Presentation is loading. Please wait.

Presentation is loading. Please wait.

STRENTHENING YOUR EXTERNAL DNS External DNS Overview DNS Background Strengthening External DNS with Anycast Example of an Anycast DNS Service.

Published byBethanie Griffith Modified over 8 years ago

Similar presentations

Presentation on theme: "STRENTHENING YOUR EXTERNAL DNS External DNS Overview DNS Background Strengthening External DNS with Anycast Example of an Anycast DNS Service."— Presentation transcript:

1

2 STRENTHENING YOUR EXTERNAL DNS External DNS Overview DNS Background Strengthening External DNS with Anycast Example of an Anycast DNS Service

3 WHO IS.CA ( CIRA )? The Canadian Internet Registration Authority (CIRA) manages a 100% up time service - the.CA domain name registry for over 2.4 million domains Provide DNS for.CA, answering 3 billion DNS queries per month CIRA is a member-driven organization of over 70 employees and an elected 12-person board CIRA supports the growth of a strong and reliable Internet for all Canadians by investing in Internet projects, and helping to represent Canadian Internet interests around the world The organization responsible for a critical part of the Internet infrastructure, is expanding its services to help organizations secure their DNS systems in Canada

4 DNS IS MISSION CRITICAL During a DNS outage websites, web applications, and email are down DNS outages result in brand damage and/or lost revenue –Losses range from hundreds to millions of dollars per hour –Amazon lost $4.7 million in sales in a 40 minute outage –Google lost $545,000 in revenue for a 5 second outage –Damage to reputation is another cost DNS lookups contribute to website performance –40% of people abandon a website after only 3 seconds –Amazon calculated that a 1 second increase in page load time would result in $1.6 billion in lost revenue per year –Google calculated 400ms delay in returning search results would result in 8 million less searches per day DNS is a mission critical service that requires 100% uptime and low latency

5 DNS IS VULNERABLE Numerous Failure Mechanisms -Equipment failure -Network outages -Natural disasters -Need diversity DNS based DDOS Attacks account for 10% of all attacks –DNS as the target –DNS as the attack vector –DNS attacks are easy to generate and hard to defend DNS is vulnerable to failures and attack

6 ANYCAST DNS VS UNICAST Unicast – Traditional DNS deployments Nameservers are implemented on single nodes, each with a unique IP address Anycast – Adding resiliency to your DNS Nameservers are implemented on a multiple geographically distributed nodes that share a single IP address Layer 3 routing sends packets to the geographically nearest nameserver Built in redundancy, failover and load distribution UNICAST ANYCAST

7 CHALLENGES WITH ANYCAST Anycast is expensive to setup and operate High capital expense, high operating expense, complex to manage Commercial offerings are available as a service Increasing in adoption

8 A GLOBAL ANYCAST DNS SERVICE THAT PUTS CANADA AND CANADIAN TRAFFIC FIRST LocationCloud Miami, FL1 Los Angeles, CA1 London, UK1 Hong Kong1 Calgary, AB1 Montreal, QC1 Toronto, ON1 Winnipeg, MB1 LocationCloud Vancouver, BC2 Montreal, QC2 Toronto, ON2

9 CANADIANS BENEFIT FROM LOW-LATENCY

10 CANADIANS BENEFIT WHEN OFF-SHORE DDOS ATTACKS GET SOAKED-UP WHERE THEY OCCUR

11 REVIEW YOUR EXTERNAL DNS Your external DNS is a mission critical network service that requires; 100% Uptime High Performance Resiliency to DDOS attacks

Download ppt "STRENTHENING YOUR EXTERNAL DNS External DNS Overview DNS Background Strengthening External DNS with Anycast Example of an Anycast DNS Service."

Similar presentations

The Role of Indirection and Diffusion in DDoS Defense Angelos D. Keromytis Network Security Lab Computer Science Department, Columbia University.

The Role of Indirection and Diffusion in DDoS Defense Angelos D. Keromytis Network Security Lab Computer Science Department, Columbia University.
Lightspeed Filtering Mark Shrimpton Schools Broadband Team EiS.

Lightspeed Filtering Mark Shrimpton Schools Broadband Team EiS.
1 Effective, secure and reliable hosted email security and continuity solution.

1 Effective, secure and reliable hosted security and continuity solution.
Barracuda Link Balancer Link Reliability and Bandwidth Optimization.

Barracuda Link Balancer Link Reliability and Bandwidth Optimization.
Tapestry: Decentralized Routing and Location SPAM Summer 2001 Ben Y. Zhao CS Division, U. C. Berkeley.

Tapestry: Decentralized Routing and Location SPAM Summer 2001 Ben Y. Zhao CS Division, U. C. Berkeley.
Self-Managing Anycast Routing for DNS

Self-Managing Anycast Routing for DNS
Hosted Revolution Ltd Hosted Exchange October 2009 V2.01.

Hosted Revolution Ltd Hosted Exchange October 2009 V2.01.
Maximise Your Online Presence SEO & Social Media Strategies For Local Business Owners.

Maximise Your Online Presence SEO & Social Media Strategies For Local Business Owners.
Akamai DNS Offerings RSA © Conference 2013. ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.

Akamai DNS Offerings RSA © Conference ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.
Chapter 4 Infrastructure as a Service (IaaS)

Chapter 4 Infrastructure as a Service (IaaS)
■ Google’s Ad Distribution Network ■ Primary Benefits of AdWords ■ Online Advertising Stats and Trends ■ Appendix: Basic AdWords Features ■ Introduction.

■ Google’s Ad Distribution Network ■ Primary Benefits of AdWords ■ Online Advertising Stats and Trends ■ Appendix: Basic AdWords Features ■ Introduction.
1 BIG-IP Global Traffic Manager Presented by: your name, your title.

1 BIG-IP Global Traffic Manager Presented by: your name, your title.
Chapter 3 Internet. Physical Components of the Internet Servers Networks Routers.

Chapter 3 Internet. Physical Components of the Internet Servers Networks Routers.
June 2007APTLD Meeting/Dubai ANYCAST Alireza Saleh.ir ccTLD

June 2007APTLD Meeting/Dubai ANYCAST Alireza Saleh.ir ccTLD
© 2013 Imperva, Inc. All rights reserved. DDos Attacks and Web Threats: How to Protect Your Site & Information Tina Shaw Account Executive 650-832-6087.

© 2013 Imperva, Inc. All rights reserved. DDos Attacks and Web Threats: How to Protect Your Site & Information Tina Shaw Account Executive
Domain names & website hosting QUME 185. 2 Topics covered What an Internet Service Provider (ISP) does What a Hosting Provider does What a Domain Name.

Domain names & website hosting QUME Topics covered What an Internet Service Provider (ISP) does What a Hosting Provider does What a Domain Name.
BusinessConnect: International MPLS based Services

BusinessConnect: International MPLS based Services
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Lesson 1: Configuring Network Load Balancing

Lesson 1: Configuring Network Load Balancing
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

Similar presentations

Ads by Google