Intelligent DNS Firewall for Service Providers

The Challenge

Service providers use DNS to enable subscriber access to critical services and web applications. If DNS is unavailable, services will fail to function properly, leading to network and service degradation or failures. To prevent this occurrence, service providers must optimize and secure the DNS infrastructure. However, such an infrastructure requires tremendous amounts of real-time management and stability, and scaling DNS rapidly becomes crucial when dealing with millions of service names and IP addresses.

As service providers scale their control planes, they also need to ensure the security of subscriber and billing data, as well as the capacity to withstand attacks such as DNS DDoS attacks, DNS amplification attacks, and DNS tunneling for circumventing service limits.

The Solution

BIG-IP DNS delivers an intelligent and scalable DNS infrastructure that gives mobile users faster access and service response. This makes it easy for service providers to optimize, monetize, and secure their DNS infrastructures. F5 DNS provides carrier-grade, high- performance LDNS caching and resolving, and is a hyper-scale authoritative DNS solution that includes DNS firewall security services for mitigating DNS DDoS attacks.

In addition, BIG-IP DNS can load balance local and recursive DNS services. Service providers use customizable monitors and global server load balancing (GSLB) services to allocate the best resources to DNS queries and respond with the best service experience. Because BIG-IP DNS enables a DNS64 environment, it creates a fault- tolerant architecture, which in turn, improves network traffic and users’ quality of experience (QoE). By implementing BIG-IP DNS service providers protect their brand.

BIG-IP DNS also shields the DNS infrastructure from malicious attacks by infected subscribers and from undesired DNS queries and responses that reduce DNS and service performance. F5’s intelligent DNS firewall inspects and validates protocols while dropping invalid requests or refusing to accept unsolicited responses. BIG-IP DNS is an ICSA Labs Certified network firewall with DDoS threshold alerting that hyper-scales across many devices using IP Anycast for DDoS absorption. It mitigates threats by blocking access to malicious IP domains.

Finally, BIG-IP DNS offers enhanced, detailed stats with high-speed DNS logging and reporting, along with advanced analytics and performance metrics that deliver business intelligence for service and capacity planning, service optimization, and service monetization, as well as security troubleshooting.

F5 Helps You:
  • Optimize DNS infrastructure and hyper-scale service delivery
  • Monetize on services with improved network performance and lower churn
  • Secure your network and mitigate DNS attacks
  • Ensure quality of experience and extend service availability
Diagram of how a firewall protects from malicious attackers