Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

3/11/2015
01:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CloudFlare Solves an Industry-Wide DNS Security Problem, Shields DNS Infrastructure from Attacks

Virtual DNS Protects and Supercharges DNS Servers, Mitigating one of the Most Common Infrastructure Vulnerabilities-Distributed Denial of Service Attacks (DDoS)

SAN FRANCISCO, March 10, 2015—CloudFlare, the leading Internet performance and security company, today launched Virtual DNS to protect and accelerate any organization’s DNS infrastructure. DNS is the Internet’s address book, and every query on the Internet begins with a DNS lookup. The performance and security of an organization's DNS infrastructure is therefore critical. Virtual DNS boosts the security, global availability, and speed of DNS responses without requiring organizations to make disruptive changes to their legacy DNS infrastructure.

“Virtual DNS is a lifesaver for anyone managing their own legacy nameservers. Hosting providers and large enterprises are stuck between a rock and a hard place: on one hand, they struggle to keep up with the performance and security challenges of running their own DNS infrastructure while, on the other, their legacy DNS infrastructure is nearly impossible to replace without costly disruption,” explained Matthew Prince, co-founder and CEO of CloudFlare. “With Virtual DNS, organizations get the performance, security, and high availability of CloudFlare’s global DNS network with no disruption and no change to their existing infrastructure.”

DNS infrastructures are increasingly becoming the target of cyber attacks. The latest DNS based DDoS attacks mitigated by CloudFlare have exceeded 500Gbps with more than 250 million seemingly valid DNS queries. Traditional DDoS scrubbing hardware and services are useless in the face of these attacks, meaning that until now there has been no way for organizations to avoid downtime if they are targeted. Virtual DNS stops attack traffic at CloudFlare’s edge—blocking traffic before it reaches a company’s nameservers—so even legacy infrastructure is safeguarded.

Industry-leading cloud hosting provider, DigitalOcean, was an early beta customer of Virtual DNS and has been using the service since July 2014. Since every request on the Internet begins with a DNS query, faster DNS responses mean quicker page loads and happier customers.

“DigitalOcean answers 10,000 DNS queries every second, and CloudFlare makes sure that it’s 100 percent clean,” said Sam Kottler, platform engineer at DigitalOcean. “CloudFlare’s Virtual DNS is exactly what we need to protect our DNS infrastructure and  ensure that we are always fast and always online, anywhere.”

Dan Kaminsky, DNS security expert and chief scientist and co-founder of White Ops, agrees: “CloudFlare is addressing a critical issue at the foundation of the Internet.” Kaminsky said, “Internet users depend on DNS to be both highly available and accurate. CloudFlare’s DNS stack, including Virtual DNS and DNSSEC, is already a reality for more than 35 percent of domains using managed domain nameservers.” 

With CloudFlare’s Virtual DNS, records stay on an organization’s nameservers. More than 30 enterprises participated in CloudFlare’s beta. Beta participants were protected from all attacks, and their DNS performance increased by 50 percent. “We’re opening up a new door for organizations that were unable to make changes to their legacy infrastructure,” said Olafur Gudmundsson, long time contributor and DNS Working Group chair at the IETF and now a systems engineer at CloudFlare focused on DNS and DNSSEC development. “Virtual DNS gives organizations a global, battle-tested DNS shield in front of their existing operations.”

Virtual DNS is currently available to CloudFlare Enterprise customers, hosting providers, and large DNS operators.

 

Additional Resources

●      VirtualDNS

●      DigitalOcean Case Study

●      (Blog) Announcing Virtual DNS

 

\# #

About CloudFlare

CloudFlare, Inc. (www.cloudflare.com / @cloudflare) makes sites lightning fast, protects them from attacks, ensures they are always online, and makes it simple to add web apps with a single click. Regardless of size or platform, CloudFlare supercharges websites with no need to add hardware, install software, or change a line of code. The CloudFlare community gets stronger as it grows: every new site makes the network smarter. More than 5 percent of global Web requests flow through CloudFlare's network; every month more than 1.8 billion people experience a faster, safer, better Internet. CloudFlare was recognized by the World Economic Forum as a Technology Pioneer, named the Most Innovative Network & Internet Technology Company for two years running by the Wall Street Journal, and ranked among the world's 50 most innovative companies by Fast Company. CloudFlare has offices in San Francisco, California, USA and London, UK.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Where Are the 'Great Exits' in the Data Security Market?
Dave Cole, Cofounder and CEO, Open Raven,  10/13/2020
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4564
PUBLISHED: 2020-10-20
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea...
CVE-2020-4748
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.
CVE-2020-4749
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link ...
CVE-2020-4755
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.
CVE-2020-4756
PUBLISHED: 2020-10-20
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-For...