DDoS and DNS: where can the DNS platform protect your assets

DNS, unfortunately, is a prime target for DDoS attacks, a fact that cannot be ignored. This vulnerability poses a significant risk to the stability and accessibility of your online services.

Some servers and some setups allow the bad guys to use DNS servers to attack other servers. Other setups and servers are not configured or cannot protect against inbound attacks.

Why protect a DNS server?

No DNS = No Internet. It’s that simple, as no one knows the IP address for a server. Think of the sites you use every day, and ask yourself if you know the IPv4 address and then ask if you could remember the IPv6 address.

This means you have 2 different areas to protect

  1. Protect your brand by keeping the Authorative DNS operational
  2. Protect you caching DNS and ensuring it is not open for abuse internally or externally

Protecting your brand

Consider the scenario where a customer or a user is trying to access your website. They initiate a DNS lookup, which at some point involves your server. If your DNS server is down or overloaded due to a DDoS attack, the user cannot retrieve the IP address for the service they need. Hackers exploit this vulnerability, effectively blocking access to your service without even compromising your server. This underscores the urgency of protecting your DNS server.

This problem can cause financial issues and result in users accessing alternate providers to get the desired product or service.

Authoritative DNS servers need the ability to dynamically block these attacks without having to resort to the system administrator configuring the prevention at the time of the attack. These servers need the ability to report on the attack so that lessons can be learned, but the most obvious feature is uptime; they have to resolve legitimate queries while blocking the attack.

Protection needs to be built into the whole software stack. Using external platforms to protect insecure DNS servers is a bad idea as the system administrator cannot easily see the whole picture of the attack. The DNS solution in your network needs to be aware of the attack and protect itself.

Protecting the caching DNS server

There are far more caching DNS servers installed across the internet and inside networks than Authorative DNS servers. Sometimes, hackers abuse caching DNS servers into a DDoS cluster. If a DNS server is open as a resolver on the internet, the hacker can bounce malicious queries off it and hide their location and intention. This can be a massive problem on the internet.

Again, filtering needs to be deployed to protect the DNS server and ensure your servers are not used for malicious reasons.

Start low in the stack

DNS Software sits at the top of the ISO stack. Hackers know this and often attack the server with ICMP, TCP and UDP attacks which are nothing to do with DNS. Your protection, therefore, needs to secure the server against attacks from the lower layers of the stack, and critically, it needs to be able to report these attacks. An important factor is having all the various attacks correlated in the protection and reporting architecture and visible using a GUI. This ensures the system administrator doesn’t have to dig through logs and reports from different protection platforms where they cannot understand all the attack vector.


Having a GUI that can see the attacks in near real-time is a factor to help understand when you are being attacked, how you are being attacked and how the attack changes over time.

If you have your protection split across different vendors and different protection boxes, seeing the ICMP and DNS attacks is often very hard as you may have multiple different reporting engines to view and try and correlate the data.

The reporting engine needs to work offline from the servers to ensure that it doesn’t impact the performance of the solution, but critically, you need real-time information to see the attack. Some platforms have large delays in reporting of minutes, and that doesn’t help when the attack could be over in the time taken to see the data.

Protect against misuse of the DNS

DNS Tunnelling is a clever technique that uses perfectly valid DNS queries from sources allowed to query the caching DNS server. Hackers embed the traffic they want to pass in a DNS query and response. The caching DNS server sends the packet to the Internet. Hackers can use this technique for service theft and data exfiltration. As the data is, in effect, valid, legacy solutions do nothing to stop this method.

DNS tunnelling protection has to be dynamic and not rely on lists of domains from a central source. The platform must be self-protecting and provide detailed reporting.

The 10 year anniversary of Secure64 and 6connect joint solutions:

Secure64 and 6connect’s partnership is now entering its 10th year, and we wanted to do a special highlight to showcase how our products and innovation have worked together.


Building on its custom SourceT secure platform, Secure64 was the first to offer a fully automated DNSSEC signer that could be deployed on the open Internet and the only FIPS 140-2 Level 2 certified cryptographic solution without requiring additional hardware. Secure64 was the first to offer significant functional enhancements, such as synthesized PTR records for authority servers and real-time, on-premise DNS tunnel detection for caching servers.

Building on its core safety, security, and stability principles, Secure64 has applied its expertise and experience to its server products, now running on commercial bare metal, virtual machines, and cloud-native platforms. With our DNS-based defenses, DNS DDoS protection, security threat visualization and DNS management, Secure64 remains at the forefront of delivering complete DNS solutions. As Secure64’s product offerings have expanded over the years, 6connect has worked alongside developing new solutions and capabilities.


Since our founding in 2009, the 6connect team has been dedicated to solving the frustration and problems that manual network provisioning creates for network architects, administrators, and operators. 6connect’s ProVision continues to solve all of the most common headaches associated with large-scale dynamic network provisioning. It provides automation tools for network management tasks like IPv4/IPv6 subnet allocation, DNS zone editing, DHCP scope configuration, BGP session management, and is built from the ground up using a robust API for easy integration to existing systems.  It provides network administrators with a centralized control panel to manage all network resources in one place and use a global permissions structure to delegate administration tasks for various use cases. 

6connect also works hand-in-hand with companies to set up customized/branded solutions for more complex infrastructure provisioning environments.

Combined solution paragraph/conclusion:

The ProVision product is a natural fit with Secure64’s DNS Authority and DNS Signer products. Over the decade-long partnership, Secure64 and 6connect have been able to respond to unique customer requests and provide tailored solutions for even the most unusual operating environments. When we initially entered the partnership, our core features were based on managing DNS zones/records and IP addresses. We then augmented configuration management and expanded migration capabilities from other DNS environments through various ProVision connectors. In our latest ProVision 8 release, we have extended this approach to DHCP along with network scanning/auditing and other router friendly features.

One of the benefits of working closely with our technology partners like Secure64, is that we can support unique features easily that provide significant value for our respective customers. One example is SYNTH records. This feature improves performance and reduces memory usage for forward and reverse answers by dynamically creating rule-based query responses instead of storing a complete set of records. Secure64’s approach also allows for more efficient building and management of IP provisioning. 6connect was happy to integrate this type of zone record into the ProVision interface and ensure that customers could seamlessly use these advanced Secure64 features without needing to change any of their operational workflows.

In 2021 we officially launched support for ENUM provisioning – a critical functionality that underpins all mobile carrier’ ability to add, delete, and move mobile phone numbers.  It also enables users to make calls from anywhere in the world.  In this demanding real-time environment, Secure64 and 6connect have worked hand-in-hand to solve problems of performance, reliability, and resilience.  Constant developments and efforts are ongoing, with even faster, more scalable, and more resilient solutions on the way.

Secure64 Software Corporation, creators of purpose-built security and DNS solutions, announced today the launch of Secure64 CloudDNS™


Secure64 Software Corporation, creators of purpose-built security and DNS solutions, announced today the launch of Secure64 CloudDNS™, a first-of-its-kind, cloud-native solution that delivers carrier-grade DNS utilising open Container-as-a-Service (CaaS) technologies and Kubernetes. CloudDNS is suitable for wireline and Wireless 3G/4G/5G services, allowing fast, reliable, scalable deployments.

As carriers modernize and upgrade their infrastructure, they often use applications from different vendors, each application having its unique approach to configuration, deployment, monitoring, scaling, and management. The result is that carriers incur additional operational costs and experience resource constraints as network teams must develop expertise in each of these disparate applications.

By utilizing modern cloud solutions, carriers can deploy within a shared framework to accelerate deployment, simplify configuration changes, and maximize hardware utilization. These solutions also provide functionality allowing automated scale-up or sale-down as required using rules based on load and performance.

“Our customers require automated delivery of DNS services in a cloud-native environment,” says Ian Sampson, Chief Marketing Officer of Secure64. “We have responded to this need and developed the ability to deliver our existing solutions in a Kubernetes or container environment with management and reporting using standardized tools.”

Secure64 CloudDNS™, with the power of K8s, allows carriers to deploy in a shared architecture and deliver the performance they need with automatic scaling capabilities to respond to network events such as attacks and peak load needs. This platform is part of the Secure64 ecosystem and augments the existing capabilities of Secure64 solutions to provide a secure, stable, and safety-focused customer-centric experience.

About Secure64
Secure64 brings trust to the internet through its suite of purpose-built, secure, carrier-grade DNS, network security, DDoS mitigation and reporting products. The company was built on a foundation of security, stability and safety and has forged solutions that are self-protecting and not only immune to malware but provide active protection for subscribers against Malware and phishing attacks. Secure64 secures the DNS infrastructures of leading service providers, government agencies and enterprises globally.

Our DNS supports a worldwide subscriber base of over 1 billion, representing over 20% of global mobile subscribers. Performing billions of DNS lookups every day across six continents, Secure64 lives up to its reputation for providing highly secure, safe, and stable DNS solutions.

Secure64 is a privately held company with deep technical and global experience in its leadership and technical staff. It is the only DNS solution provider that has authored a secure micro OS, the first to support IPV6 and built self-protecting DNS servers. For more information, visit http://www.secure64.com

Ian Sampson
Secure64 Software Corporation

What if the DNS knew which Malicious sites to prevent access to?

Today the internet is a huge part of our life. Without it, modern life doesn’t happen. We cannot access banking, work, social media and entertainment. Everything, good and bad, utilizes DNS

DNS underpins everything we do on the internet, good or bad, and that is the reason it became the favorite place for the “bad guys” to take advantage of its weaknesses and flood us with malware, exposing us to fraud or becoming part of botnet chains, among other evils.

There are thousands, millions of malicious sites, and new ones appear every day, which users can reach innocently and contaminate themselves, thus spreading cyber evil.

At Secure64, we have three simple words at the heart of everything we do. Security, Safety and Stability. The DNS platform must be stable and self-defending from attacks. After all, no DNS, no Internet. It must be Safe from attacks and continue when the inevitable attacks happen. Last but and no way means least it must provide security for users.

All this magic happens in the CSP’s resolver service that uses the Secure64 DNS Cache + Guard intelligence and enforcement. The solution is constantly receiving an updated list of malicious sites and when any subscriber tries to navigate or go to one of these sites, the Cache does not allow it. This act is logged in real-time and the operator can see the problem via the Vizion GUI interface.

That list is created by a cybersecurity laboratory that has a global presence with more than 100 professionals that works 7×24, 365 receiving and analyzing more than 400,000 files and new websites daily from multiple data sources; with all this, it does threat research, ensuring complete coverage and thus updating the list several times a day (approximately every hour); Every time the lists are updated, they are made available in real-time to the operators that have the Secure64 Cache + Guard service and, in turn, to the subscribers of that operator.

Otto Heredia

Sales Engineer/Marketing

If you want to know more about Guard, feel free to contact a Secure64 sales representative by emailing sales@secure64.com .

Container Security

Containers are a great idea. A small discrete element that allows a function to operate. They allow software developers to build and run these functions quickly. They contain all the elements needed to run the function within a pre-built package. They run knowing that the underlying architecture doesn’t need all the elements to run the code so that changes can quickly be made. According to recent research, the life of a container is often as small as 5 minutes. They are built at speed, deployed at speed and used at speed.

This is, however, one of the challenges of containers. They often reuse the core systems of the previously built container. That is to say, developers build upon and iterate the previous incarnation instead of building a new container. Any security vulnerabilities in the container and reused libraries/code are taken forward into the new container. It is not the developer’s fault, and this is just the way things happen.

We already saw attacks against containers with the Kiss-a-Dog attack last year.

DNS security is, therefore, a great place to prevent some of the resulting issues. Hackers use Command and Control infrastructures. As we all know, DNS is often used for an infected machine to get back to a control server. Hackers use techniques like fast flux and double fast flux to change where the C&C server is located quickly. This allows the hackers a more extraordinary ability to hide from detection.

Using a DNS blocking solution can help. Let’s be clear, it cannot stop inbound attacks, and it can’t protect the container from these attacks. It can, however, help stop an infected container from going to the C&C infrastructure. This is important. Often containers do not have limits on CPU and other core functions. By blocking the look-up at the DNS level for the infected machine, you prevent the infected container from using all its CPU and allowing it to carry out its core intended mission, not the mission the hacker wants it to do.

DNS security should be installed to help protect containers without the burden of applying local security elements to the container. This doesn’t limit the performance of the container and is a simple matter of using the DNS service that’s required anyway in the network.

So what are the benefits of a Secure64 Guard platform specifically for Container security?

1. Speed. You know the container will have security irrespective of the elements in the container
2. Performance. You are not hampering the performance of the container with unnecessary code
3. Reusability. The same DNS architecture is reused for every container deployed.
4. Visibility. Using the Vizion platform, you can see the calls to a Command and Control infrastructure that an infect container is making. You can then take proactive action to stop this from happening again.

If you would like to learn more about the Guard platforms, Vizion and our other services, please don’t hesitate to contact Secure64.

Bill Worley, Technical Visionary and Co-Founder of Secure64, Has Passed Away

Bill Worley, one of Secure64’s founders and its original technical visionary, passed away Saturday, December 26, 2020 at the age of 82 after a long struggle with dementia and a brief illness.

Secure64 Kicks Off 2020 With A New Headquarters

Secure64 has moved into a new headquarters in Fort Collins, CO to support our growth as a company and our expanding team.

Taming the Wild West of the Internet

The FCC, the CSRIC and the Major ISPs should be applauded for taking on three critical issues that greatly affect the trust and security of the Internet: botnet detection, implementation of DNSSEC, and hijacking of broadband routes.

Botnets (a collection of illegally controlled machines) are an invasion and theft of resources, not to mention the nefarious purposes for which compromised machines are then used such as DDoS attacks, Read more