A New Chapter in DNS Security and Control: Infoblox for External Authoritative DNS

Share On Facebook
Share On Twitter
Share On Linkedin

For years, enterprises have trusted Infoblox to maintain rock-solid reliability for internal networks using our industry-leading DNS, DHCP and IP address management (DDI) solutions. But corporate networks are just one side of the digital world. Customers reach you through websites, APIs, email and other internet-facing applications that depend on external DNS—and those services are increasingly scattered across clouds and software-as-a-service (SaaS) providers.

Recently, we announced Infoblox for External Authoritative DNS—an expanded portfolio that brings Infoblox resiliency, visibility and unified management of foundational network services to public-facing applications. Whether you host your own external authoritative DNS servers or use a third-party cloud or SaaS provider like Cloudflare or Akamai, you can maintain a single DNS management plane for your entire digital estate. You can view and manage all DNS records—for internal networks, internet-facing services and public and private clouds—through a single API and the Infoblox Portal. So you can drive down configuration errors and outages, accelerate changes and defend against attackers seeking to compromise your customers and brand.

What’s New

The newly expanded portfolio includes three main components:

Traditionally, working with Infoblox’s NIOS WAPI requires consulting static documentation. With Swagger support:

  • Unified DNS Management—Now Including Cloudflare and Akamai: Infoblox Universal DDI™ Management already provided a single, enterprise-wide control plane for managing DNS across internal networks, Amazon Route 53, Azure DNS and Google Cloud DNS. Now, we’ve added support for two of the leading external DNS SaaS hosts too, with the ability to manage Cloudflare and Akamai from the same API and the Infoblox Portal. By managing more of the business’s mission-critical services from the same place, using the same workflows and automation, teams can deploy faster while minimizing configuration errors—the leading cause of downtime.1
  • Adaptive Security for Self-Hosted External DNS: If you self-host your own external authoritative DNS servers on NIOS, that infrastructure must stay exposed to the wide-open internet; that’s just how external DNS works. But you don’t have to leave it unprotected. Infoblox DNS Infrastructure Protection (formerly Advanced DNS Protection, or ADP) can absorb and mitigate a broad range of volumetric and non-volumetric DNS attacks that can knock web applications offline, including distributed denial-of-service (DDoS) attacks, DNS exploits and other threats. It keeps your websites, email and other public-facing applications available and responding to legitimate queries—even while under attack.
  • Protection Beyond the Perimeter: Lookalike domains are among the fastest-growing and most effective cyberattacks. By exploiting social engineering and end-user typos, they mimic legitimate websites to steal user credentials, intercept multi-factor authentication (MFA) messages and damage the company’s brand. Infoblox’s Brand Protection services, Lookalike Domain Monitoring and Domain Mitigation & Takedown, can continually detect and rapidly remove fake domains before they damage your organization’s reputation—typically within 72 hours.

The Need for Non-Stop Resiliency in External DNS

Why is external authoritative DNS so important? First, because it’s foundational to just about every digital interaction with customers. DNS is like the “digital phone book” that tells applications how to find your business. If external DNS fails, your websites, internet applications and everything connected to them can go dark—no connections, no business. The costs of such failures add up quickly. Large businesses can lose up to $1.4 million per hour of downtime,2 and the average DDoS attack lasts 68 minutes.3

Additionally, external authoritative DNS servers remain exposed to the internet, where they become prime targets for cyberattacks. Threats to external authoritative DNS include:

  • DDoS attacks, which overwhelm servers with massive traffic from multiple sources, causing websites to crash (Cloudflare identified 10.5 trillion DDoS attack requests—and more than 59 petabytes of DDoS attack traffic—in the first quarter of 2024 alone.)
  • DNS hijacking, where attackers tamper with DNS records to redirect traffic to a malicious site  
  • Cache poisoning, where attackers inject malicious or invalid data into a network’s cache, either to serve malicious content or redirect users to malicious sites 
  • NXDOMAIN exploits, which flood DNS servers with queries for non-existent domains, causing service disruption

Finally, beyond the huge volume and velocity of cyberthreats, the damage caused by a successful attack on external DNS infrastructure can be much worse than other types of threats. Your organization’s external authoritative DNS records get distributed across recursive DNS servers worldwide—that’s how users find your websites. So, if an attacker is able to hijack or alter those records, it can take hours, even days to correct all that bad data, during which your websites, email and other online apps may be totally unreachable. Major outages like these have cost online retailers tens of millions.

Protecting Your Business—However You Handle External DNS

No matter how you currently handle external authoritative DNS, Infoblox can help you simplify management, block malicious threats and keep your critical public-facing networks and applications online. That includes:

  • Defending Self-Hosted External DNS: Many organizations—especially those with strict compliance or data governance requirements—prefer to host their own external authoritative DNS infrastructure, so they can maintain tight control over DNS records and data. With DNS Infrastructure Protection, you can harden authoritative servers against volumetric and non-volumetric attacks and ensure that legitimate traffic can still reach your sites and services—even while your DNS infrastructure is under heavy attack.
  • Providing a Single Point of Control for SaaS-Hosted DNS: Many other businesses outsource external DNS services to a cloud or SaaS provider like Cloudflare or Akamai, who handle external DNS scaling and security on their behalf. If that’s how you handle external DNS (whether you retain control of a “hidden primary” DNS server or just delegate zones to the SaaS host), you can simplify operations and drive down risk with Universal DDI Management. By monitoring and managing all DNS in the same way, from the same place, there’s dramatically lower risk of costly configuration errors than when swiveling between multiple dedicated tools.
  • Building Redundancy against Cloud/SaaS Provider Outages: When it comes to mission-critical online services, even the largest, most trusted cloud and SaaS providers still have occasional incidents. So, if you’re relying on a single SaaS host for external DNS, you’re taking a real risk. If that provider has an outage, your entire online presence may be out of commission until they resolve it. The solution: diversify your authoritative DNS. Use a reputable cloud or SaaS service, but augment it with your own smaller, self-hosted external authoritative DNS infrastructure on NIOS and DNS Infrastructure Protection, running concurrently with the SaaS service. Now, if the SaaS provider ever has an outage, your self-hosted infrastructure is still available—and your websites and services stay online.

Learn More

External DNS is too important to your business and your customers to leave fragmented or underprotected. With Infoblox for External Authoritative DNS, you can unify management across every DNS surface, harden mission critical authoritative servers against modern attacks and build real resilience—without re-architecting what already works. No matter where your DNS lives—whether you self-host, use a SaaS service or run a hybrid model—Infoblox can help you maintain non-stop availability, security and control.

For more details on how to protect self-hosted external DNS servers, visit the DNS Infrastructure Protection webpage. And watch this video to see how Universal DDI Management seamlessly integrates with Cloudflare and Akamai external DNS.

Footnotes

  1. Uptime Institute’s 2022 Outage Analysis Finds Downtime Costs and Consequences Worsening as Industry Efforts to Curb Outage Frequency Fall Short, Business Wire, June 8, 2022. https://www.businesswire.com/news/home/20220608005265/en/Uptime-Institutes-2022-Outage-Analysis-Finds-Downtime-Costs-and-Consequences-Worsening-as-Industry-Efforts-to-Curb-Outage-Frequency-Fall-Short
  2. The rising cost of downtime, Blau, Adam, BigPanda, April 25, 2024. https://www.bigpanda.io/blog/it-outage-costs-2024/
  3. Average DDoS Attack Cost Businesses Nearly Half a Million Dollars in 2023, According to New Zayo Data, Zayo Group, February 15, 2024. https://www.zayo.com/newsroom/average-ddos-attack-cost-businesses-nearly-half-a-million-dollars-in-2023-according-to-new-zayo-data/

Labels:

Jason Kohn

Product Marketing Manager, Infoblox

Jason is a Product Marketing Manager at Infoblox focusing on external DNS, DNS Infrastructure Protection/Advanced DNS Protection and Infoblox Solutions. Prior to joining Infoblox, he spent more than two decades as an independent marketing expert and technology writer supporting many of the world’s leading tech companies, including Cisco Systems, AWS, Hewlett-Packard Enterprise, Juniper Networks, VMware and many others. He has worked and written extensively on AI, cloud, security, network management and the service provider space, supporting dozens of successful product launches. Jason is based in Ann Arbor, Michigan, where he lives with his wife, two cats and a golden retriever.

View All Posts

You might also be interested in

You might also be interested in

×