Mitigate DNS Zero-Day Vulnerabilities

DNS hijackings caused thousands of sites to redirect users to exploit kit, pushing victims to fake websites, usually to steal financial details. (Source: Symantec Internet Security Threat Report 2014)

Name servers can be particularly vulnerable to cyber attacks. The need for DNS security is greater than ever. Hybrid DNS technology provides the highest-level security for your name servers. When a security alert or actual cyber attack affects your currently running name server software, Hybrid DNS technology gives you alternative name server software that you can switch to with a single click. Your data center operations continue normally, and you revert to using the original name server software only after its vulnerability has been patched, tested, and verified.

The result is greater security, less risk, better performance (the alternative name server software is highly responsive), and easier administration. EfficientIP is the only DDI vendor to provide state-of-the-art, high-quality, truly effective hybrid DNS security.

Business at Risk! Secure Your DNS From Attacks

Without Hybrid DNS technology, a security alert or cyber attack that targets you’re currently running name server software (BIND for example) will dramatically increase your risk of data loss or network downtime. A DNS vulnerability exposes your network to crippling Denial of Service (DoS) traffic. It can reveal confidential internal information about your company and can turn your entire network into one huge botnet. Having the ability to easily and painlessly switch to a different name server program – unaffected by the DNS vulnerability – eliminates these risks.

In addition, the approach of having two alternative software technologies within the same Hybrid DNS architecture makes the name server's security footprint baffling to hackers because the DNS engines do not have the same types of algorithms. They’ll find that discovering name server flaws, fissures and openings will be a daunting, complex and nearly impossible task.

World-Class DNS Security With Unique Hybrid DNS Solution

The EfficientIP Hybrid technology incorporates a second DNS engine, in addition to BIND, in a single DNS appliance. The alternate DNS engine is based on two different name server products, Unbound and NSD. Unbound is a validating, recursive, and caching DNS resolver designed for high performance. NSD is an authoritative only, high-performance name server.

At any moment, one DNS engine is active (running) on a SOLIDserver™ DNS appliance and the other is in standby mode. EfficientIP’s SmartArchitecture ™ automatically ensures that configuration changes are synchronized between the two DNS engines.

With a single click, you switch from the running name server software that’s been hacked to the alternate name server software that’s been unaffected by the security breach. The alternative name server software can remain in place while DNS programmers patch, test and validate a security upgrade to the vulnerable name server product.

Furthermore, EfficientIP's SmartArchitecture™ enables effortless deployment of hybrid DNS architectures. For instance, designing, deploying and managing a Master-Slave architecture with Master servers running BIND and Slave servers running NSD is easy with SmartArchitecture™ templates.

Hybrid DNS Engine Key Benefits

EfficientIP's Hybrid DNS engine:

  • Protects against zero-day vulnerabilities by giving network administrators the agility to switch from one name server technology to another for immediate vulnerability remediation.
  • Eliminates single point of failure (SPoF) following security alerts and strengthens DNS security in a way that baffles hackers.
  • Improves your security risk management by giving you the option of switching name server technologies when you decide, not when someone else decides. The result is transparent to you and opaque to hackers.