The easiest way to attack IP infrastructure is via DNS.
Why few companies do DNS well. Why fewer can scale it.
IP is the dominant protocol of networking and networking heavyweights like Ethernet, TCP, and MPLS are emerging as clear standards, but networks are a long way from becoming a commodity as long as DNS is not properly implemented. Few companies do DNS well. Fewer have the skill set to scale it reliably and securely.
Best practices? They’re rarely documented, never mind automated – DNS has replaced routing as the new “black art” of networking. Today’s networks rely on an IP services backbone of DHCP, DNS, and RADIUS – critical network services components that dictate availability. The enterprise network must be available, scalable and flexible to meet the needs of both small and large organizations because any network downtime has a direct financial impact.
The moral here is : Single points of failure can never be a good thing.
If your site is monetized and/or mission critical – secure DNS with a secure 3rd-party vendor with a robust, Anycast-ed DNS server network.
Then have a mirrored content server infrastructure at seaprate physical locations, load-balanced on an ongoing basis.
If any DNS server goes down, DNS still works. If your hosting provide suffers and outage or your internal content server becomes unavailable, traffic continues relatively uninterrupted to that content at a difficult location.
And disaster-recovery is of course facilitated if it ever comes to that.
