BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER
Introduction DDoS attacks are rapidly growing in magnitude and frequency every year. Just in the last year, attack rates have risen 132% (Q2 2015 State of the Internet). The majority of these attacks are targeting in-house DNS networks which are housed on only one server, or a few servers at one location. DDOS ATTACKS CAN COST UPWARDS OF 40k PER HOUR [Incapsula DDoS Impact Survey 2015] Administrators and business owners are more readily making the switch to outsourced DNS providers as they host these services on larger and more secure infrastructures. By using enterprise networks, companies don't have to waste money on overpriced routers or firewalls that still can't handle today's attacks. Rather, they can pass the buck onto a enterprise provider like DNS Made Easy with proof of reliability and expertise in DNS hosting service. Overview 1. 2. 3. 4. 5. In House vs. Outsourced DNS DDoS Hurts Balance the Load Leave it to the Experts Proven Reliability
In House vs. Outsourced DNS In house operated networks lack the same capabilities as a managed DNS provider. Most attacks prove successful because in house systems lack the large bandwidth capacities as outsourced providers. Recent surveys have discovered that DDoS attacks are growing at exponential rates. In 2005, the highest reported attack (by NTT) was only 10 gbps, however just five years later attacks peaked at 100 gbps. DNS Made Easy mitigated an attack in 2012 that reach over 200 gbps, the largest attack of its time. Organizations using in house DNS infrastructures will spend thousands on expensive firewalls to protect their servers. However what most don't realize is no matter how large the firewall is, if their incoming connections into their network aren't large enough, then Game Over... Name servers can only handle a finite amount of DNS requests or PPS (packets per second) before they fail. DNS Made Easy solves this problem by setting up hundreds of name servers worldwide on an IP Anycast+ network. By serving DNS traffic across many name servers, our network can manage exponentially more requests than a typical unicast or in house network. AN AVERAGE ATTACK COSTS COMPANIES 114k DOLLARS [NTT Best Practices Against DDoS Attacks]
DDoS Hurts To show you how an in house or unicast network handles DDoS attacks, we created a simple graphic showing the steps of volumetric flood attack. This kind of attack is the most frequent form of DDoS, as it's relatively simple to execute and is actually openly sold on the internet for relatively cheap. 1. The attacker floods the target with query traffic 2. The connections are only so large, and eventually will fail from being overwhelmed by the influx of traffic. (We like to think of an incoming bandwidth connection as a pipe, the larger the pipe the larger the data the network can receive) *** The expensive firewall never sees this traffic because the pipe gets too clogged. DDOS ATTACK CO NN EC TI FI ON RE W AL L
Balance the Load Now, we'll show you the difference that an outsourced IP Anycast+ network can provide when facing off against a Volumetric attack. Our network is also engineered to protect against many other attacks such as: TCP State Exhaustion attacks (protocol abuse), Reflection attacks, and Application attacks (DNS). 1. The attacker floods the target with malicious query traffic (just like before) which drowns out the good traffic. DDOS ATTACK SEND TO SCRUB DNSME uses a proprietary cleaning algorithm to scrub malicious traffic PoP 1 PoP 2 PoP 3 DNSME PoP's FIREWALL CLEAN TRAFFIC NAME SERVERS 2. Malicious traffic is sent to DNSME scrubbing facilities before being sent through our network. 3. Traffic gets redirected to many Points of Presence (PoP) to distribute the load. 4. Each PoP then filters traffic through our comprehensive system of firewalls. 5. Clean traffic is then pushed to our name servers which direct and answer query traffic. DNSME has hundreds of these servers, with up to 60 per PoP.
Leave it to the Experts For over 14 years DNS Made Easy has set the record for the longest history of uptime in the industry, all the while mitigating attacks and maintaining only top tier standards. We accomplish this by staying up to date with the latest security threats, our staff of industry experts, and exceptional customer care. The DNS Made Easy platform is constantly monitoring query traffic for influxes and possible threats. In the event of an attack, our fleet of engineers are always ready 3600/24/7/365.25. Our core team of developers are the industry experts, handpicked from governmental and financial institutions. Experts in BIND and DNS infrastructure, we are constantly on top of the latest security threats and upgrade our system for the latest updates and patches to ensure 100% uptime. At DNS Made Easy we have created custom developed attack prevention tools at the firewall and name server levels to thwart malicious traffic. All of our features are developed and maintained in house, and our support staff is always ready to answer your toughest DNS questions. Rather than building and maintaining an in house facility, consider switching to a Managed DNS provider so you can focus on what you do best. A DAY LONG DDOS ATTACK IS AS CHEAP AS 50 BUCKS [Gwapo DDoS Prices]
Proven Reliability DNS Made Easy is a subsidiary of Tiggee LLC, and is a world leader in providing global IP Anycast+ enterprise DNS services. DNS Made Easy implemented the industry s first triple independent Anycast cloud architecture for maximum DNS speed and DNS redundancy. Originally launched in 2002, DNS Made Easy s services have grown to manage hundreds of thousands of customer domains receiving more than 15 billion queries per day. Today, DNS Made Easy builds on a proud history of uptime and is the preferred DNS hosting choice for most major brands, especially companies that compare price and performance of enterprise IP Anycast alternatives.