Reliable DNS for SMBs: are your resilience controls keeping up?

TL;DR: DNS reliability is not just uptime but a mix of latency, redundancy, security and visibility, and DigiCert notes UltraDNS processed nearly 42 trillion queries in 2023 while one study found 82% of businesses saw DNS-based attacks lead to application outages. The real test is whether smaller teams can govern this dependency without creating new failure points.

NHIMG editorial — based on content published by DigiCert: Scaling Smart: How SMBs Can Achieve Enterprise-Grade Reliable DNS on a Budget

By the numbers:

• UltraDNS processed nearly 42 trillion DNS queries in 2023 alone.
• DNS-based attacks led to application outages in 82% of businesses.
• Domain name registrations reached 368.4 million.

Questions worth separating out

Q: How should security teams evaluate DNS reliability for identity-dependent systems?

A: Start by mapping which identity services depend on DNS, including SSO, federation, certificate validation, and workload discovery.

Q: Why does DNS reliability matter for IAM and workload identity programmes?

A: Because DNS sits underneath the services that issue, validate, and resolve trust.

Q: What breaks when DNS controls are treated as a commodity service?

A: Teams often discover that low-cost DNS lacks visibility, failover transparency, and security depth.

Practitioner guidance

• Map DNS dependencies across identity flows Inventory where DNS resolution supports SSO, federation endpoints, certificate validation, workload discovery, and API connectivity so outages are measured as identity-impacting events, not just network incidents.
• Test provider redundancy with failure drills Verify how the service behaves when a PoP, region, or resolver path fails, and confirm that traffic reroutes without breaking authentication or application reachability.
• Require security controls that preserve trust Make DNSSEC, DDoS mitigation, and encrypted resolution part of the baseline evaluation so availability and integrity are assessed together during vendor review.

What's in the full article

DigiCert's full blog covers the operational detail this post intentionally leaves for the source:

• The article breaks down Anycast architecture and failover design in more practical detail for teams comparing providers.
• It explains the difference between latency, caching, and availability in a way that helps non-network specialists assess service quality.
• It outlines the cost and support trade-offs SMBs face when moving beyond bundled or low-tier DNS services.
• It adds provider-selection criteria for teams that need a procurement checklist rather than a conceptual overview.

👉 Read DigiCert's analysis of reliable DNS for SMBs →

Reliable DNS for SMBs: are your resilience controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →