Your website acts as the face of your brand online and making sure that it can be found should be your top priority. Domain Name System (DNS) is the directory system of the internet and is crucial to the performance and security of your website. You can have a state-of-the-art website, but if DNS queries for your website are not resolving to the correct IP addresses, customers will not be able to find your website. Even worse, your customers could end up on the wrong, potentially malicious website.
Because of DNS’ always-on, but behind-the-scenes operational nature, the security of DNS is often overlooked. In this blog post we’ll explore how our authoritative DNS product, Verizon ROUTE, ensures availability and accuracy of your DNS records, while also ensuring fast resolution of your DNS queries.
ROUTE was built from the ground-up to ensure your DNS queries resolve 100 percent of the time. ROUTE is built using NSD (Name Server Daemon), which is known for better security and performance compared to BIND (Berkeley Internet Name Domain). It is deployed globally on more than 50 of our Points of Presence (PoPs) and uses the same lightning-fast, fault-tolerant, load-balanced and scalable infrastructure that runs our global Content Delivery Network (CDN). You can define load balancing and failover configurations for address records associated with DNS zones, and automatic health checks ensure your DNS zones are always available. Our 24x7x365 professional support teams monitor ROUTE and assess potential DDoS attacks to ensure problems are rapidly fixed.
The mitigation of Distributed Denial of Service (DDoS) attacks on your DNS infrastructure is a crucial factor in ensuring DNS availability. According to Symantec, DDoS attacks on DNS are becoming more sophisticated. These attacks can overwhelm your DNS infrastructure and cause the DNS queries from legitimate users not to resolve. Our massive global capacity and scale allow us to absorb a lot of DDoS attacks. Additionally, our always-on anti-DDoS system continuously monitors for unusual traffic patterns, such as UDP floods and big spikes in network connections or DNS queries, and takes action to stop DDoS attacks within seconds.
To ensure fast resolution of DNS queries, DNS records are cached at multiple DNS servers. Attackers often exploit vulnerabilities in DNS infrastructure and software to inject wrong or fraudulent records into DNS caches. These attacks, known as cache-poisoning, can make your website unavailable to customers or could send your customers to malicious websites. In Q4 2015, ROUTE will support DNSSEC in a secondary configuration. For DNSSEC-protected zones, all responses to DNS queries are digitally signed. This allows DNS resolvers and other applications to confirm that received records are authentic and identical to those published by authoritative DNS servers, thus ensuring your website is not impacted by forged or manipulated DNS data. Without DNSSEC, you are much more susceptible to cache poisoning; adversely affecting your bottom line.
In today’s online business world, every millisecond of page load performance counts. Slow performance leads to website abandonment and loss of revenue. According to an Amazon study, a 100ms slowdown can lead to a 1% decrease in revenue. Slow DNS queries increase page load time. As a CDN, we are in the business of enhancing website performance, and ROUTE was architected with performance in mind. We leverage IP Anycast technology to ensure your DNS queries are resolved by the servers closest to your customers. DNS changes are typically published to Verizon DNS servers in less than 60 seconds and third-party tests consistently show that ROUTE outperforms other products in the market.
ROUTE has a lot of other great features that help you ensure your website can always be found. To learn more about ROUTE, click here.
This concludes the first post of our five-part security blog series. Next post will address the question “Is Your Website Available?” with an in-depth discussion of our Anti-DDoS protection. Stay tuned.
Nicholas Soegono, Associate Product Manager
Vikas Phonsa, Senior Product Manager – Security Solutions
For more posts in our security series please read: