Implementation Also Dramatically Reduces Patching Costs Versus BIND-Based Appliance

DENVER – October 23, 2012 – A large U.S. provider of wireless voice, messaging, and data services has completed an implementation of the Secure64 Software Corporation Domain Name Server (DNS) caching solution that has resulted in improved security, higher performance and lower operating costs. DNS Cache proved to have a significant return on investment (ROI) for the wireless provider according to an in-depth post-implementation study conducted by its technology team, the results of which are summarized below.

Secure64 DNS Cache is a caching DNS software appliance that offers the best performance-per-core of any DNS caching solution with the highest level of security. Secure64 DNS Cache leverages the security capabilities of Secure64’s SourceT micro OS with its built-in DDoS defenses, while utilizing a non-BIND based DNS application that is immune to BIND-specific security vulnerabilities. In addition, Secure64 DNS Cache combats botnets by allowing service providers to load one or more blacklists into the server so that queries for known botnet command and control centers can be detected, reported and blocked.
The ROI study conducted by the wireless company determined that Secure64’s DNS Cache solution:
  • Achieved twice the performance of the BIND-based DNS appliances it replaced
  • Maintained 100 percent customer availability of DNS servers while eliminating patching problems that plagued its prior caching solution
  • Simplified the transition to IPv6 while maintaining full support for IPv4-based mobile devices
“This customer’s implementation of our DNS Cache solution is a great example of how to build a better, stronger, less costly DNS infrastructure that positions your company for growth—all while eliminating some major DNS headaches that telecommunications companies have had to suffer through for years,” said Steve Goodbarn, CEO of Secure64. “One of the things that stands out in this implementation of our DNS Cache solution is the role it plays in this company’s IPv4-to-IPv6 transition. Our DNS Cache solution provides an attractive, cost-effective way to enable a transition to IPv6 while continuing to support IPv4. That alone makes it worth the modest price tag but telecommunications companies also get the benefits of reducing emergency patching efforts, increasing the security of their DNS infrastructure, and lowering costs compared to BIND-based solutions.”
To find out how Secure64 DNS Cache protects against DDoS attacks, read our white paper, “Surviving DNS DDoS Attacks”. To read the case study, visit For more information about DNS Cache, visit

About Secure64 Software Corporation

Headquartered in Greenwood Village, Colorado, Secure64 is a software developer providing the most secure DNS products available to its customers in the government and communications industry. Secure64’s patented technology provides mission-critical security and reliability with high throughput and low latency. It has been shown to be immune to compromise from rootkits and malware and resistant to denial of service and other network attacks. The company offers a suite of trusted and secure DNS software appliances for caching, signing and authoritative use. Secure64’s products are sold and serviced worldwide through Hewlett-Packard and their reseller network and directly by Secure64. For more information, visit

Protecting Your DNS

There have been several recent Denial of Service attacks reported on banks, hosting providers and federal agencies around the world.  As always with these types of attacks, one of the victims is the DNS server. Attacking DNS is effective, once the DNS server is taken down by the hacker, customers can’t reach any of the victim’s servers including mail servers, web servers, etc.

Besides the effectiveness there are also other reasons why the DNS server is the bully victim of the Internet. One of the more technical reasons is that DNS service is UDP based and not TCP based like most other services. Many simple types of attacks can be performed towards UDP based system.  Additionally, UDP is also much easier to forge than TCP so the hacker does not have to reveal his IP-address in the attack. All of this makes the DNS a juicy target.

The traditional way of protecting DNS and other servers is via stateful firewalls. However, this protection mechanism does not work well for UDP based attacks. In fact, most firewalls actually contribute to the problem rather than helping since they are not designed to cope with large floods of small packets. You can verify that this is the case by reading the fine print in the specifications of your firewall. It is probably rated at an impressive number of gigabytes per second but if you look at the number of packets, it is not that high. And even if you have a firewall capable of millions of packets per second it will not do you much good as it is not doing much inspection of the DNS traffic. Traditional firewalls are not smart enough and do not look far enough into the packet to really be able to determine if the packet is legit or not.

What is really needed for adequate protection is a specialized DNS firewall that sits outside of the firewall. This device can either be configured with the DNS data so that it can respond directly or simply forward the scrubbed traffic to “softer” DNS servers behind it.

Secure64’s products can be used in such a setup. Our products defend against Denial of Service attacks and other types of attacks directed towards the DNS servers while we are still able to respond to legitimate traffic. For more information on our products please visit us at our web site.

DDoS Attacks Get Serious

In the last couple of weeks there has been a big jump of DDoS attacks focused on the websites of major US financial institutions. Among those reportedly attacked has included Wells Fargo, JP Morgan Chase, Bank of America, PNC, and U.S. Bank. A distributed denial-of-service attack or better known as a DDoS Read more