TL;DR: Managed DNS can improve website performance with load balancing, preserve availability through secondary DNS and failover, and strengthen DNS security with DNSSEC, according to DigiCert. The governance lesson is that DNS reliability and integrity are now part of broader identity and trust control design, not just network operations.
NHIMG editorial — based on content published by DigiCert: Best Managed DNS for San Jose, California
By the numbers:
- Studies have shown that a one-second delay in website loading time can result in a 7% reduction in conversions.
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
Questions worth separating out
Q: How should security teams reduce the impact of DNS hijacking on identity and access paths?
A: Security teams should protect the DNS records that support sign-in, API access, and certificate validation first, because those zones carry the highest trust value.
Q: When does managed DNS become part of identity governance rather than network operations?
A: Managed DNS becomes an identity governance issue when it directly affects how users, workloads, and services reach trusted endpoints.
Q: What breaks when DNS integrity controls are missing?
A: When DNS integrity controls are missing, attackers can redirect traffic, intercept users, or disrupt service without changing the application itself.
Practitioner guidance
- Map DNS dependencies across identity and service flows Identify which login pages, API endpoints, certificate checks, and internal services rely on each authoritative DNS zone so outages do not surprise the identity team.
- Enable DNSSEC on trust-anchor domains Prioritise domains that support authentication, certificate validation, and customer access journeys.
- Test secondary DNS and failover paths under failure conditions Simulate primary DNS loss, regional interruption, and record corruption to confirm that alternate resolution behaves as intended and does not create stale or inconsistent answers.
What's in the full article
DigiCert's full blog covers the operational detail this post intentionally leaves for the source:
- Specific managed DNS configuration patterns for load balancing and failover across production domains
- Product-level guidance on DNSSEC setup and zone protection workflows for administrators
- Operational positioning for DigiCert DNS Trust Manager in relation to availability and trust controls
👉 Read DigiCert's blog on managed DNS security and performance for San Jose businesses →
Managed DNS security and uptime: what IAM teams should consider?
Explore further
Managed DNS is a trust-control problem as much as an availability problem. The article frames DNS around speed and uptime, but the governance issue is broader: DNS is a decision point that determines whether users and workloads reach the right destination at all. When resolution is manipulated, the failure occurs before conventional identity controls engage. Practitioners should treat DNS integrity as part of the access trust chain, not as a back-end utility.
A few things that frame the scale:
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases, according to LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
- A separate finding from our research shows that only 44% of developers are reported to follow security best practices for secrets management, which keeps exposure and misuse conditions persistent across environments.
A question worth separating out:
Q: How do you know if your DNS resilience controls are actually working?
A: You know they are working when secondary DNS, failover, and resolver monitoring keep services reachable during simulated outages, record corruption, or authority loss. Test results should show predictable resolution, minimal delay, and no manual recovery surprises. If your recovery depends on ad hoc intervention, the control is theoretical rather than operational.
👉 Read our full editorial: Managed DNS security and performance controls for San Jose businesses