“DNS is the backbone of the Internet, but the original protocol design was slightly flawed and failed to take in to account some of the potential security issues, which now make it an attractive target for attacks,” said Rodney Joffe, SVP and Distinguished Fellow, Neustar. “Optimising and protecting DNS is a mission-critical task since an outage can result in downtime, network latency, lost revenue, and a negative brand experience.”
The DNS system basically controls how the Internet works, ultimately directing browser queries for a website address to the actual website. A DNS server contains directions for many websites, but when it does not have those directions, it will query other DNS servers, just like a user has queried it - a process called recursion.
When the DNS servers go down, visiting websites becomes impossible. The recent emergence of the Mirai botnet, which compromised insecure Internet of Things (IoT) devices, created the perfect environment for massive distributed denial of service (DDoS) attacks on DNS servers, which resulted in major website outages.
The DNS Shield network avoids the situation of overloaded DNS servers by forming a secure connection between Neustar UltraDNS authoritative servers and the servers of its partners. This minimises the vulnerable points of compromise targeted in hacking attacks, while making DNS transactions faster and improving the reliability of query responses.
Neustar’s DNS Shield network supplements a global IP Anycast Network by adding scores of private nodes to the existing 30 public nodes across six continents to answer more than 33 billion queries per day. The Neustar network already includes a purpose-built DDoS mitigation solution that protects its UltraDNS network, but the addition of the DNS Shield network will harden its defenses against attacks by removing traffic entirely from the public Internet domain.
Key benefits include:
· Lower latency – Delivers superior website performance through its private DNS Shield network, enabling DNS traffic to circumvent general public Internet networking connectivity that is frequently slow and congested, ensuring that even holiday traffic or massively scaling users cannot cause outages or delays. In most cases the DNS Shield network nodes are located within 100 feet (about 30.5m) of partner recursive DNS servers, reducing network latency to single digit milliseconds – the fastest in the world.
· Enhanced security – The DNS Shield network creates a private network for DNS resolution within its partner network, eliminating security threats, such as DDoS attacks by shielding direct DNS connections from public view and excluding public Internet traffic.
· Better reliability – In the event of a DDoS attack or significant network outage, DNS queries will continue to resolve within the private networks where DNS Shield technology is deployed. This resiliency ensures an optimal network experience for Neustar partners and customers to ensure maximum uptime.
“DNS remains constantly threatened by DDoS attacks, cache poisoning assaults, spoofing attempts, and innocently enough, high volume website traffic, which can all lead to service disruptions for a significant portion of the Internet,” said Joffe. “Neustar is hardwiring the Internet with private network connections between our authoritative servers and our partner’s recursive servers, limiting the potential for our UltraDNS network to succumb to these attacks.”
Neustar’s DNS Shield network supplements a global IP Anycast Network by adding scores of private nodes to the existing 30 public nodes across six continents to answer more than 33 billion queries per day. The Neustar network already includes a purpose-built DDoS mitigation solution that protects its UltraDNS network, but the addition of the DNS Shield network will harden its defenses against attacks by removing traffic entirely from the public Internet domain.
Key benefits include:
· Lower latency – Delivers superior website performance through its private DNS Shield network, enabling DNS traffic to circumvent general public Internet networking connectivity that is frequently slow and congested, ensuring that even holiday traffic or massively scaling users cannot cause outages or delays. In most cases the DNS Shield network nodes are located within 100 feet (about 30.5m) of partner recursive DNS servers, reducing network latency to single digit milliseconds – the fastest in the world.
· Enhanced security – The DNS Shield network creates a private network for DNS resolution within its partner network, eliminating security threats, such as DDoS attacks by shielding direct DNS connections from public view and excluding public Internet traffic.
· Better reliability – In the event of a DDoS attack or significant network outage, DNS queries will continue to resolve within the private networks where DNS Shield technology is deployed. This resiliency ensures an optimal network experience for Neustar partners and customers to ensure maximum uptime.
“DNS remains constantly threatened by DDoS attacks, cache poisoning assaults, spoofing attempts, and innocently enough, high volume website traffic, which can all lead to service disruptions for a significant portion of the Internet,” said Joffe. “Neustar is hardwiring the Internet with private network connections between our authoritative servers and our partner’s recursive servers, limiting the potential for our UltraDNS network to succumb to these attacks.”
No comments:
Post a Comment