NS1 Explained: DNS, DDI & More

NS1: Beyond Managed DNS

Kris Beevers, founder and CEO of NS1, clarifies a common misconception: “We don’t define ourselves as a DNS company, despite our name and the focus of our conversations.”

This statement may seem paradoxical, considering their primary product is Managed DNS. However, NS1 addresses a far more complex problem than simple domain name resolution.

By framing its capabilities as extending beyond basic DNS functionality, the company successfully distinguishes itself within a highly competitive and often commoditized market.

A Different Perspective on DNS

NS1 fundamentally rethinks the role of DNS. Unlike competitors who view it merely as a traffic connection method, NS1 treats DNS as a powerful traffic routing system.

This allows for highly effective traffic direction and control.

The company’s product suite utilizes data, automation, and real-time decision-making policies to intelligently steer and optimize traffic directly at the DNS level, according to Beevers.

The Filter Chain: NS1’s Core Technology

At the heart of NS1’s capabilities lies a core technology known as the filter chain. This technology is fundamental to the company’s achievements.

The filter chain enables NS1 to deliver its unique value proposition.

Expanding into DDI and Open Source

Previously, it was discussed how Beevers initially conceived the filter chain technology with just 22 lines of code, effectively launching NS1. Now, we will explore the company’s expansion into DDI (DNS, DHCP, and IP Address Management).

DDI is a crucial technology stack for managing internal networks within organizations.

Furthermore, we’ll examine NS1’s commitment to open-source initiatives and the importance of experimentation within its engineering culture.

Experimentation remains a cornerstone of NS1’s innovative approach.

Optimizing External Traffic Flow: DNS and Active Traffic Management

Beevers emphasized to his team and clients that their focus isn’t simply improving DNS or DDI – technologies they now encompass – but rather leveraging these tools to enhance application connectivity with audiences. This involves achieving greater scale, improved performance, and robust security and reliability.

NS1’s initial service offerings were designed to address traffic originating from outside an organization’s network. Examples include users accessing techcrunch.com or viewers streaming content on Netflix. These services comprise Managed DNS, a globally distributed DNS solution, and Dedicated DNS, providing a redundant, secondary DNS network.

The Core Function of DNS

DNS fundamentally translates domain names into corresponding IP addresses, a crucial function for internet operation. Traditionally, DNS has been considered a networking concern, managed by professionals focused on ensuring correct traffic routing.

NS1’s innovative filter chain technology elevates DNS capabilities. It incorporates rules into DNS queries, considering various factors to optimize delivery. Gartner analyst Gregg Siegfried recognizes this as a significant advancement.

Siegfried explains that a typical DNS query functions like a database lookup. When a user requests a domain, the DNS system retrieves the associated record, directing traffic accordingly.

“The filter chain introduces conditional logic into this lookup process, and crucially, it does so at scale,” Siegfried stated. “This powerful capability supports global load balancing, geofencing, and georouting, and was a key factor in my initial assessment of NS1.”

Practical Applications of the Filter Chain

This technology proves valuable in numerous scenarios. For example, some countries mandate that citizen data be hosted within their borders. NS1’s filter chain can route queries from these locations to local data centers, ensuring regulatory compliance.

Another use case involves prioritizing premium customers over free users during periods of high network congestion for a SaaS application.

While the filter chain represents the core technology behind NS1, it isn’t a standalone product. Instead, it serves as the foundation for the company’s commercial services.

Redundancy and Global Reach

The 2016 DynDNS outage highlighted the importance of redundant DNS providers. NS1’s Dedicated DNS offers a completely separate network, adding redundancy to the tech stack. Organizations can utilize both Managed DNS and Dedicated DNS from NS1 for enhanced resilience, avoiding the need for multiple vendors.

To expand its global reach, NS1 provides a dedicated Managed DNS service specifically optimized for traffic within China.

The most demanding applications require even more sophisticated solutions. Internet congestion fluctuates rapidly, and previously reliable routes can become unavailable. While minor buffering issues are tolerable for video streaming, such disruptions can be critical in healthcare, autonomous vehicles, and drone operation.

Introducing Pulsar: Granular Traffic Steering

NS1 developed Pulsar to address these needs. This service provides precise, data-driven traffic steering for applications. It can answer questions such as current response times for users on specific networks or historical response times to particular data centers.

Pulsar Active Traffic Steering utilizes various mechanisms, including customer-provided data through “real user metrics” beacons. These beacons, implemented via JavaScript embedded in website code, transmit telemetry data. Pulsar integrates NS1’s data with customer telemetry to identify issues and optimize traffic flow.

In essence, NS1’s DNS offerings for external traffic extend far beyond basic address lookup and forwarding. They deliver comprehensive solutions for optimizing performance, security, and reliability.

NS1's Expansion into the Enterprise DDI Market

Over the last two decades, the internet’s growth has been substantial, and this expansion extends to the internal networks of businesses. Many organizations now manage networks with tens of thousands of employees and an even greater number of connected devices.

Within the enterprise environment, DDI is a common term representing three crucial technologies: DNS, DHCP, and IPAM. A DHCP (Dynamic Host Configuration Protocol) server is essential for providing private IP addresses to devices on the network.

Enterprise networks also require connections to internal resources, alongside a corporate DNS system for both internal and external address resolution. Furthermore, effective management of all IP addresses is achieved through an IP Address Management (IPAM) system. Consequently, DDI constitutes the core of a contemporary enterprise IT infrastructure.

DDI: A Distinct Purchasing Process

The purchasing process for DDI solutions often differs from that of website or application DNS services. DDI is typically implemented within an organization’s firewall, acting as a protective perimeter for internal operations against external threats.

In May 2019, NS1 strategically entered the DDI market with a product line termed “cloud-native network services,” aiming to broaden its potential customer base. This represented a significant new direction for the company, though initial progress was not immediate.

Brian Zeman, NS1’s COO, joined the company in 2018 after holding sales and leadership positions at SevOne and Prevalent. He notes that NS1 may have entered the DDI space prematurely.

“We successfully established an initial go-to-market strategy, but then needed time to educate the market and identify the most receptive initial verticals,” Zeman explained. “We’ve since addressed these areas, and our channel partnerships are now yielding positive results, though perhaps a slight delay in channel investment would have been beneficial.”

Differing Perspectives on Market Entry

Chris Beevers holds a contrasting viewpoint. “Do I believe we entered the DDI market too early? Absolutely not,” he stated, emphasizing the iterative nature of startup ventures.

“Startups thrive by engaging with the market, exposing their technology and ideas, gaining visibility, and then refining their approach based on feedback.”

Beevers acknowledged, however, that the company initially attempted a broad market approach, targeting both established enterprises and innovative Silicon Valley firms, a strategy that proved ineffective.

“We only encounter challenges when attempting to appeal to those resistant to change,” Beevers observed, citing DDI as a prime example.

Strategic Partnerships and Market Correction

NS1 quickly adjusted its DDI strategy and identified a clear path to market, which included a crucial sales partnership. In June 2020, NS1 formalized a significant partnership with Cisco, integrating its DDI solution into Cisco’s Global Price List.

This collaboration allows Cisco and its partners to readily sell and integrate NS1’s products with existing Cisco technologies. Within enterprise software sales, a robust channel partner network is often critical for success, frequently exceeding the impact of direct sales efforts.

DDI as a Core Market for NS1

Zeman positions DDI as NS1’s second core market, following Managed DNS. The company envisions these two products as complementary, connecting both internal and external traffic to the network edge.

From this foundation, NS1 intends to develop new products leveraging the underlying infrastructure already deployed with its customer base.

David Coffey, NS1’s chief product officer, also prioritizes DDI, believing it’s about extending the effectiveness of NS1’s Managed DNS platform behind the firewall.

Adapting to Modern Infrastructure

Contemporary enterprise infrastructure is evolving, increasingly adopting containerization, microservices, and Kubernetes deployments. These environments feature ephemeral IP addresses and constant rebalancing of resources.

Coffey, with a background in engineering and product management from companies like Forcepoint, McAfee, and Intel, champions automation. “Automation is the key to achieving global scale,” he asserts.

“Our DDI’s software-first, API-driven design – coupled with our integrations – enables global scalability, dynamic resource management, and comprehensive network visibility.”

VPN Traffic Management and Innovation in Product Development

NS1 has developed a VPN traffic-steering service as part of its collaborative efforts with Cisco, with the launch coinciding with the partnership announcement in 2020.

A VPN, or virtual private network, establishes a secure, encrypted connection allowing users or employees remote and protected access to company resources. NS1’s VPN Traffic Steering service facilitates the routing of traffic through a worldwide network of VPN gateways.

The demand for VPN services experienced a significant increase following the onset of the pandemic in early 2020, as organizations transitioned to remote work models. NS1 responded swiftly by developing its own VPN service.

However, substantial development wasn't required, as the core components were already available. According to Beevers, “This represents a logical extension of our existing Managed DNS technology and traffic steering capabilities.” He further explained, “It’s a straightforward integration that capitalizes on the ubiquitous nature of DNS.” This type of rapid experimentation and product refinement is a key aspect of the company culture Beevers aims to foster.

From a market strategy standpoint, as NS1 expands beyond Managed DNS and DDI, Zeman identifies two interconnected guiding principles: applications and target audiences. “The focus is on identifying the audience and establishing a connection to the relevant application,” Zeman stated.

Zeman anticipates that the importance of these guiding principles will evolve as new market requirements arise. The surge in demand for VPN traffic steering, driven by the need to support remote audiences and applications during the pandemic, exemplifies this dynamic and contributed to the service’s growth.

One certainty remains: internet usage continues to rise, creating favorable long-term conditions for NS1 as it enhances existing products and explores new market opportunities.

NS1 Labs: A Focus on Research, Open Source, and Innovation

Beyond its commercial undertakings, NS1 actively pursues experimentation within the open-source domain. Founded with a strong engineering ethos, the company prioritizes support for developers and DevOps professionals. These initiatives are unified under the banner of NS1 Labs.

According to several NS1 executives, including Beevers, open-source projects initiated, spearheaded, or sponsored by NS1 do not automatically translate into future commercial offerings. However, these projects frequently stem from internal development efforts and yield valuable tools benefiting both NS1’s clientele and the wider community.

Shannon Weyrick currently serves as VP Research within the Office of the CTO, leading NS1 Labs. This is, however, just one of several roles he has held at NS1 since joining in March 2014 as the company’s first employee after the three founders. Over the past seven years, Weyrick has functioned as a software architect, Engineering director, Technology director, and VP of Architecture.

Prior to NS1, Weyrick was employed at Internap from 2012 to 2013, where he initially connected with Beevers following the Voxel acquisition.

At a broad level, NS1 Labs concentrates on creating projects that address specific requirements identified within its own operational environment – encompassing areas like observability, testing procedures, and policy creation.

The Flamethrower testing tool, made publicly available in April 2019, originated as a method to assess the robustness of the core NS1 DNS server following a significant rewrite. Similarly, PktVisor, an observability solution released in October 2020, was developed in response to NS1’s first distributed denial of service (DDoS) attack, highlighting the need for enhanced network visibility.

Weyrick’s team is currently developing Orb, a new tool that leverages the data observed by PktVisor to allow users to establish traffic policies based on collected information.

NS1’s open-source contributions aren’t exclusively internally developed. The latest addition to NS1 Labs is Netbox, an open-source DDI project originally created by Jeremy Stretch while at DigitalOcean. NS1 recruited Stretch in April 2021, and he is now contributing to the continued development of Netbox.

Netbox boasts a substantial and expanding user base, and Beevers anticipates further growth with NS1’s support. While the potential for NS1 to offer commercially supported services around Netbox remains uncertain, Beevers has indicated it is a possibility.

Looking ahead, NS1’s open-source and experimental endeavors are centered on identifying the next significant breakthrough, according to Weyrick.

NS1’s future outlook involves considering multiple timeframes, rather than a single, unified vision. Weyrick clarified that the immediate focus – horizon one – is fulfilling commitments to existing customers. However, the company also contemplates horizons two, potentially one to two years out, and three, spanning three to five years.

“The Office of the CTO has dedicated specific time to explore these future horizons and potential directions,” Weyrick stated.

Before pursuing these future opportunities, NS1 must navigate a highly competitive market with numerous established vendors. The third installment of this EC-1 series will analyze the competitive landscape and NS1’s positioning within it.

NS1 EC-1 Table of Contents

• Introduction
• Part 1: Origin story
• Part 2: Product development and roadmap
• Part 3: Competitive landscape
• Part 4: Customer development

Explore additional EC-1s on Extra Crunch.