"We're getting 40% BHR with CACHEBOX, so we are very happy! One of the best things about CACHEBOX is the ease of management."
Helenio Sartori, Repubblica e Cantone Ticino, Switzerland
"We no longer have to put up with the hefty bills and poor service levels of our ISP’s DNS management service"
Mike Bird, IT Director, DHL, UK
"DNSBOX already came with IP address management and host name functions – but the flexibility to add extra fields provided us with a free form way of tracking addresses."
Network Manager, Telecoms Equipment Manufacturer
"Support was extremely helpful... They got me set up on Saturday in a matter of moments and followed up on Tuesday to make sure everything was running well"
Damon Rapp Director Of Technology, Claremont Unified School District
"We have seen significant savings, it's up to 77% on average for today, but it has been at over 65% all week - and that is WITH my Apple cache already in place!"
Damon Rapp Director Of Technology, Claremont Unified School District

Secure DNS within Reach

April 25, 2015

ApplianSys is pleased to announce that Reach Internet Limited – a UK-based ISP – has replaced its existing recursive DNS solution with DNSBOX to ensure highly available and secure DNS services for its customers.

The ISP’s existing solution comprises 3 pairs of DNS servers deployed at three data centres. Each pair was clustered to achieve high availability and used to handle both authoritative and recursive DNS services for its customers.

However, each server ran both services simultaneously. As a result, DDoS attacks that directly affected the recursive service in the past also had a huge negative impact on authoritative DNS services.

DNSBOX Product Manager Ross Horn comments: “Recursive DNS is prone to DDoS attacks, which is why best practice recommends keeping it separate from authoritative DNS to reduce risk.”

For Reach Internet’s Network Manager, Harmohan Sood, the importance of separating the two services was clear: he wanted to ensure his clients never experienced downtime again and sought a dedicated recursive resolver to handle his clients’ DNS queries (up to 5000 QPS).

Reach’s existing vendor offered an expensive and over-featured solution for this. Searching for other vendors online, Harmohan got in touch with ApplianSys.

“Talking to Reach Internet, it was clear that DNSBOX’s dedicated DNS cache server would provide a highly available, secure solution at about a third of the cost offered by the existing vendor,” comments Ross.

DNSBOX200’s rate limiting feature – which restricts the amount of DNS traffic from individual or all IP addresses – will protect the ISP’s services from future DDoS attacks. On top of that, DNSSEC validation – which is the most advanced protection against cache poisoning attacks – adds an extra layer of security.”

The ISP now plans to deploy a high availability clustered pair of DNSBOX200s to handle all recursive DNS for its customers. Authoritative DNS will be handled by the existing solution.

Established in 2009, Reach Internet provides technology and operating platforms to hundreds of customers across the UK to enhance their networks and systems.

It offers a range of services from simple Domain Name registrations and maintenance, to the registration and hosting of TLDs. It also offers Email and Web Hosting packages, Server Co-Location and Fully Managed IT Services for customers providing either the day to day running or alternative backup facilities.