Oracle does-in Dyn, resets DNS services to cloud

Some may call it a normal, even boring course of vendor business operations but others find it a pain the rump or worse.

That about sums up the reaction to news this week that Oracle will end its Dyn Domain Name System enterprise services by 2020 and try to get customers to move to DNS services provided through Oracle Cloud.

Oracle said that since its acquisition of Dyn in 2016 and the ensuing acquisition of Zenedge, its engineering teams have been working to integrate Dyn’s products and services into the Oracle Cloud Infrastructure platform. “Enterprises can now leverage the best-in-class DNS, web application security, and email delivery services within Oracle Cloud Infrastructure and enhance their applications with a comprehensive platform to build, scale, and operate their cloud infrastructure,” according to Oracle’s
FAQ on the move. “As a result, Dyn legacy Enterprise services are targeted to be retired on May 31, 2020 with the exception of Internet Intelligence.”

But is the DNS in Oracle’s Cloud support really best in class? In the next breath the company states the Oracle Cloud Infrastructure DNS service will not support Dynamic DNS (Remote Access is not impacted) DNSSEC, Webhop (HTTP redirect), nor Zone transfer to external nameservers.

Not supporting DNSSEC for example seems a bit short-sighted.  In February the Internet Corporation for Assigned Names and Numbers called for widespread community effort to install stronger DNS security technology

Specifically ICANN called for full deployment of the Domain Name System Security Extensions (DNSSEC) across all unsecured domain names. DNS, often called the internet’s phonebook, is part of the global internet infrastructure that translates between common language domain names and IP addresses that computers need to access websites or send emails.  DNSSEC adds a layer of security on top of DNS.

Full deployment of DNSSEC ensures end users are connecting to the actual web site or other service corresponding to a particular domain name, ICANN said.   “Although this will not solve all the security problems of the Internet, it does protect a critical piece of it – the directory lookup – complementing other technologies such as SSL (https:) that protect the “conversation” and provide a platform for yet-to-be-developed security improvements,” ICANN said.

Reactions from Dyn customers on sites such as Reddit and Hacker News/ YCombinator were none too pleased about the change:

This isn’t surprising, but still upsetting.

First as noted, no Dynamic DNS or DNSSEC?? REALLY?? Come on.

Second as also noted, the migration is manually! You have to download a zone record and upload it, and that’s after manually creating your account.

I’ll be switching to Cloudflare. Been considering it for a while, but now it makes sense.

Another commenter wrote:

No dynamic DNS? This is literally the name of the company they bought.

And the migration is just a sign up for a new service after exporting my zone config? They really don’t care about losing customers it would seem. Easy enough, my router supports for ddns and my domain registration is already there, it’s time for DNS to follow it.

Yet another:

As a lesson to anyone else hoping to do a shutdown with a migration to a different service with your company. If you are going to treat me the same as any new subscriber, where I have to re-signup, re-add my payment method, export my settings and then import them again, you’re asking me to buy all over again. If you ask me to buy, then I get will reevaluate the relationship, and if it’s just as easy to migrate to another supplier I will move. Migrating internally should have been “push this button to accept the new terms and pricing, you don’t even need to talk with your registrar. “I’ve been a Dyn customer for over a decade, and now I’m moving because it’s just as easy to move as it is to stay, and I do not want to have to type in “” to manage my service.

The move could no doubt be a boon for other DNS providers such as Clouflare, Rackspace, Verisign and NS1.

“The DNS industry has experienced similar consolidation with Oracle’s acquisition of Dyn and Neustar’s acquisition of UltraDNS and Verisign’s DNS contracts. So often, the shiny, acquired tech is relegated to a loss leader, used as a wedge in the door to sell legacy products.  Or worse, the product is abandoned,” wrote NS1’s chief operation officer Brian Zeman in a blog about the Oracle change.

“Innovation in acquired technologies slows and may even disappear. Support experts are replaced by generalists. That increases tremendous risk for the installed base whose businesses depend on those services. Consolidation is especially problematic with DNS because it is the first stop for all application traffic, which makes it a key point of leverage in modern application development and delivery.” 

While morphing Dyn into Oracle’s cloud may be a business/technical decision, it also seems to mean a loss of a number of jobs. In Manchester, NH where Dyn is located, the New Hampshire Union Leader has been detailing the layoffs and possible sale of the company’s office space.

According to the Union Leader: “Dozens of employees at Oracle + Dyn learned Tuesday they were being laid off in at least the third wave of job cuts since March. The company is eliminating its entire sales and marketing department, according to several workers.  As of a year ago, Oracle + Dyn employed about 400 workers in Manchester, but cut a reported 30 workers in March and another batch in mid-June before Tuesday’s round of layoffs.”

Oracle has not acknowledged the layoffs but numerous reports in the past few weeks say the company has been restructuring around the globe.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.