LuxSci has been a partner with easyDNS to provide DNS and domain registration services to its customers since 1999. Due to our sales volume, we have an “Enterprise DNS” portal that both LuxSci Support and its clients can access to manage their domains. LuxSci has stuck with easyDNS for all of these years due to their excellent support, the high quality of the DNS services, and the friendly and helpful attitude of easyDNS management. LuxSci also believes that by partnering with easyDNS, we are able to provide our clients with the best and most robust DNS services available. This is mission critical, because if your DNS is down, so is your business.

Currently, LuxSci offers DNS and domain registration services to its customers as an add-on to its email and web hosting services.  Our prices are extremely competitive and the service includes the features you could get with easyDNS directly, together with LuxSci’s acclaimed technical support: we will manage all of your DNS and domain registration settings and assist you with any changes which minimizes the chance of error.  We also provide the option for you to self manage your DNS 24/7 using your own login access.

Mark Jeftovic, one of the original founders and architects of easyDNS, is now the sole owner of the company. LuxSci is bringing you this interview so that you can become better acquainted with easyDNS and why we selected them for mission critical services.

Mark, can you give us a brief synopsis of easyDNS’s history as a company?

We originally had another company. Back around 1994-1996 we were doing a lot of custom web development and we were one of the first companies doing dynamically generated websites with SQL backends. As such, whenever we picked up a new client, it usually meant we had to move their website onto our servers because the LAMP environment (Linux-Apache-MySQL-PHP) was still somewhat rare in those days.

We invariably ran into problems trying to get the DNS modified and encountered lock-in (or lock-out) with our client domains. It became clear that these people were paying for their own domain names, but had no access to them and no control over their fate. They were completely at the mercy of their ISPs, their webhosts or other third-parties.

The idea originally was to build a management panel so that our customers could manage their own domains “from the comfort of their own web browser” as we used to say. We started building the system around 1996 and by 1998 we were ready to launch it. Once we did so, it took on a life of it’s own, and by around 2000 we had all but folded the previous company and were concentrating on easyDNS fulltime.

Of course, around 2000 ICANN came along and opened up the domain registration side of things to competition, so we became an OpenSRS reseller and in 2001 CIRA did the same up here for .CA, so we became a CIRA certified registrar. In 2003 we became directly accredited with ICANN.

How many domains in how many countries does easyDNS support?

Right now we’re around 110,000 domains with customers in over 100 countries. We answer about a quarter-billion DNS queries per day.

easyDNS provides users with several different DNS servers, such as ns1.easydns.com, remote1.easydns.com, and ns6.easydns.net. What is behind these domain names in terms of servers and geographic locations?

These are prone to shifting, overlap and re-organizations, but at the moment:

NS1.EASYDNS.COM is a four node anycast strand with nodes in San Jose, Chicago, Amsterdam and Tokyo

NS2.EASYDNS.COM is a four node anycast strand on the Prolexic backbone (the DDoS mitigation specialists), those four are Miami, San Jose again, London UK and Hong Kong

To be frank this is where I start to lose track of things, NS3.EASYDNS.ORG is in London, REMOTE1 is in Ashburn VA and REMOTE2 is (I think) Phoenix.

NS6 varies, right now its in Amsterdam, we used to add additional nodes at the root server glue level to make this one a round-robin cluster but found it wasn’t as useful as we thought. We get a lot more mileage from the anycast architecture, which is why we’ll be getting rid of the single-nodes in early 2009 and adding a third anycast strand.

How does having DNS servers in different countries improve DNS services for customers?

Well when it comes to DNS, redundancy is a good thing. Having your nameservers spread around (even without anycast) is good because when different parts of the network go down or have problems you always have a server *somewhere* that any given part of the network can send queries to. This works best when you colocate in the multi-homed datacenters – so it’s rare that a given datacenter is ever cut off from the Internet entirely.

The way the DNS algorithm works, a nameserver initially asks all of your nameservers for the answer to a lookup and then measures the response times. It then directs future queries to the nameserver that answered the fastest (there’s more to it but this is the gist of it). When you have your nameservers spread out around the world you get a natural kind of diffusion to your DNS queries.

Then once you add anycast to the mix (where your multiple nameservers answer to the same IP address) you kind of get this same effect “squared”: when the remote nameserver does that first lookup to see “which one of your nameservers is the fastest”, the initial query will go to the member of the anycast node which has the shortest path to it in the routing tables, so you get the best pick twice: the “closest” node from the anycast strand, and then whichever anycast strand answered first.

The reliability and resilience of a DNS service are perhaps its most important features. Over the past few years, there have been many significant denial of service attacks and other attacks against easyDNS and others. What changes has easyDNS made to ensure that it can continue to provide services in the face of such attacks?

The first time we were DOS-ed (April 14th, 2003) we were completely blindsided, “what? you mean people DOS nameservers?” It was embarrassing, quite frankly. I think we went from there to being one of the more resilient DNS providers in a fairly impressive timeline. First order of business was we just started adding more remote nameservers (that was when we went from 4 to 6) and made some significant capital expenditures on firewalls.

Once it started, DOS attacks became commonplace, but we didn’t have another one that gave us much trouble until Sept 14-15, 2005, which I remember well because the morning I was sitting in the lawyers’ offices signing the papers to buy the company I was getting SMS messages that we were down from this DOS attack. So I knew we still had our work cut out for us.

We had heard the name Prolexic from a couple of our customers and from some contacts we had in the RCMP tech crimes unit, so we had a call into them and the day after I signed the papers to buy easyDNS, Prolexic’s president was here in town and we signed on with them, and coincidently, became a secondary DNS provider for them and their customers.

Then, in the last year we finally went anycast, I say finally because I wanted to get that done since 2003 when we first got hit, but reality intervened and anycast deployments in that day were “non-trivial”. They still are, but we got it done this year. Anycast enhances your resistance to DOS attacks because they have the ability to act as a kind of “heat-sink” to the attack traffic. The bad traffic hits the node closest to it (because from a routing perspective it doesn’t even know the others exist) and tends to leave the rest of your network unscathed.

DNS “poisoning” attacks have been in the news a lot lately. Has easyDNS seen issues related to DNS poisoning? What do you think the future holds in terms of protecting users from such attacks?

The DNS poisoning attacks are directed against recursive nameservers or resolvers, not against authoritative DNS servers. That’s not to say it isn’t our problem. We felt we owed it to our customers to provide some certainty in that department which is why we launched DNSresolvers.com that basically put us in the resolver space.

Many domain registrars such as Network Solutions also “throw in” DNS services to their clients. What are the advantages of easyDNS over the likes of these?

Well the joke I always make is “free DNS usually includes free downtime”. For almost everybody else, webhosts, ISPs, even registrars, DNS is an afterthought. They’ve got a couple unpatched crapboxes in a closet on the same backbone running some out of date nameserver and nobody gives it a second thought until they blow up and everything goes down. It’s a very precarious state of affairs given how vital DNS is to pretty well everything you’re going to do on the Internet, which gave rise to our motto: “DNS is something nobody notices until it stops working”.

There are other premium DNS companies out there such as “UltraDNS” that compete for partnership with service providers like LuxSci. What do you see as easyDNS’s edge over such companies?

We’ve been hearing lately that we’ve got much more competitive pricing which is refreshingly strange to hear since we’re usually described as “expensive but worth it” when compared to the bargain-basement registrars that sell domains for ridiculously low prices and “throw in the DNS”. We’ve got the anycast DNS, we’ve got the Prolexic deployments, but it doesn’t cost you an arm and leg to get into the game and get these DNS best practices the way it might somewhere else.

Does easyDNS have any significant new features of services that are coming soon?

The things I can talk about: we’re adding email hosting, web hosting and VPS hosting. It’s simply time, our customers have been asking us for this for the better part of a decade; now’s the time to give it to them.

We’ve been offering failover DNS for close to a year, but we still call it “beta.” We’ve just been waiting for the new platform to launch before we take it out of beta.

There are other things you’ll see when we plug in the new platform, I think you’ll be impressed.

Similar Posts:

• DNS at LuxSci — Not your “Daddy’s” DNS!
• DNS Price Cut! $0.99/month or $11.88/year
• Understanding Domain Name Service (DNS)
• Dangers of Private Domain Registrations and WHOIS Masking
• Better Forged Email Filtering with Improved SPF Support