How Akamai Works | DNS
All internet traffic starts with Domain Name System, or simply DNS. Here, we will take a look at how Akamai handles DNS at a global scale, routing traffic accordingly and keeping threats at bay. A domain name or Zone (for instance: akamai.com) can hold DNS records (for instance: www.akamai.com) of different record types (for instance: A, AAAA, CNAME, NS, MX etc.). DNS runs on port 53.

Traditionally, developers would register their zone with a DNS registrar and point their name server records to their own DNS name servers. In recent years, developers have been moving their DNS infrastructure into the cloud as well. There are three major challenges associated with managing your own DNS infrastructure.

Performance - your DNS infrastructure is not globally distributed and because your web applications, APIs etc. require DNS, there can be performance issues for users not located closely to your DNS name servers.
Security - your DNS infrastructure is also prone to Distributed Denial of Service attacks (or simply DDoS attacks). DNS is the most common attack vector on the Internet today.
Cost - managing your own DNS infrastructure can be costly, especially when you are considering strategies to improve performance or protecting it by placing more DNS name servers around the world.

Akamai offers the Akamai Edge DNS solution which is currently used by thousands of companies, including the largest brands and most popular website in the world today.

Akamai has deployed a global DNS infrastructure across thousands of locations and networks in the world. Every Akamai Edge DNS customers will receive a set of 6 unique Edge DNS regions in order to quickly and safely handle all DNS traffic for your zones. In doing so, all legitimate user traffic will be handled accordingly and attack traffic will be blocked and dropped by the Akamai Edge DNS.

By default, Akamai Edge DNS operates in the PRIMARY mode where all zones and records are managed on Akamai. You have the ability to manage this through a user interface or a variety of Akamai Developer Tools such as APIs, CLIs and Infrastructure as Code tooling.

Akamai also offers SECONDARY mode, where you can still manage zones and records on your own infrastructure. Updates will be retrieved through AXFR Zone Transfers and your own DNS infrastructure is only known to Akamai and Akamai will be issuing all records.

Besides Akamai handling DNS, in most cases, Akamai will also be handling web applications, APIs, static content such as downloads and streaming media. All of this traffic will be running over HTTPS but starts with DNS first. A typical DNS resolution chain with Akamai will look like this.

First, the zone is mapped to Akamai Edge DNS through a Name Server record. Next, the hostname (for instance: www.akamai.com) will be a record of the CNAME record type with a time to live of 600 seconds and is mapped to www.akamai.com.edgekey.net. This is what is known as an Akamai Edge Hostname and is how traffic is routed to Akamai. Akamai Edge Hostnames are always ending in *.edgekey.net, *.edgesuite.net or *.akamaized.net. In that same DNS resolution chain, you will see that www.akamai.com.edgekey.net is now returning a A or AAAA record type with a short 20 seconds time to live and returns an IPv4 or IPv6 address. This is where the Akamai magic happens. Akamai Edge Servers are chosen dynamically based on a variety of factors such as an Edge Server closely located and best performing to the end-user. This is how users all around the world can have a high-performing and fast experience.

With the scale of the Akamai Edge DNS infrastructure, Akamai can also ensure that attack traffic such as DDoS attacks are easily mitigated.

Akamai Edge DNS is an excellent solution to manage one of the most critical aspects of your digital infrastructure, because in a majority of the cases, the issue is probably related to DNS.

For more information on Akamai Edge DNS, including all the supported features and other benefits, please visit [ Ссылка ]


This video was created by Mike Elissen, Developer Advocate @ Akamai Technologies.

Mike is an Akamai veteran with 10+ years of experience consulting the largest companies in the world on their digital strategy and solutions architecting. Focus areas like Cybersecurity, Web Performance, Media Streaming and Content Delivery are what keeps him busy. He aims to Akamaize as many digital applications by automating the process and share his knowledge.

Mike can be found on LinkedIn.
[ Ссылка ]

свернуть