Domains: The foundation to internet security, speed and reliability

SecurityCategory
7 min read
Nick Fuller

Domains are the cornerstone of the internet. They provide easy navigation to websites you want to visit. Without them, only the most technical users would continue to leverage the power available to us. As the world's largest registrar, it's GoDaddy's responsibility to keep your domains secure, fast and reliable.

During the last five years, GoDaddy has undergone a tremendous effort to improve our domains experience. Almost every piece of the GoDaddy experience has changed for customers. From finding that right domain to infrastructure and systems, we've made changes to make the internet better for everyone.

Here are a couple of stats to show the state of the internet today. First, Distributed Denial of Service attacks (DDoS) have increased. We are now blocking more than 1,000 DDoS attacks against our customers each month. These attacks vary in size, but any of them have the capability to impact our customers.

Second, we have seen a tremendous increase in Domain Name System (DNS) queries coming in to our DNS. During the last few years, this has been increasing by 25-30 percent each year. Every day, we're handling billions (with a B) of DNS queries for our customers.

Our team has been working tirelessly behind the scenes to make sure these systems are up and running. Additionally, they are doing things behind the scenes to make your experience even better.

Let's talk about security

For the internet to thrive, it must be secure. We must protect our customers, and the internet at large, from DDoS attacks, account hacking, DNS modifications. Here are a few ways we've protected the internet from these attacks.

DDoS attacks

GoDaddy has heavily invested into our infrastructure to keep customers up and running. DDoS attacks, which use infected computers as weapons, can be difficult to identify and stop from causing issues. If they're not caught early enough, these attacks can degrade the service of many, many users. Not only will it impact the targeted domain name, but it can impact others using the same DNS or hosting servers.

We have added additional monitoring and detection mechanisms to identify DDoS attacks. This enables quicker response, to prevent any service degradation for our customers.

Account protection

In 2012, we implemented two-factor authentication (2FA) in the US. This enabled customers to take their account protection to the next level, by requiring a password and a text message token to log in. The next year, we expanded this globally. To make accounts even safer, we deployed app-based 2FA. This works all over the world and prevents some of the potential weaknesses of SMS.

We have monitoring in place to look for suspicious account logins and behavior. This helps us identify and neutralize offenders quickly. The goal is to stop them before they start causing issues for our customers.

DNS modifications

In partnership with RSA, GoDaddy was able to take many "shadow" domains off the web. Besides spreading malware online, customers had their SEO negatively impacted by the attackers abusing subdomains. Using the research from the RSA, we were able to track and identify bad actors. We removed the offending sub-domains and implemented counter-measures against this type of attack. Not only did this help our customers, but the internet at large.

DNS

What is DNS?

To understand our DNS improvement, we need to take a quick look at DNS. The internet runs off of numbers called IP addresses. Long story short, computers do much better with numbers. So the underlying internet infrastructure uses numbers for everything. When you type in any domain name, it gets converted to a number so it can get to its proper location.

Here is what happens when you type a specific website into your address bar. Say you want to visit www.GoDaddy.com. You type it in and push enter. Your computer sends a request to the internet that says, "Hey, how do I get to GoDaddy.com?" Your request is then routed to your ISP DNS servers. Through communications, your request ends up at the domain's DNS servers. Those DNS servers provide the proper number (IP address). From there, your computer has what it needs to get to the destination.

So why do I need fast DNS?

In the example above, there are a lot of places where things could slow down or even break. Your computer having issues, your ISP having issues, the routes to DNS are slow, etc. Today, we're going to focus on the DNS is this process.

Location, location, location

The first thing to think about is the physical location of the DNS servers. If you're domain's DNS is in California, and someone is visiting your website from Russia, what happens?  Their request starts in Russia, goes through many servers and routers and eventually gets to your DNS servers. Now, your DNS server needs to reply to get the process started for your visitor.

This is your visitor’s first impression of your website. Every single aspect of your site loading needs to be quick. If the DNS takes a long time to load, or never loads at all, this reflects on your website. If visitors are able to start loading website immediately, they are more likely to stay, browse and do what they need.

This is the main reason GoDaddy has tripled our DNS locations in the last five years. People all over the world are now closer than ever to GoDaddy DNS, meaning no more world-wide treks for a DNS request. Closer servers means faster responses which means better experience for your website visitors.

Using third-party websites, GoDaddy's DNS is on par with several pay-for specialty DNS providers.

Reliability

Another bonus of many locations is better DNS reliability. Let's say GoDaddy has DNS servers in different parts of the United States. If one of those locations go down due to an earthquake, for example, customer impact is minimal. Traffic will be dynamically routed from that location to another. Those customers will still get the DNS they need while we're experience a major event in location. We have more locations scheduled and will continue to expand in areas as needed.

This means, regardless of virtually all circumstances, website visitors will be able to find your website.

Ease of use

GoDaddy created the Domain Connect project. If you have ever used multiple services with your domain name, you've most likely had to change DNS. A records, CNAME records and TXT entries can be daunting and should be completely unnecessary for regular users to manage.

That's why we created Domain Connect. It's an open standard that many service providers, like Microsoft, WPEngine and GoDaddy use. With a click of a button, users can have the exact right DNS entries added. These come from their service provider and added directly into DNS, with no user intervention. This makes even the most complex DNS entries a snap.

Knowing how big this problem is, we created it as an open standard, so partners and competitors all have access.

Summary

For this post, we focused on a few significant changes, but, there have been countless improvements made through GoDaddy, and there are more changes always coming. Our goal is to bring you the fastest, most secure platform for your domains or any other service you use with us.

Products Used

Domains Blog Ad Image

Domains

Learn more