constellix background

GeoIP & Secondary DNS: Block Traffic. Stay Online.

September 1, 2021

Constellix DNS LogoOutage Prevention - CDN Outage - DDos Attack Prevention - DNS Outage


Resources:

Subnet Mask Cheat SheetRecords Cheat SheetGeoDNS ExplainedFree Network TroubleshooterKnowledge BasePricing CalculatorLive CDN PerformanceVideo Demos


Categories:

BlogsNewsPress ReleasesIT NewsTutorials
Book a Free Demo →

Want DNS Freebies?

Give us your email and we'll send you the good stuff.

Thanks for joining our newsletter.
Oops! Something went wrong.



Categories:

Heather Oliver is a Technical Writer for Constellix and DNS Made Easy, subsidiaries of Tiggee LLC. She’s fascinated by technology and loves adding a little spark to complex topics. Want to connect? Find her on LinkedIn.

Connect with
LinkedIn

https://www.linkedin.com/in/heather-oliver

Have you ever wished you could deflect malicious or unwanted web traffic like Wonder Woman’s Bracelets of Submission do bullets? Guess what? You can—and at the DNS level! In this blog, you’ll learn all about the hidden superpowers of DNS.

DDoS Protection in a Digital World

With the massive influx of internet usage in recent years, cybercrime has also skyrocketed. And one of the most popular attacks on domains is the distributed denial-of-service (DDoS) attack. In just the first quarter of 2021, the tech industry witnessed a 25% increase in daily DDoS threats compared to Q4 of 2020. To put this into perspective, Microsoft’s Azure claims to have mitigated nearly 252,000 attacks in this short timeframe. Constellix also experienced a similar pattern of rising threats but was able to deflect the “bullets” and remain online through it all.  In light of this increased cybercrime activity, DNS protection for domains is needed more than ever.

DDoS Attacks: A Domain’s Archnemesis 

Before I get into how you can unlock your DNS superpowers, let’s take a look at what a DDoS attack actually is. As the name suggests, this type of cyber threat is designed to deny access to a domain or application. This is achieved by assembling a botnet, which is typically a large group of hacked devices. You can think of it like a large mob of supervillains who’ve come together for the sole purpose of taking down your network with a strategically-timed attack. Using numbers to overwhelm, the botnet easily defeats systems without redundancy in place—in pure Hulk smash, Hulk bash style.

Tip: Want to learn more? See our “What is a DDoS attack” resource.

DNS Providers: Hidden Primary, the Unseen Hero 

So, how can you thwart the sinister plots of maniacal villains lurking on the internet? Let’s start with the “safety nets.” One obvious choice is Secondary DNS. While Constellix doesn’t support traditional secondary setups, you can achieve the same result with a Hidden Primary configuration through API calls. In this case, only the “Secondary” DNS provider’s nameservers are public-facing. This ensures only the secondary servers are affected, as the primary is “invisible.”

DNS Server Redundancy: Primary/Primary DNS, the Trusty Sidekick

Primary/Primary is the most popular non-traditional secondary DNS and serves the same function as Hidden Primary, except in this configuration you have two dedicated resources. This option allows you to circumvent restrictive RFC rules and provides your domain with the fastest and most accurate query routing possible. The drawback is that it requires both providers to be synced via API and can become laborious if frequent updates are required. Still, the added redundancy, speed, and accuracy are well worth it.

DNS Server redundancy - benefits of dual managed DNS providers

Domain Monitoring: Real-time Traffic Anomaly Detection, the AI

The best offense is a good defense. This applies to DNS (and superheroes) just as much as it does football. And one of the greatest DNS superpowers you can have is Real-time Traffic Anomaly Detection (RTTAD). Why? Because it uses state-of-the-art machine learning to analyze your domain’s traffic patterns. RTTAD continuously monitors your web traffic and alerts you to unusual or suspicious behavior in real time. This affords IT teams the ability to troubleshoot misconfigurations or make proactive decisions based on domain activity before damage can occur.

GeoIP to the Rescue

Now for some offensive strategies. When utilizing a solution such as RTTAD, you can use other services to ensure your domain is protected and stays online. That’s where GeoDNS comes in. What makes GeoDNS so powerful is that it allows you to define geo-specific rules for your network. 

Blocking Traffic with GeoIP DNS Filtering

This Geo-based superpower will help you prevent and mitigate DDoS attacks before they can crash your system. With GeoIP filtering, you’re able to set business rules in front of your DNS records that help make decisions that are beneficial for your ROI. But, that’s just a bonus. The real power is that it also lets you block mobs of “supervillains” from accessing your domain entirely. For example, if you are alerted to suspicious activity coming from a specific country, you can create an IP Filter rule that drops all queries originating from that country. You can also get as specific as a city, Autonomous System Network (ASN) number, or by /24 IPv4 and /120 IPv6 EDNS client subnets.

GEO IP FIltering Fact - blocking traffic and set business rules in front of your DNS records strategy

DNS: More Than Meets the Eye

DNS isn’t just a translator. In fact, it holds great power when used to its full potential. Not every provider is the same though. Just like superheroes, each has its own strengths and weaknesses. Choose the right provider for your organization and you can experience the true power of DNS for yourself. 

Tip: Want to see firsthand how Constellix can protect your domain? Click here to schedule a demo and see it in action.

If you found this useful, why not share it? If there’s a topic you’d like to know more about, reach out and let me know. I’d love to hear your thoughts!

Want more? Check these out:

The Most Notorious DDoS Attacks in History

DDoS Attacks in Q1 2021

Powerful GeoDNS Strategies to Maximize Site Performance

Simplify & automate your DNS management.

Learn how we can help with a customized demo.

Get Started
pie diagram dnsdns graph

Constellix DNS News

GeoIP, geodns, block dns traffic, domain monitoring, ddos protection, split dns providers, dns redundancy, server redundancy, IP filters, primary dns, secondary dns, enterprise dns

Sign up for industry news and insights. It'll be worth it.

Sign up for news and offers from Constellix and DNS Made Easy

Thanks for joining our newsletter.
Oops! Something went wrong.