kona enhanced dns (edns) overview - akamai at rsa conference 2013
DESCRIPTION
Using eDNS, a customer's primary DNS servers are not directly exposed to end users, so the risks of cache-poisoning and denial-of-service attacks are mitigated. Akamai's Enhanced DNS is the only outsourced DNS security solution that leverages the globally-distributed Akamai Platform, requires no change to existing DNS security administration processes, and provides unparalleled reliability, scalability, and performance of DNS resolution. Learn more about Kona Security Solutions: http://www.akamai.com/html/solutions/kona-solutions.html Learn more about Akamai's presence at RSA Conference 2013: http://www.akamai.com/html/ms/rsa_conference_2013.htmlTRANSCRIPT
Akamai DNS Offerings
RSA© Conference 2013
©2013 AKAMAI | FASTER FORWARDTM
Akamai DNS Solutions
Enhanced DNS (eDNS) • Scalable, outsourced, DNS solution to direct end-users to websites
• Primary and Secondary DNS available.
Global Traffic Manager • DNS based Global load balancing platform • Shift traffic based on – datacenter availability and geography
Akamai DNSSEC • Allows customers to offload DNSSEC support to Akamai
©2013 AKAMAI | FASTER FORWARDTM
Akamai DNS Platform
Highly Scalable • Runs on ~2000 servers • Distributed across 100+ points of presence (3-5 times more than nearest competitor)
• Normal traffic < 1% of capacity • Sized to handle largest botnets
Protection for Increases in Traffic Volume • Pay by number of Zones – NOT DNS requests
• No extra charge for DDoS attack traffic • No additional charges as traffic grows
Globally Distributed • 22 countries – and more coming…
Highly Reliable • Deployed on a global IP Anycast DNS network
• 24x7 availability
Secure • Per IP address throttling to avoid DNS reflection and DNS flooding attacks
• Prioritizes traffic from known good name servers to prevent IP spoofing attacks
• No two customers share the same list of DNS Anycast IPs
©2013 AKAMAI | FASTER FORWARDTM
Akamai DNS Platform
Proprietary implementation • Fully compliant with DNS specification • Completely independent from other DNS name server code bases
• e.g. BIND, MS DNS, DJBDNS
• Not susceptible to vulnerabilities found in other DNS offerings such as BIND
Code base • Smaller, more focused and not controlled by the configuration
• Tighter control; fewer vulnerabilities
SLA • 100% uptime
• Akamai will serve DNS resolutions 100% of the time for customer owned DNS zones configured to use the eDNS service
©2013 AKAMAI | FASTER FORWARDTM
DNSSEC Solution Highlights
Key Benefits • On-demand scalability for additional DNS traffic • Significant reduction in operational overhead to maintain DNSSEC compliance
• Customer doesn’t need to re-sign zones periodically • Customer doesn’t need to manage keys and key rotations
• Increased security and reliability • Leverages Akamai’s proven Key Management Infrastructure
• Infrastructure offload for the additional DNS traffic and resources
©2013 AKAMAI | FASTER FORWARDTM