The Domain Name System (DNS) is tied for first place as the most frequently targeted application-layer service for distributed denial of service (DDoS) attacks, and many service providers experience these attacks on a regular basis. Cybercriminals are also now using DNS to introduce malware and exfiltrate data.
“The Infoblox solution helped Cable & Wireless Panama achieve its goal of being number one in customer satisfaction,” said Hugo Aquino, vice president of customer support for Cable & Wireless Panama. “Service incidents from DDoS attacks have been cut in half, and customer complaints about lengthy page load times have been significantly reduced. We were so pleased with the performance and manageability of the Infoblox system in our fixed network that we have expanded it to include our mobile network traffic as well.”
The Infoblox 4030 series appliance, the company’s most powerful device, can process millions of DNS queries per second with redundant RAID hard disks, hot-swappable power supplies, and hardware-based DNS attack detection and protection. When facing a DDoS attack, the Infoblox 4030 is capable of intelligently detecting the attack, and automatically dropping malicious DNS traffic while letting through legitimate queries.
New features for Infoblox carrier-grade appliances address even more DNS threats. Among the improvements are:
- Distributed NXDOMAIN attack protection. An NXDOMAIN attack sends a flood of queries to a DNS server seeking to resolve a non-existent domain name, a time-consuming process. A distributed NXDOMAIN attack comes from a large number of sources, no one of which might have sufficient volume to trigger typical threat protection rules, making these attacks harder to identify and mitigate. Infoblox now intelligently manages incoming DNS queries to protect against this type of distributed attack, helping to maintain availability for service providers’ subscribers.
· Dual-engine DNS. The Infoblox Dual-Engine DNS feature provides the option to switch between BIND and Unbound DNS resolvers for better protection against vulnerabilities targeting DNS servers. By easily and immediately switching DNS engines, service providers can avoid the impact of a vulnerability facing one of the engines, until that vulnerability is resolved.
- Enhanced DNS tunnelling protection. DNS tunnelling attacks can provide cybercriminals with an always-available back channel to exfiltrate stolen data or bypass a service provider’s billing system for free access to services such as premium Wi-Fi. With enhanced DNS tunnelling, service provider DNS networks can identify and drop malicious tunnelling response traffic without impacting legitimate DNS traffic.
“Our service provider customers tell us the service degradation and outages caused by DDoS and other DNS attacks are a significant cause of subscriber dissatisfaction and churn. Infoblox is committed to supporting service providers with secure DNS solutions to protect their rapidly evolving networks and growing traffic,” said Dilip Pillaipakam, vice president of service provider products at Infoblox. “With these new enhancements, Infoblox can help increase visibility and control across all DNS infrastructure, easing operational costs, increasing manageability, and maintaining the best possible subscriber experience.”