Neustar, a neutral provider of real-time information services, has publicly launched its “DNS Shield”, a worldwide network of secure private domain name system (DNS) connections between Neustar and its partners.
The DNS Shield network is independent of public internet networks and embodies an industry-first approach to eliminating latency and security vulnerabilities for DNS traffic within its partner network.
Indeed, the launch of DNS Shield follows the recent emergence of the Mirai botnet, which compromised insecure IoT devices and created the perfect environment for massive DDoS attacks on DNS servers, which resulted in major website outages.
The DNS Shield network forms a secure connection between Neustar UltraDNS authoritative servers and the recursive servers of its partners, minimizing the vulnerable points of compromise targeted in DDoS attacks and DNS Spoofing, while lowering the latency of DNS transactions and improving the reliability of query responses significantly, said Rodney Joffe, SVP and Distinguished Fellow at Neustar.
“DNS is the backbone of the Internet, but the original protocol design was slightly flawed and failed to take in to account some of the potential security issues, which now make it an attractive target for attacks,” said Joffe. “Optimizing and protecting DNS is a mission-critical task since an outage can result in downtime, network latency, lost revenue, and a negative brand experience.”
Neustar says the network supplements a global IP anycast network by adding scores of private nodes to the existing 30 public nodes across six continents to answer more than 33 billion queries per day. The Neustar network already includes a purpose-built DDoS mitigation solution that protects its UltraDNS network, but the addition of DNS Shield should harden its defenses against attacks by removing traffic entirely from the public Internet domain.
Key benefits and features of DNS Shield include:
Lower latency – The private DNS Shield network enables DNS traffic to circumvent general public Internet networking connectivity that is frequently slow and congested, ensuring that even holiday traffic or massively scaling users cannot cause outages or delays. In most cases the network nodes are located within 100 feet of partner recursive servers, reducing network latency to single digit milliseconds – the fastest in the world, Neustar says.
Enhanced security – The DNS Shield network creates a private network for DNS resolution within its partner network, eliminating security threats, such as DDoS attacks and cache poisoning attempts by shielding direct DNS connections from public view and excluding public Internet traffic.
Better reliability – In the event of a DDoS attack or significant network outage, DNS queries will continue to resolve within the private networks where DNS Shield technology is deployed.
“DNS remains constantly threatened by DDoS attacks, cache poisoning assaults, spoofing attempts, and innocently enough, high volume website traffic, which can all lead to service disruptions for a significant portion of the Internet,” said Joffe. “Neustar is hardwiring the Internet with private network connections between our authoritative servers and our partner’s recursive servers, limiting the potential for our UltraDNS network to succumb to these attacks.”