Security

SecureDNS

How does traditional DNS work?

DNS usually works in one of two modes:

  •  DNS servers for the customer’s domain (so called authoritative servers) are located in the customer’s infrastructure, in the same location as other services (the same connection).
  •  The servers are located in the provider’s infrastructure (e.g. home.pl), and the customer only sends the “content” of the domain to the provider.
 
How does secureDNS work?


During a DDoS attack, when there are millions of DNS queries, the server — and often also its connection — is effectively blocked. SecureDNS prevents this by distributing the queries; they always go to the geographically closest cluster node, as illustrated below:

securedns.png

 
Benefits

Increased security and stability. Each DDoS attack is distributed worldwide, so there are no places where traffic is too concentrated, in particular the attack will not affect the customer’s infrastructure.

Increased reliability and availability of DNS services. Failure of one anycast node does not affect the operation of other nodes – DNS queries are redirected to them automatically and the infrastructure continues to respond.

Speed of operation. Responses from the logically nearest node arrive quickly, via the shortest possible route, without undue delay introduced by long network paths.

Ability to remove DNS servers from the customer’s infrastructure. This reduces costs and eliminates weak points that can be used to gain entry to the customer’s network.

Ease of use and quick configuration. SecureDNS uses familiar, standard DNS protocols, such as AXFR, NOTIFY, DNS UPDATE etc.

Geolocation of responses. In answer to a query e.g. for a web page, SecureDNS can return different IP addresses based on the country that the query came from, so it is easy to achieve global load balancing.

Support for DNSSEC and IPv6. SecureDNS natively supports widely used industry standards, such as DNSSEC and IPv6.