Secure DNS within Reach
ApplianSys is pleased to announce that Reach Internet Limited – a UK-based ISP – has replaced its existing recursive DNS solution with DNSBOX to ensure highly available and secure DNS services for its customers.
The ISP’s existing solution comprises 3 pairs of DNS servers deployed at three data centres. Each pair was clustered to achieve high availability and used to handle both authoritative and recursive DNS services for its customers.
However, each server ran both services simultaneously. As a result, DDoS attacks that directly affected the recursive service in the past also had a huge negative impact on authoritative DNS services.
DNSBOX Product Manager Ross Horn comments: “Recursive DNS is prone to DDoS attacks, which is why best practice recommends keeping it separate from authoritative DNS to reduce risk.”
For Reach Internet’s Network Manager, Harmohan Sood, the importance of separating the two services was clear: he wanted to ensure his clients never experienced downtime again and sought a dedicated recursive resolver to handle his clients’ DNS queries (up to 5000 QPS).
Reach’s existing vendor offered an expensive and over-featured solution for this. Searching for other vendors online, Harmohan got in touch with ApplianSys.
“Talking to Reach Internet, it was clear that DNSBOX’s dedicated DNS cache server would provide a highly available, secure solution at about a third of the cost offered by the existing vendor,” comments Ross.
“DNSBOX200’s rate limiting feature – which restricts the amount of DNS traffic from individual or all IP addresses – will protect the ISP’s services from future DDoS attacks. On top of that, DNSSEC validation – which is the most advanced protection against cache poisoning attacks – adds an extra layer of security.”
The ISP now plans to deploy a high availability clustered pair of DNSBOX200s to handle all recursive DNS for its customers. Authoritative DNS will be handled by the existing solution.
Established in 2009, Reach Internet provides technology and operating platforms to hundreds of customers across the UK to enhance their networks and systems.
It offers a range of services from simple Domain Name registrations and maintenance, to the registration and hosting of TLDs. It also offers Email and Web Hosting packages, Server Co-Location and Fully Managed IT Services for customers providing either the day to day running or alternative backup facilities.