Founded in 1976, Etisalat is a multinational Emirati-based telecommunications service provider. It currently operates in 16 countries across Asia, the Middle East and Africa. Etisalat is the 14th largest mobile network operator in the world, with a customer base of over 167 million.
The ISP’s operations in Afghanistan include 2G/3G/4G data and voice services, as well as internet services for around 500 ISP and corporate customers. Today, around 1million customers subscribe to its 3G network.
Outgrowing Google DNS
- Rapid customer growth meant Google’s DNS solution was failing to efficiently handle DNS requests
- Unwanted latency in DNS responses – up to 120 milliseconds – caused the Internet to feel slow for customers
- It was impossible to ensure good service levels for customers at all times
- 1 x DNSBOX300 master & 8 x DNSBOX200 slaves
- Easily deployed, fit-for-purpose DNS solution
- Latency eliminated – customer experience now lightning fast
- Etisalat able to take back control of DNS management and plan for growth easily
When Etisalat’s network infrastructure was first set up in Afghanistan over a decade ago, it deployed Google’s public DNS service to resolve customers’ DNS queries.
However, with rapid customer growth, Etisalat’s Manager Rafi Jami was concerned about the impact this had on the quality of service:
- With DNS requests sent across the internet to remote Google servers, there was unwanted latency – up to 120ms in many cases. This led to an increasing number of customer complaints about the internet connection feeling slow.
- The Google DNS servers placed restrictions on the amount of DNS queries coming from each of Etisalat’s sites. This resulted in customer requests being dropped altogether.
“OpenDNS wasn’t responsive at times, and this meant some queries were left unresolved.
On bad days, requests were blocked by Google’s DNS service, causing no responses altogether. Our customers noticed this,” says Rafi.
Recognising the need to eliminate these symptoms and facilitate future growth, Rafi decided it was now time to bring in a dedicated system.
Looking for a more reliable, secure recursive DNS solution, he discussed various options with Technical Manager Naser Hakimyar at Micro Systems ICT Services – an integrated solutions provider.
The search for a dedicated DNS solution
A request for proposal (RFP) was put forward, detailing the requirements of a new DNS solution for the ISP’s Afghanistan 3G network across 5 different sites. Key requirements were:
- High performance DNS recursive servers, with support for Anycast
- Central control and visibility, together with secure remote administration
- Security features to protect against DoS and cache poisoning attacks
Naser and Rafi compared solutions from two vendors: ApplianSys and Infobox. They were immediately drawn by the affordability of ApplianSys DNSBOX. For the same functionality, DNSBOX was just a fraction of the cost.
“Not only was DNSBOX significantly cheaper, it also offered more flexibility to fit Etisalat’s exact recursive DNS requirement – with the option to scale this in future in line with their growing business needs,” says Naser.
Easy deployment, fit for purpose solution
A DNSBOX300 master appliance and 8 DNSBOX200 recursive DNS slaves were deployed across Etisalat’s five sites
- The DNSBOX300 master is deployed at the ISP’s core and manages each of the slaves
- At three sites, clustered pairs of DNSBOX200 slaves resolve customers’ DNS queries. The other two have one DNSBOX200 each.
“In contrast with Infoblox servers, DNSBOX200 slaves are modular in design. These servers can be licensed for any or all of three services – authoritative DNS, recursive DNS and DHCP. In Etisalat’s case, the main requirement is recursive DNS and that’s all they pay for, making DNSBOX a truly affordable solution,” says ApplianSys DNSBOX Consultant Harminder Heer.
“Another factor to consider was making sure the deployment process was seamless. ApplianSys Engineers worked closely with Micro Systems ICT Services to ensure each of Etisalat’s five sites had a smooth deployment and that training requirements were met. We then thoroughly tested each location before switching the services on,” says Naser.
BENEFIT: Ultra-secure, high performance DNS caching
DNSBOX has transformed the quality of service for Etisalat’s customers by providing reliable DNS services and drastically reducing previous latency in response times. The Operator now has full control over its DNS network and can affordably scale its solution to meet future demand.
“The previous response time we had of 120ms with Google’s DNS is now only 10ms with DNSBOX! The impact has been significant to customers who can really feel the improvement in service,” Naser comments.
High performance DNSBOX200 DNS slaves – each capable of handling up to 60,000 queries per second – deliver fast and secure DNS caching to customers.
- Carrier grade recursive performance – with parallel processing of multiple queries resulting in 2.5x the performance of BIND
- Maximum security – with DNSSEC validation of responses, multiple features to protect against Denial of Service (DoS) attacks and cache poisoning
“Each of the DNSBOX300s cache between 60-80% of all DNS requests. This not only eliminates the previous latency issue but also means requests are many times more responsive – making the overall customer experience lightning fast,” says Naser.
“DNS cache servers are most vulnerable to DoS attacks since they are external-facing. DNSBOX200 uses UNBOUND to handle recursive DNS – this resolver is purpose-built to deal with the threats to a DNS cache. On top of this, DNSBOX200 is built on the ApplianSys server appliance platform: its intuitive GUI, smart server management, hardened operating system and sensible hardware design give Etisalat the highest levels of security, reliability and ease of use,” says ApplianSys DNSBOX Consultant Harminder Heer.
Taking back control of DNS management
The DNSBOX300 master appliance centrally controls and manages the DNSBOX200 slaves. Etisalat’s Network administrators can log in remotely via a secure web interface and push configurations from the DNSBOX300 master to the remote slaves.
ApplianSys DNSBOX Technical Engineer Alex Garood comments: “The recursive reporting feature allows Etisalat’s engineers to view important statistics like the total number of queries per second being made at each site. This was not possible before and gives them far more control over what’s going on in the network. Statistics can be monitored remotely in real time, as well as reported back on a scheduled basis. They can also check appliance health – for instance server load – to see how much work the DNSBOX200s are doing.”
Saving time, saving money
“Custom templates for recursive settings allow admins to create a single template on the master and simply push this out to slaves, saving tonnes of time,” says Alex.
Scalability, business growth
With much greater visibility and control over its DNS, Etisalat is fully equipped to monitor DNS at all five remote sites, and make considered decisions for future growth.
Additional DNSBOX200 slaves can easily – and affordably – be added to existing clusters or at new sites and be configured to communicate securely with the DNSBOX300 master.
“Thanks to its DNS reporting, DNSBOX makes it much easier to monitor the demand for DNS requests at each of our 5 sites. What it means for us is the ability to make considered decisions when extending our service offerings or taking on new subscribers,” says Rafi.