What is the incentive for companies to make there own DNS servers?

Why does Cloudflare, Google and other for profit companies make dns servers?
Does it earn them money some how or are they just doing it for good PR?

I understand that they could earn money by collecting data but a lot of them say they don’t.

It’s more about saving money than earning money.

The DNS is a pretty crusty old system that is vulnerable in many different ways. If you don’t control the protocol or the DNS servers then you are limited to dealing with attacks when they come crashing down on (or through) your door. If you control at least some of the DNS servers then you can mitigate some of the vulnerabilities by patching/extending the protocol/code that runs on them — and completely extinguish the attacks at their source. The deeper your DNS defensive line, the more different types of attacks you can defend against.

Fewer attacks translates to less damage, more uptime, better website performance and reliability, and that has value to Hosting companies and website owners. Both are then willing to pay ‘a premium’ to use the likes of Cloudflare because they can offer better website protection than other companies that have made a smaller investment in DNS.

In a very real sense, preventing fires is cheaper than fighting fires… which is why CDNs like Cloudflare and other organisations with valuable and exposed infrastructure have moved into the DNS space. There is no altruism — it’s a purely rational business decision that reduces expenses.

Google, well, they are just evil and want to you to be an exploitable slave. :wink:


If you’re running windows in a domain, the industry standard is to run microsoft DNS. This is mainly to point your clients at the domain controller, but that’s an oversimplification. You have to run MS DNS for windows clients to function properly in a domain. So while you’re there you might as well define custom internal DNS for say internal payroll or hr sites. Blacklist porn sites. Usual stuff.

If your a small company you can get away with not running a domain. I’d like to hear other IT Pro’s ideas when it comes to management of windows clients not using active directory.