Hybrid DNS Engine

Security DNS

Hybrid DNS Engine: the ultimate answer against DNS Zero-Day vulnerabilities

Hybrid DNS Engine offers 3 technologies (BIND, NSD, Unbound) in a single appliance to eliminate single point of failure following security alerts on standard DNS technologies. You can switch from one engine to another with just one click, providing enough time to test the correcting patch. This gives you more control on risk management to protect your DNS infrastructure.

Mitigate DNS Zero-Day Vulnerabilities

Name servers can be particularly vulnerable to cyber attacks. The need for DNS security is greater than ever. Hybrid DNS technology provides the highest-level security for your name servers. When a security alert or actual cyber attack affects your currently running name server software, Hybrid DNS technology gives you alternative name server software that you can switch to with a single click. Your data center operations continue normally, and you revert to using the original name server software only after its vulnerability has been patched, tested, and verified.

The result is greater security, less risk, better performance (the alternative name server software is highly responsive), and easier administration. EfficientIP is the only DDI vendor to provide state-of-the-art, high-quality, truly effective hybrid DNS security.

DNS hijackings caused thousands of sites to redirect users to exploit kit, pushing victims to fake websites, usually to steal financial details " Symantec Internet Security Threat Report 2014

Business at risk: secure your DNS from attacks

Without Hybrid DNS technology, a security alert or cyber attack that targets you’re currently running name server software (BIND for example) will dramatically increase your risk of data loss or network downtime. A DNS vulnerability exposes your network to crippling Denial of Service (DoS) traffic. It can reveal confidential internal information about your company and can turn your entire network into one huge botnet. Having the ability to easily and painlessly switch to a different name server program – unaffected by the DNS vulnerability – eliminates these risks.

In addition, the approach of having two alternative software technologies within the same Hybrid DNS architecture makes the name server’s security footprint baffling to hackers because the DNS engines do not have the same types of algorithms. They’ll find that discovering name server flaws, fissures and openings will be a daunting, complex and nearly impossible task.

World-class DNS security with unique Hybrid DNS solution

The hybrid technology incorporates a second DNS engine, in addition to BIND, in a single DNS appliance. The alternate DNS engine is based on two different name server products, Unbound and NSD. Unbound is a validating, recursive, and caching DNS resolver designed for high performance. NSD is an authoritative only, high-performance name server.

At any moment, one DNS engine is active (running) on a SOLIDserver DNS appliance and the other is in standby mode. EfficientIP’s SmartArchitecture automatically ensures that configuration changes are synchronized between the two DNS engines.

With a single click, you switch from the running name server software that’s been hacked to the alternate name server software that’s been unaffected by the security breach. The alternative name server software can remain in place while DNS programmers patch, test and validate a security upgrade to the vulnerable name server product.

Hybrid DNS Engine key benefits

  • Protects against zero-day vulnerabilities by giving network administrators the possibility to switch from one name server technology to another for immediate vulnerability remediation.
  • Eliminates single point of failure (SPoF) following security alerts and strengthens DNS security in a way that baffles hackers.
  • Improves your security risk management by giving you the option of switching name server technologies when you decide, not when someone else decides. The result is transparent to you and opaque to hackers.