TL;DR: Managed DNS is being positioned as a way to reduce latency, improve routing, and harden DNS against hijacking and DDoS while supporting faster access to online services, according to DigiCert. The governance point is simpler: DNS locality and resilience are now identity-adjacent controls, because availability and trust at the name-resolution layer shape every downstream access decision.
NHIMG editorial — based on content published by DigiCert: New York, NY: A Digital Powerhouse and Technology Hub
Questions worth separating out
Q: How should security teams treat managed DNS in access governance?
A: Security teams should treat managed DNS as part of the access path, not a separate infrastructure detail.
Q: When does DNS performance become a security concern?
A: DNS performance becomes a security concern when slow or inconsistent resolution affects trust, availability, or user routing.
Q: What breaks if DNS hijacking protections are weak?
A: Weak hijacking protection can redirect users away from legitimate services, undermine confidence in the application, and interrupt business transactions without breaking authentication itself.
Practitioner guidance
- Map DNS into service dependency reviews Document which business services depend on each resolver, point of presence, and failover path so that DNS becomes visible in availability and incident planning.
- Measure resolution latency and failure rates Track query latency, packet loss, and failover behaviour separately for internal and customer-facing services to spot hidden degradation before users do.
- Test hijack resistance and fallback paths Validate how the environment behaves if resolution is redirected, delayed, or unavailable, and confirm that fallback routing does not expose users to unsafe destinations.
What's in the full article
DigiCert's full blog post covers the operational detail this post intentionally leaves in summary form:
- Regional deployment rationale for the New York DNS point of presence and the associated network architecture
- Specific performance claims about response times, routing efficiency, and content delivery improvements
- Security features described for hijack resistance and DDoS mitigation at the DNS layer
- How DigiCert positions its DNS infrastructure for businesses operating in high-demand urban environments
👉 Read DigiCert's managed DNS post on the New York point of presence →
Managed DNS in New York: what does it change for trust?
Explore further
Managed DNS is an availability control that security teams still underweight. When DNS resolution degrades, users experience it as application failure, but the real fault line is the trust path that precedes access. That makes placement, redundancy, and routing decisions part of governance, not just infrastructure hygiene. Practitioners should treat DNS as a control surface that supports reliable identity outcomes.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to the NHI Lifecycle Management Guide.
A question worth separating out:
Q: How do organisations decide where to place DNS points of presence?
A: Organisations should place DNS points of presence based on service demand, resilience requirements, and routing efficiency, not geography alone. The right placement lowers query delay and improves fallback behaviour. It also helps ensure that availability decisions support the trust expectations of the services that depend on resolution.
👉 Read our full editorial: Managed DNS in New York and what it means for internet trust