DNS: EdgeCast Route - Basic DNS Service Overview

edgecast Route (DNS) Service Overview

10-01-2013© 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA WWW.EDGECAST.COM

2

Why EdgeCast Route for DNS?

Robust. Globally distributed. Feature rich. Massively scalable. And at the best price to performance ratio available from any DNS provider

Resolve Queries Faster

We route DNS queries faster world wide than any other DNS provider, and we guarantee that the DNS queries will be answered 100% of the time.

Get the Best Value

Experience immunity from cache poisoning attacks and other known DNS software flaws and exploits , and get protection against DDoS attacks.

Experience Better Security

Worry Less

© 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA

Route Queries More Intelligently

Control routing by using information such as the user’s geographic location, traffic load, network transiting, and knowledge of the topologically closest EdgeCast PoP to ensure consistently fast responses regardless of end-user location.

Leverage the EdgeCast global IP Anycast network and high performance ROUTE DNS system instead of building it yourself. Take advantage of EdgeCast’s global capacity, performance and security

Save Time

Deploy Route via our management control center. It’s easy to set up. And quick to modify with updates pushed out globally in under 60 seconds

Domain Name System (DNS)

What Is DNS? A hierarchical and distributed naming system for

any resource connected to the Internet.• Mappings of host names (www.edgecast.com) into

Internet Protocol (IP) addresses (93.184.218.132) are stored in a DB and used by devices to communicate

Leverage features of a global AnyCast network Reduced latency – improved performance Ability to easily load-balance across servers Ease of configuration management High availability Horizontal scaling

Lower operating expenses than do it yourself

Dedicated Support 24x7x365

Security Primary DNS not directly exposed to attackers Ensure end-users are able to find your site

DNS Defined Benefits of Outsourcing DNS

DNS is the “phonebook” for the Internet Without DNS users

can only reach yourWeb site(s) if they know your IP addresses

Why is DNS Important?

© 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA 3

4

DNS Security Concerns

Two common types of attacks Spoofing attacks

o Lead to DNS cache poisoning Denial-of-service (DoS) attacks

o Basic DNS floodo Reflective DNS attacko Recursive DNS attacko Garbage DNS attack

Threats to DNS

How Pharming Works


DNS Attacks

5

EdgeCast RouteDNS Management Solution

Globally distributedo 20+ points of presence (PoPs)o 12 countries (more coming soon)o 4 continents

Overprovisionedo Normal traffic = small % of capacity

Massive Scale and Capacity

Managed (Primary) & Secondary offeringso Implemented as “authoritative-only”o Use to administer DNS zones and associated recordso Reliable, high performance and secure DNS serviceo Fully compliant with DNS specification

No up-front capital costs

Comprehensive Solution


6


Resolve queries faster world wide than any other DNS provider

Standard routing utilizes global IP Anycast networko Globally distributed name server infrastructure

responds to domain name lookups fastero Queries routed to nearest topological location based

on geographic location; traffic load; network transiting

Advanced Policy Routing utilizes ECMUX grammar/ rules for Decision Variable (DV) tokeno Potential Values - ASN (Autonomous System

Number), GR (Geographical Region), GC (City Level Geographical), SN (Client IP Subnet Range Query), IPV (IP Version), HC (Health Check Value)

o Currently requires EC Professional Services

High Performing


DNS Performance Results – 2013-07

Worldwide

0

20

40

60

80

100

120

140

160

32.95

45.15

68.87

94.41

152.75

-37%

-109%

-187%

-364%% Difference vs. EdgeCast

DN

S Re

spon

se T

ime

(ms)

C1 C2 C3 C4

© 2013 EDGECAST NETWORKS 2850 OCEAN PARK BLVD, SUITE 110, SANTA MONICA CA 7

8


Lack of recursive caching function makes service immune to cache poisoning attacks and other riskso A benefit of authoritative-only name servers

Not based on BINDo Known vulnerabilities inherent in BIND do not apply

Per IP address throttling to avoid DNS reflection and DNS flooding attacks

Resilient against DNS software flaws and exploits Highly scalable against DDoS attacks

Secure

Distributed DNS with globally deployed IP Anycast PoPs improves availability of authoritative name serverso EdgeCast will serve DNS resolutions 100% of the time

Health checks performed on global basiso Monitor server performance & availability every 10s

Traffic Managemento Load balance traffic across servers + data centerso Establish system failover

24x7x365 management by dedicated team

Reliable


9

EdgeCast RouteDNS Zone Management

Features

Allows the creation and management of DNS Zoneso A Zone is the portion of the DNS namespace to which

authority is delegated. It contains records via which an authoritative name server can provide a response to DNS queries

o DNS Record Types supported include: • A (IPv4), AAAA (IPv6), CNAME (Alias), MX (Mail

Exchange), NS (Name Server), PTR (Pointer), SOA (Start of Authority), SPF (Sender Policy Framework), SRV (Service Locator), TXT (Text)

Define load balancing and failover configurations for address records associated with each zoneo Zone Management User Interface (UI) is integrated

with Load balancing, Failover and Health Check Management system UIs


10

EdgeCast RouteDNS Zone Management

Benefits

Never leave the zone screen to configure load balancing, fail-over groups, or health checks

Up and running in ~5 minutes

DNS changes typically published to EdgeCast DNS servers in less than 60 seconds

Intuitive user interface makes it easy for both the DNS novice and expert

o Simplifies administration and improves reliability over common manual edits


11

EdgeCast RouteDNS Load Balancing

Features Benefits

Distribution of requests between multiple serverso Redundancy ensures data availability

EdgeCast authoritative name servers automatically pick between servers when resolving a hostname to an IP address based on pre-defined allocation

You are not required to be an EC CDN customer or to have EC manage your zone

Traffic for a load balanced hostname is distributed among the servers associated with ito If a server in a load balancing group is not

available requests to the corresponding hostname will be balanced among the remaining servers

Traffic can flow from:o A Zone managed by EdgeCasto A CNAME record – including ones created a 3rd-

party DNS provider that owns your zoneo A Subdomain delegation

Web portal used to create load balancing groupso Assigned weight given to each server (VIP)

Configured with/without global health checks


12

EdgeCast RouteServer (Global) Health Checks

Features Benefits

Consensus model for health checks ensures against false positives

Automated or manual reinstatement of servers

Check server health status at customer defined intervalso Servers polled at customer-defined intervals

• Send HTTP/S GET, HTTP/S POST, or TCP/TCP SSL request from the EdgeCast Health Check agents

• More frequent pollingo Worldwide distribution of health check agents

• Majority consensus used to determine whether traffic should be pulled from a server

• Service failures are reported by email within a few milliseconds once health checks are completed

Health Check User Interface (UI) is integrated with Zone Management system UI

Health checks can check either entire groups or individual members


13

EdgeCast RouteServer (Global) Health Checks


14

EdgeCast RouteDNS Failover

Features Benefits

Enables a backup server to take over when the primary server cannot fulfill its responsibilities

o Prevents server outage from impacting site traffic

You are not required to be an EC CDN customer or to have EC manage your zone

You can chain the load balancing groups by CNAME.

Establishes primary and backup relationship between 2 two targetso Health check configuration used to determine

when to fail traffic over to backup server• Assigned to each IP address

o Primary service failure results in DNS traffic being routed to the backup service

o Supports both IPv4 and IPv6o Failed services automatically or manually reinstated

A failover configuration established for traffic from:o A Zone managed by EdgeCasto A CNAME record – including ones created a 3rd-party

DNS provider that owns your zoneo A Subdomain delegation

Web portal used to create failover groups


15

EdgeCast RouteSecondary DNS

Features Benefits

Leverage the EdgeCast global IP Anycast network and high performance ROUTE DNS system

o No need for your own infrastructureo Easy way to take advantage of EC global capacity,

performance and security• You can choose to hide your master DNS servers desire and

not expose your systems to Internet-based security threats & concerns

o Improves end-user response by directing them to best performing name server

o Ensures high availability

TSIG (Transaction SIGnature) supporto Helps ensure secure zone transfers

Manage your zones on-premise or via a 3rd-party providero Configuring EdgeCast Route as a secondary DNS can be

done in less than 5 minutes

Web portal used to setup “Master Server Groups”o EdgeCast DNS nodes think they are all masters

TSIG (Transaction SIGnature) supporto Used to provide a means of authenticating zone

transfers


16

Why EdgeCast Route for DNS?

Utilizes EdgeCast’s global IP Anycast network

Massive Scale and Capacity

Normal traffic = small percentage of total capacity

High Performing

Secure

Not susceptible to cache poisoning Provides protection against DDoS attacks

Primary & Secondary offerings (authoritative-only)

Comprehensive Solution

IP Anycast network improves availability Health checks performed on global basis Traffic management

Reliable


17

EdgeCast Route – Price Structure


Solution Module Unit of Measure When Is It Billable?

Tier 1: 1-50 Zones

Each additional increment of 50 Zones

Tier 1: =<1B Queries

Tier 2: >1B Queries


Tier 2: >1B Queries


Tier 2: >1B Queries

DNS Health Checks

Average number of configured Health Checks per month. Rounded up to nearest whole number.

Upon configuration

Service Component

EdgeCast Route (DNS)

Required (Choose one Tier – both components are required) Components

Managed (Primary) or Secondary

DNS

Billable Zones When zone starts being used (e.g. receives 1st DNS query)

Optional

Health Checks

DNS Queries

Star

ndar

d Ro

uting Fixed fee is charged per mill ion queries according to the total number of DNS

queries that were directed to all bil lable zones for which there is no Traffic Management (Failover & Weighted Load Balancing) or advanced policies. Queries rounded UP to nearest mill ion.

Ada

ptive

A

vaila

bilit

y

Fixed fee is charged per mill ion queries according to the total number of DNS queries that were directed to all bil lable zones for which there is Standard Routing + Traffic Management (Weighted Load Balancing and/or Failover). Queries rounded UP to nearest mill ion.

Adv

ance

d Po

licy

Routi

ng Fixed fee is charged per mill ion queries according to the total number of DNS queries that were directed to all bil lable zones for which there is Advanced Policy Routing (based on GeoIP, GeoCountry, GeoCity, ASN, IP Groups, Network Groups, AnyCast PoP, or IP Type) + Traffic Management (Weighted Load Balancing and/or Failover). Advanced Policy Routing currently requires a Professional Services engagement to set up. Queries rounded UP to nearest mill ion.

Technology

DNS: EdgeCast Route - Basic DNS Service Overview