The Domain Name System (DNS) is one of the cornerstones of the internet today. Its role is to convert alphabetic names into numeric IP addresses. It is, in effect, the 'phone book of the internet'. However, despite its critical role, it’s also the least appreciated aspect of delivering an online retail user experience, and the most overlooked chink in an internet retailer’s armour. In this piece, Angelique Medina (pictured below), senior product marketing manager, ThousandEyes, tells RetailTechNews that the DNS' importance can’t be understated.

The DNS is actually the first step in how we connect to online retail brands because it’s the internet infrastructure that translates human-readable domain names to routable IP addresses. Without DNS, there is no digital retail experience.

DNS services are assigned by an internet service provider (ISP), meaning they may not always be the best choice available to a retail company. Slower DNS servers can actually create lag before websites start to load. In worst case scenarios, the internet can’t function because, if the DNS record of a retailer’s website is unavailable, then the service is unreachable to users. Also, critically, ISPs may lack sufficient encryption mechanisms, leaving DNS query traffic vulnerable to attack.

Two years on from Dyn

Many reputable third parties, including Google, offer DNS services. And these third parties really matter because, just two years ago, Amazon and other large online retailers were effectively taken off the internet for multiple hours by a distributed denial of service (DDoS) attack because they all relied on a single DNS provider – Dyn, in their case. This DDoS attack saw a network of computers infected with special malware, known as a 'botnet', which coordinated into bombarding the provider with internet traffic until it collapsed under the strain and meant that large swathes of Amazon’s users in Europe and North America couldn’t access its website, along with other major internet retailers.

Can it happen again?

According to the 2018 ThousandEyes Global DNS Performance Report, 50% of retail companies on the Financial Times Stock Exchange (FTSE) 100 are still at risk. Two years after the Dyn DDoS attack, you’d think online retail companies would have learned their lesson, but apparently not so.

Angelique Medina, Senior Product Marketing Manager, ThousandEyes

As shown by this research, many of the biggest retail companies on the planet, who also happen to be some of the digitally mature organisations in the world – as well as 44% of the top 25 software as a service (SaaS) providers – don’t have a fallback DNS server option. That means that a single outage or DDoS attack could completely take their retail businesses off the internet.

The need for awareness of DNS has grown as more retail businesses than ever rely on digital experiences in their revenue generation. According to Gartner, CIOs report that 37% of their revenues will have a digital footprint by 2020. If DNS is the first step in every digital experience, then not getting that step right can be incredibly costly. This is especially crucial for online retailers as, by 2020, consultancy firm KPMG has advised that the “customer experience will overtake price and product as the key brand differentiator.”

Yet despite this situation, too many are just using a single DNS service. If that DNS 'power' gets cut, it doesn’t matter how much you spend on your content delivery network (CDN) or your regional cloud hosting, your retail brand will be offline and you’ll be scrambling.

DNS is still a bit of a 'dark art' that many within the retail industry pay little attention to, not understanding that its performance and security can significantly impact the digital experience for end users.

In many cases, it’s simply a lack of awareness of best practice. Online retail companies often think that they’re resilient because they have more that one nameserver, when in fact they are not.

What must be understood about the DNS is that internet retailers can take control of this part of the IT infrastructure. Third parties who offer DNS services often have superior speed and security. True DNS resilience means that your authoritative DNS records are served from diverse networks, facilities, and routed prefixes. It’s certainly possible to do this on your own. Not only this, it’s typically easier (and less costly) to outsource your authoritative DNS to one or more third-party service.

As an online retailer, being unprepared is no longer an option.