Home >> Technology

A10 Networks Helps Service Providers Secure and Protect DNS Traffic with DNS Over HTTPS (DOH)

Wednesday, March 11, 2020/ Editor -  


Home >> Technology

DUBAI, UAE, 11th March, 2020 —  A10 Networks (NYSE: ATEN) today announced the availability of its Domain Name System (DNS) over HTTPS (DoH) capability in the Thunder Convergent Firewall (CFW). This native capability enables service providers to offer DoH services to their subscribers. It helps organizations who run DNS infrastructure deliver higher DNS security by preventing interference and enabling user privacy protection through end-to-end encryption for DNS queries, without sacrificing the performance and latency needed for DNS infrastructure. DoH ensures deeper protection to subscribers against DNS-based attacks. This ultimately improves operational efficiencies for customers while enhancing security.

Encryption is fundamental for the privacy of data on the internet. HTTPS (encrypted HTTP) has one of the largest shares of traffic on the internet today. Due to privacy concerns after the 2013 Snowden leaks, HTTPS is now the de facto standard with sources such as Mozilla Firefox, which showed a 300 percent increase over the period. DNS traffic, by contrast, remains a largely unencrypted channel on the internet. When the DNS traffic is unencrypted, it is vulnerable to manipulation and privacy violations. For example, in A10 Networks’ Q4 2019 State of DDoS Weapons report, DNS resolvers are one of the top-five DDoS weapons and DNS service ports are one of the top-10 UDP targets. DNS is also exploited for malware, ransomware and data theft attacks. Resilient, high-performance DNS infrastructure is essential for the proper functioning of service provider networks and the internet itself.

A10 Networks has worked with large service provider customers to develop a DoH capability, and it is now deployed in production at tier-one service provider networks. The capability is based on a proposed standard published as RFC 8484 by the Internet Engineering Task Force (IETF).

DNS over HTTPS is available today as a native capability with Thunder CFW on any hardware or software appliance, including containerized instances. DoH can be combined with the product’s other security features, including the application delivery controller (ADC) functionality to support comprehensive protection and availability for DNS, while maintaining the performance needed in service provider-scale DNS infrastructure.

DoH solution provides:

Investment Protection – DNS infrastructure is one of the most critical components for operators. It is designed to handle a large volume of traffic and is often the target of extensive attacks. The DoH capability is designed to protect and augment the existing DNS infrastructure investment for service providers. The existing DNS infrastructure solution components remain unchanged, and the secure connectivity and protocol translation are handled natively. Thunder CFW also includes multiple secure application services, including full ADC functionality, as part of the A10 Orion 5G Security Suite.
Scale and Performance – The DoH encryption enabled by TLS requires additional processing capabilities. Thunder CFW is designed for the scale and performance required for high-volume DoH traffic. The encrypted DNS queries can be handled at scale by using built-in advanced hardware capabilties specifically designed to deal with encrypted sessions.
Security and Visibility – A10 provides secure application services to protect DNS infrastructure from multiple attack vectors, these are extended with the DoH capability. Organizations can combine multiple services as required. For example, DNS application firewall, DNS request and query-rate limiting, DNS flood protection, DNS caching and more to improve the security, availability and performance of DNS infrastructure.

“Security of the DNS infrastructure has never been more critical for service providers and for their enterprise customers than now. DNS queries are transmitted in clear text, unencrypted. As a result, DNS queries are easily subject to spoofing, interception, hijacking and other issues,” said Gunter Reiss, VP of worldwide marketing at A10 Networks. “A10’s DNS over HTTPS capability helps service providers protect their DNS infrastructure from devastating attacks, while providing the performance and scale required.”

Previous in Technology

Next in Technology

Home >> Technology Section

Latest Press Release

Lincoln Aviator Presidential Takes on Bumps and Dips, Turning Every Trip into a ...

Telenor, Sony and Ericsson Team to Develop Smart IoT Healthcare Devices

FEM Collaborates with Arab Comedian Maya Acra to Address the Taboo Around the To ...

Allocations to Emerging Markets Debt and ESG-Related Bonds on the Rise

Twentieth “World Milk Day” Sees NFPC Innovate With New Products That Meet Changi ...

Debut Arabian Travel Market Virtual Event gets Underway Tomorrow

Sony Middle East & Africa Introduces New Digital Camera ZV-1, designed for Vlogg ...

Renault of Arabian Automobiles presents exceptional offer on DOKKER

Save the Date for Triyas Challenge 2021

Omega Announces Its Role as the Official Timekeeper of the 36th America's Cup

LG Joins Hedera Governing Council to Accelerate Innovation and Adoption of Publi ...

Maserati Commemorates the American Victories of the 8CTF at the Indianapolis 50 ...

The new BMW 5 Series

Parmigiani Fleurier Toric Fleur

Blue Ocean for Islamic Finance Industry

DTTAG New Executive Committee to Manage Post Covid 19 Return to Normalcy of Trav ...

Commodity Weekly: Crude Oil Frets Geopolitics, Sluggish Demand Bounce

Emirates Post Unveils Modern New Website and Look

Trina Solar Recognized as a "Top Performer" Module Manufacturer for Si ...

Al Ruwad Real Estate Appoints Alaa Masoud as General Manager of Sales and Market ...