% of their traffic is coming outside Poland. And what about DDoS protection and backup?

18. eBay.de

As the other eBay domains, this one is also using Verisign as their Primary DNS provider and Dyn as a Secondary DNS. Good overall response – 70.92ms.

19. Amazon.fr

Around 20% of the traffic comes outside of France, so it’s good to have at least reasonable EU speed. And they do. Using Dyn and UltraDNS, they achieve excellent global speed, except South Africa.

20. Аmazon.it

Amazon surely knows how important is speed and to have a backup. So far they are using the same recipe for success – two DNS providers – Dyn and UltraDNS.

21. Leboncoin.fr

The French classified site. Good speed in France, slow speed globally. No sign of DNS providers. If anyone from Leboncoin is reading, please protect your revenue and your users and set up a backup DNS.

22. 58.com

Like all other Chinese e-commerce sites, they also have terrible global speed – 357.49ms and don’t use Managed DNS provider.

23. Target.com

Using Akamai which is good, but no Secondary DNS provider. Excellent speed in the US and Europe. Overall good – below 100ms.

24. Etsy.com

One of our personal favorites. Let’s see how they perform the test. Using AWS and Dyn. Nice to know that someone is using Route 53 after we found out that the Amazon doesn’t. Good speed everywhere except South Africa – 51.06ms.

25. Bestbuy.com

Using Akamai but no Secondary DNS provider. Good speed in the US and Europe. Low speed in Australia, Brazil, and South Africa. For reference, bestbuy.com.mx also doesn’t have good speed in Brazil.

26. Amazon.es

The Spanish domain of Amazon also has good global speed – 69.31ms and again uses two Managed DNS providers – UltraDNS and Dyn.

27. Sahibinden.com

The most prominent Turkish online store. They are using five nameservers, and 1 of them is not responding. Terrible global speed – 631.28 and no DNS providers (we checked the website few times, and the servers were not responding, and the speed was over 500ms each time).

28. Flipkart.com

The Indian e-commerce giant. They use Neustar. Excellent average speed. No Secondary DNS.

29. Ikea.com

The Scandinavian furniture manufacturer uses no DNS providers for its online shop. Good speed at our French POP and not so good globally.

30. Gearbest.com

A genuinely international website with traffic from all over the globe. Using Akamai, but the global speed is above 100ms. Highest response time in Brazil, which is interesting since according to Similarweb 18% of their traffic is coming from this country.

31. Mercadolibre.com.ar

Argentina’s most famous e-commerce store. No DNS providers, The speed is not good even in Brazil – above 100ms.

32. OLX.pl

Another Polish e-commerce site. They are using Amazon Route 53. Excellent speed in Europe. No Secondary DNS, no backup.

33. eBay-Kleinanzeigen.de

Good response according to our France POP, poor global speed – 176.19ms. No DNS provider is detected.

34. Mi.com

The international online portal of Xiaomi – the smartphone manufacturer. The average response time of the name servers is terrible – 367.21ms. They don’t use DNS providers, and respectively their bounce rate is high.

35. Amazon.ca

Good job also for Amazon.ca. Using two DNS providers again – Neustar and Dyn. The technical guys from Amazon understand the importance of using DNS provider. The last of the Amazon properties on our list and still none of them are using Route 53. Can we say according to this that the Dyn and Neustar DNS networks are better than the Route 53’s… Don’t know; we leave the presumptions to you.

36. OLX.ua

As the rest of the OLX properties, they are using Amazon Route 53. Excellent speed in Europe. No Secondary DNS, no backup.

37. Wish.com

Using the services of Amazon Route 53. Good overall global speed – 61.72ms, except South Africa – above 150ms.

38. HM.com

The international shopping site of the H&M brand. Good speed in EU and US, poor in Brazil and Singapore. Maybe they don’t rely so much on sales in South America and Asia. They are using Akamai, but no secondary DNS provider.

39. Mercadolibre.com.mx

Another site from the Argentinian giant. Hope this one performs better, let’s see. Good speed in the US, poor everywhere else, even in Brazil. Average response time is 143.79ms. No sign of DNS provider and backup DNS.

40. HomeDepot.com

Good speed in the US, which is good, since they are relying heavily on US consumers. Fear global speed – 102.44. If you look at the spreadsheet and the report you’ll see that they are also using Akamai.

41. Market.yandex.ru

The marketplace of Yandex – the Russian bear. They are using their DNS, which gives excellent speed in Europe, but very poor globally – 178.63ms. We’re guessing global presence is not essential for them. The bear won’t leave Russia with this speed.

42. Americanas.com.br

Good overall speed, except in South Africa, but with 99% of the traffic coming from Brazil, that is logical. Using Route 53 but unfortunately no Secondary DNS provider.

43. Alibaba.com

Like all tested so far Alibaba properties, Alibaba.com is not an exception. Poor global speed – 256.2ms, especially in Australia, South Africa, and Singapore. No Secondary DNS provider. Bounce rate is high respectively – 46.31%.

44. Sonymobile.com

The international platform of Sony Mobile is in 44th place. Using Route 53 but no backup DNS provider. Guess Sony didn’t learn the lessons from the frequent DDoS attacks they received on their PlayStation Network.

45. DMM.com

The Japan-based electronic commerce and Internet company is next. They are using ten name servers, 6 of which are from Akamai, but global speed is not high.

46. OLX.com.br

As the rest of the Argentinian classified giant OLX properties, com.br is also using Amazon Route 53. Good speed almost everywhere except South Africa. No backup DNS.

47. Macys.com

Macys are using Akamai also. Good speed in Europe and US, poor in Brazil. Average response time – 128.06ms. No secondary DNS.

48. Suning.com

Sunning is one of the largest retailers in China. Almost two years ago Alibaba bought shares in the company, so let’s see if they are using AliDNS or not. And the answer is no. Poor speed almost everywhere except Singapore. No primary and backup DNS provider, which corresponds to the highest bounce rate of all e-commerce websites so far – above 70%. That’s millions of dollars lost according to everybody’s calculations.

49. Kohls.com

As the rest of the websites using Akamai network, the site of the American department store retailing chain has good speed; only Brazil is lagging. But since 98% of their traffic is coming from the US they can live with it. The lack of back DNS is not good though.

50. Asos.com

The British online fashion and beauty store comes last in our report. They have lots of international traffic, only 25% of the traffic comes from the UK, the rest is all over the globe. They have eight name servers, using Dyn and Secondary DNS provider. Excellent global speed, except in South Africa.

Conclusion

According to our research majority of the big brands still didn’t learn the lesson from the 2016 Dyn DDoS attack, where huge sites were down for hours. 70% of the sites in this case study don’t have backup DNS. Not setting up a backup DNS or at least using a single DNS provider, leaves you open for DDoS attacks and respectively revenue losses. The question is not if it’ll happen but when.

Winner global top speed is Avito.ru with an average response time of 2.17ms.

The average amount of name servers per site is five, and the average DNS lookup speed of all 50 websites is 146.63ms.

We can draw a parallel between the response time of the websites and their bounce rate, as 89% of the sites with bounce rate above 40% had also lousy speed (see red fields in the spreadsheet).

And finally a recommendation for all other e-commerce sites – if you want to fight the big boys and win, you need to invest in your site speed and DNS. Make sure you are using not one but two DNS providers. You will be surprised at how little money you can get a good night’s sleep.

The post A case study of the top 50 e-commerce sites and their DNS appeared first on ClouDNS Blog.