An effective DNS (Domain Name System) infrastructure is a critical component of system uptime, which is essential to the viability and continuity of web services. For complex websites, a third of page load time can be attributed to DNS lookups. Inadequate or improperly configured DNS can have a potentially catastrophic impact on a company’s online presence.
Why is DNS Important?
Choosing the right DNS hosting provider can have a huge impact on your websites performance, reliability, and security, yet it doesn’t seem to get the amount of attention it deserves. Before we jump into the comparison, let’s discuss why you need a good DNS host.
When someone wants to access your website, the DNS lookup is step #1 to getting there. If your DNS host is slow or goes down, people may wind up seeing something like this:
Using a fast DNS hosting provider ensures there is less time between DNS lookup and the first-byte response. Similar to how CDNs work, DNS hosting providers generally have many points of presence around the world. More locations is better because it means it is more likely that a DNS server will be close to your visitor, decreasing latency and lookup time.
DDoS, or Distributed Denial-of-Service, is a type of cyber attack where the attackers attempt to make a server or other network resource unavailable by flooding it with a massive volume of requests. DDoS attacks typically involve thousands of unique IP addresses, often from compromised devices that have been infected by malware. Just a few months ago, a massive DDoS attack against DYN took many of the Internet’s most popular websites offline including Twitter, SoundCloud, Spotify, and Shopify.
Most DNS providers come with security features like rate limiting, IP filtering, and geo-blocking that can help mitigate and prevent DDoS attacks, but obviously, they aren’t foolproof. That’s why it’s always smart to have multiple DNS providers so that if one is taken down during a cyber attack you can failover to your secondary provider.
As we mentioned above, you should never have one single point of failure in your website delivery. That’s why it is common for smart Internet companies to have two DNS hosts and configure one as primary and the other as secondary, slaved to the primary provider. This will keep your zone records synchronized between the two providers and allow for easy failover when the time comes.
For most businesses, deploying your own DNS network just doesn’t make sense. For this reason, a slew of third-party DNS providers have entered the market, filling that need. But out of the dozens of providers out there, which are the best? Let’s start out by taking a look at market share among the top 100k websites in the world (courtesy of Datanyze):
As you can see, CloudFlare DNS owns the lion’s share of the DNS market, commanding nearly 50% of the Alexa top 100k. The remainder of the list looks how you would expect, with AWS Route 53 coming in second and other popular names like DYN, Akamai, and DNS Made Easy trailing significantly behind the first two but still holding respectable market share. But market share among top companies isn’t the only indicator of what makes a good DNS host. Let’s also take a look at some performance benchmarks…
The chart above shows DNS response times of the top 10 DNS hosts according to DNSPerf.com. As you can see, CloudFfare comes in first, as they did in market share, but there are some other contenders here like WordPress.com and Verizon ROUTE. Let’s take a look at one more benchmark report just to be sure:
This chart comes from SolveDNS.com and shows relatively similar results, but with DNS Made Easy taking the #1 spot.
By combining the data from the 3 sources above, we will narrow down our top 5 DNS providers to CloudFlare DNS, DYN, AWS Route 53, DNS Made Easy, and Google Cloud DNS.
All 5 of these services are cloud-based, which means there is no software or hardware needed on the customer side. Several of these providers also offer additional features like hosting, security, CDN, and more, but today we will focus only on their DNS services.
This article is lengthy, so if you don’t feel like reading all the way through and just want the key takeaways in bite-sized format:
- For most users, we are giving the win to Cloudflare. We’re basing this on a solid feature set, an extremely intuitive UI, and excellent performance (with 100+ points of presence). In addition, CloudFlare offers important security features like DNSSEC support and advanced DDoS protection.
- DYN, which is now owned by Oracle as of the end of 2016, has excellent reporting and load balancing features as well as full support for DNSSEC. It comes out neck-and-neck with CloudFlare, offering more features but with slightly less ease of use and higher costs. If you’re looking for enterprise-grade DNS hosting, DYN is a company you should be looking at.
- If you’re a small organization looking for an affordable and reliable DNS solution then DNS Made Easy is a great choice. For under $30/year for up to 10 domains you get top notch performance and a simple UI that you can have up and running in just a few minutes.
- AWS Route 53 works fine and is obviously popular among large websites, but that is mostly due to the fact that Amazon Web Services owns such a huge portion of the IaaS market and the bulk of those companies would prefer to have their DNS hosted with all their other cloud services.
- Google Cloud’s DNS service is still relatively new to the game compared the other providers on this list, but they will no doubt be gaining market share in years to come as the Google Cloud platform starts to gain momentum. Right now, Google Cloud DNS provides great reliability, simple and competitive pricing, respectable speed, and a decent UI. If you’re using the Google Cloud platform or just looking for a reliable DNS service you can trust, this is it.
CloudFlare DNS Review
CloudFlare is most commonly known as a cloud security company/content delivery network but they also own the biggest chunk of the managed DNS market share. Their DNS service utilizes all 100+ of their POPs around the world and comes in four versions; Free, Pro @ $20/month/domain, Business @ $200/month/domain, and Enterprise which is custom priced. Like their CDN and security services, CloudFlare provides additional features at each progressive plan. With DNS, there isn’t a huge feature parity between the different plans until you reach Enterprise.
Administering your DNS settings is done through the CloudFlare online portal, the same one used for their other services. Setup is extremely quick and easy like it is for their other offerings as well. Once you log in simply click on the DNS tab, enter your domain name, and CloudFlare will automatically look up your existing name servers and present you with the option to switch to CloudFlare nameservers with just a few clicks.
Cloudflare also gives you the option of using an HTTP proxy. This offers a number of benefits, the main one being that it will spread requests across all of CloudFlare data centers which can be helpful in the event of a DDoS attack. One of the main things CloudFlare is known for is security, and their DNS service doesn’t fall far from that tree. They have prevented some of the largest DDoS attacks in recent history. A big part of this, on the DNS side, is the use of Anycast to broadcast the same IP address across all of its data centers. What this does is dilute a DDoS attack across dozens of locations around the world with a net result being that none of the attack traffic reaches their customer’s servers.
Another important feature that is just about mandatory these days is DNSSEC, which digitally signs zones to ensure the DNS records received are identical to the DNS records published by the domain owner. With CloudFlare, all you need to do is click a button and add a corresponding record to the domain registration.
In the speed category, CloudFlare is tough to beat. Speeds generally stay in the sub-5 millisecond range. The CloudFlare network is huge with over 100 data centers around the world so performance stays consistent just about anywhere your users may be. The one downside is that CloudFlare seems to be a bit of a DDoS magnet. Fortunately, they have enough capacity to handle it.
The CloudFlare UI is one of its biggest selling points, right up there with speed and security. The layout of the dashboard is clean and each page is organized in a logical manner. In addition to the core DNS features, Cloudflare provides a variety of DNS-related add-ons, some included and others optional at extra cost.
Cloudflare provides access to its entire infrastructure through a RESTful programmatic interface. According to Cloudflare, you can essentially accomplish all tasks available from the Web interface also through the API. API keys are available to generate for all registered customers.
Basic support is offered via an excellent online searchable support database. Additional support is available with all plans, with variable response times. Only the Enterprise plan offers phone support, the others are email support only. We applaud the Cloudflare 100% uptime SLAs for the Business and Enterprise levels with a 2,500% guarantee for the Enterprise plan, meaning they will give you a credit of 2,500% of what you paid for any downtime.
DNS Made Easy Review
DNS Made Easy is a favorite among developers and small business because of its ease of use, high performance, and affordable pricing plans. Their plans include Small business, Business and Corporate, with each successive plan getting you additional domains, queries, and features. They also offer a 30-day free trial for up to 3 domains.
Even at the $29.95/year Small Business plan, you get up to 10 domains, 400 DNS records, and a whopping 5 million queries per month. This is the best bang for your buck you’ll find in this price range. The business plan is $59.95/year and allows for 25 domains, 1,000 DNS records, and 10 million queries. The Corporate plan is made for the enterprise and will run you $124.95/month. With Corporate you get 50 domains, 2,000 DNS records, and 50 million queries plus phone support. Additional domains and queries can be purchased for the business and corporate plans, but not for the small business plan.
DNS Made Easy offers an SLA that gives you a 500% credit for any downtime. This means in the event of a one day of downtime you would receive five days’ worth of credit.
Setting up your first domain on DNS Made Easy is super simple, much like Cloudflare DNS. Upon switching your name servers to the DNS Made Easy name servers your traffic will be flowing in minutes. It is easy to view and modify all your DNS records from a single screen within the UI. The user interface is quite basic, but this can be considered a good thing if you’re a single developer that just wants a high-performance DNS host that works quickly out of the box.
Speaking of performance, DNS Made Easy is fast. In our testing it lived up to the performance benchmarks above, beating even Cloudflare in response times in the low single digits (2-3ms). This is quite impressive considering how little you pay for the service.
Security is where DNS Made Easy falls behind. They do not offer DNSSEC support or specific DDoS mitigations features, but these features are not critical to everyone and you shouldn’t expect advanced security considering the price you’re paying.
DNS Made Easy offers a REST API that works for core functions such as domain and record modifications. However, it is only included with the Business and Corporate plans.
Dyn is one of the most popular DNS services among the Internet’s largest websites (as could be seen after the Mirai DDoS attack) but has more recently started offering smaller plans that are in reach of single developers or companies on a budget. Their managed DNS offering comes in 3 different levels; Developer, Business, and Enterprise. The Developer version is the one we selected for our review.
Dyn offers a 7-day free trial of their Developer plan which gets you 1 zone, 50 records, and 1 million queries. Pricing is relatively straight forward; Developer plans start at $7/month for 1 million QPM, Business plans start at $160/month for 5x that plus secondary DNS, traffic steering features, and premium support. Enterprise plans are available for those that need high volume traffic and 24×7 phone support.
Dyn’s managed DNS services are administered from a clean and easy to use UI. They also offer a step-by-step guide that was simple to follow.
When creating a new zone, most users will be able to keep the default values. Each zone comes with 4 Dyn name servers which you can add to your domain registrar record. When managing a zone, you have the option of using the ‘simple’ editor or an ‘expert’ editor. If you’re familiar with DNS at all you’ll probably be using the ‘expert’ editor, but ‘simple’ will do everything you need if not. And if you’re having trouble, Dyn does offer both phone and email support Monday-Friday, even with their Developer plans. This is something that few other providers offer. If you’d prefer to figure things out on your own they also offer loads of how-to videos, forums, and online documentation.
In addition to basic DNS features, Dyn supports IPv6 as well as DNSSEC, and active failover on their Business plans. Dyn has 20 POPs around the world (if you include their China network) and performance is great, averaging sub-5ms. This puts them on par or faster than Cloudflare, the market share leader who has 100+ POPs. Based on customer reviews reliability is also top notch, but do keep in mind that they were the victim of one of the largest DDoS attacks in history just last year, so always have a backup plan.
Of the four offerings we reviewed, Dyn, along with Cloudflare, provides the most comprehensive API integration with support for both SOAP and REST. Dyn allows for advanced configuration changes via API, such as managing permissions, configuring DNSSEC and traffic management. They also have an app for both Android and iOS that can be used to manage DNS services.
Amazon Route 53 Review
Amazon provides a managed DNS service as part of its cloud computing platform. Aptly named Route 53 (a reference to the DNS use of port 53) the service provides core DNS functions, such as IP address management for websites and email servers. In addition, it offers tools for traffic management, availability monitoring, and domain registration.
The first 25 hosted zones are $.50 per month, and for zones beyond 25 the cost drops to 10 cents month. DNS queries are charged at 40 cents per million for the first billion queries per month, queries beyond a billion per month are charged at 20 cents per million. Latency based and GEO DNS queries are charged at slightly higher rates and you can also pay for services like health checks and traffic policy records ($50 per month).
To use Route 53 you’ll need to sign up for an Amazon Web Services account using your email and credit card. Once logged in you’ll need to wade through the seemlingly endless features and services offered by AWS to find the Route 53 menu. It will take some time, but once you’re used to it the dashboard interface is easy to navigate.
The initial configuration is certainly more complicated than services like CloudFlare or DNS Made Easy, but it is still relatively straightforward for a basic setup without health checks and other features. When you create a new zone, 4 name servers are provided by default. With the new zone created you will need to add the necessary DNS records, such as an A record for www.yourdomain.com. You can also add your MX records for mail routing and PTR and TXT records. You will then need to add the supplied nameservers to the domain record with your domain registrar and you’re off to the races.
A notable shortcoming of Route 53 is that it does not support DNSSEC and is relatively short on security features compared to some other providers. AWS is so massive that it would be nearly impossible to take them down with a DDoS attack, but it would still be nice to be able to set your own security options. AWS Route 53 also offers no free human support and monthly support plans start at $29, a potentially big deal if you’re a single developer on a budget.
AWS Route 53 has a REST-based API that includes several DNS-related tasks including creating zones and zone records. The API can also be used to manage traffic policies and DNS health checks.
Honorable Mention: Google Cloud DNS Review
The Google Cloud platform is just now starting to gain serious momentum in the IaaS world and will no doubt be a dominant player in the next few years, which is why we’ve decided to add the Google Cloud DNS service as the fifth provider on our list. While their DNS offering is still relatively primitive compared to some other providers on the list like DYN or Cloudflare, it is very competitively priced, reliable, and will no doubt be growing in popularity as Google Cloud continues to expand.
The Google Cloud DNS is priced very similarly to AWS Route 53, and the two companies continue to battle it out on the pricing front on everything from computing to CDN. Google’s pricing is a little simpler than AWS, though. You simply pay $.20 per managed zone for your first 25 managed zone and then $.10 per zone for the next 10,000. Queries will cost you $.40 per million for the first 1 billion and then $.20 per million after that.
Setting up Google Cloud DNS is more similar to AWS Route 53 than it is to a simpler service like DNS Made Easy or Cloudflare. Below are the steps for setting up your first domain.
First, you’ll want to set up a managed zone. A managed zone is a container for DNS records of the same DNS name suffix. It has a set of name servers that accept and responds to queries.
- Go to the Create a DNS zone page in the Cloud Platform Console.
my-new-zonefor the ZONE NAME.
- Enter a DNS NAME prefix for the zone using a domain name that you own. For example,
- Click Create.
On the zone listing page, click the zone name to get to the records page. Default NS and SOA records have already been created for you.
Now you’re ready to create a new record. A common example would be an
A record to point the domain to the external IP address. Here are the steps to creating a new record:
- Click Add record set.
- If you have an IPv4 address, select
Afrom the Resource Record Type menu. If you have an IPv6 address, select
- Under IPv4 Address or IPv6 Address section, enter the IP address you want to use with this domain.
- Click Create.
Now you’ll need to create a CNAME record for the
- Click Add record set while in the Cloud Platform Console.
- Under DNS Name, enter
- Under Resource Record Type, choose
- Under Canonical name, enter the domain name, followed by a period. For example,
- Click Create.
Now all you need to do is update your domain’s name servers to use Cloud DNS to publish your newly-created records to the Internet. This process is the same as with any of the other DNS providers on this list. Go to your domain registrar and update your name servers to the Google Cloud DNS name servers and you are good to go!
As of now, the Google Cloud DNS doesn’t have much in terms of security features and their speeds are middle of the pack. That said, you can trust Google’s DNS to be reliable and for both the network size and feature set to expand quickly in coming years.
While all 5 providers offer a solid service that will safely outperform your average DNS host, Cloudflare edges out the win among the 5 due to their combination of performance, security, and ease of use coupled with fair pricing. If you’re looking for more functionality, DYN comes in a close second to Cloudflare with great performance, a strong security offering and a broad set of features. Cost-conscious developers that are less concerned about security may want to take a look at DNS Made Easy, who offers some of the best performance you can get for only $30/year to start.