SlideShare une entreprise Scribd logo

OpenDNS Whitepaper: Platform Technology

Courtland Smith
Courtland Smith

Overview of the technology that behind OpenDNS, the largest Internet-wide security network.

Technologie
1  sur  3
Télécharger pour lire hors ligne
DELIVERY PLATFORM AND TECHNOLOGY OVERVIEW OpenDNS Enterprise Secures Internet Connections with 100% Uptime Our global security network, Anycast routing and SmartCache™ technologies deliver a simpler, faster and more reliable Internet experience without requiring you to change your network topology. Let’s face it, if there were no security and compliance However, even if we lived in a threat-free world, you threats to protect users and devices from, you wouldn’t still would deal with the inherent complexity and complicate and risk your network infrastructure by inconsistency of several, less-than-100%-reliable installing countless network devices (e.g. firewalls, in-line recursive DNS services provided by your ISPs. This filters, proxies). You would deploy the minimum number of common situation impacts organizations that use switches and routers between your devices and the redundant Internet pipes with more than one ISP or Internet. Traffic would flow at the maximum speed and have multiple network locations with different ISPs. throughput provided by your ISPs (Internet Service OpenDNS addresses both these problems, while Providers), and there would be no additional points of securing every Internet connection, by eliminating failure (or complication) to manage and maintain daily. the common requirement to add network devices or You would be happy, and your end users would be happy. in any way change your network topology, and Regrettably, the risk of data loss, identity theft, simultaneously consolidating all these disparate inappropriate or malicious resource consumption, brand recursive DNS services into one ultra-reliable global damage, etc. is great enough to justify adding network DNS service with the same two consistent IP infrastructure risks and investing your time. addresses (208.67.222.222 and 208.67.220.220). Connected at Internet’s Core Fabric for a Faster, More Global Service The Internet is often referred to as a “Network of networks and OpenDNS’s services, as well as Networks”, as it consists of over 5,000 ISPs between authoritative DNS servers and OpenDNS’s interconnected with one another in a sparsely meshed services. More geographic isolation between IXPs, fabric. The core of the Internet’s fabric is created using translates to fewer issues in one region spilling over peering agreements at IXPs (Internet Exchange Points), and impacting another (e.g. disaster at datacenter, which allow first-tier ISPs or other service providers like large-scale OpenDNS to exchange traffic bound for one another’s routing customers. Millions of business networks and billions of errors). home networks are connected via transit agreements for DIA (direct Internet access) from each ISP’s PoP (points of presence). Transit agreements are also used to connect OpenDNS to first-tier ISPs and first-tier ISPs to smaller ISPs, commonly at the Internet’s edges. OpenDNS selects strategic IXPs to connect our PoPs to the Internet’s core using two criteria – Internet connectivity and geography. More peering and transit agreements established with ISPs at a IXP, translates to fewer connection hops and latency incurred between the customer’s For more information please visit: www.opendns.com or call 877-811-2367
Many regional second- or third-tier ISPs that business available everywhere today, there are further plans to or home networks receive DIA from have no peering increase usage in Asia-Pacific and South America. agreements at IXPs or geographic dispersion making their DNS services susceptible to greater latency to retrieve DNS responses or outages, respectfully. OpenDNS currently has selected 12 PoPs, which interconnect with the number one, two and three most well-connected IXPs globally, and in particular in the Americas, Europe and Asia-Pacific. While OpenDNS is “All Roads Lead to Rome” for a Faster, Simpler Internet Experience Most local network setups or global services use pair of IP addresses. Such as configuring DHCP servers traditional Unicast routing, for which each server at and creating, backing up or cloning hard disk or virtual each location advertises a unique IP address. In machine images used anywhere, at any time. The regards to an ISP’s DNS service, it would mean that benefit to your end users is faster connections to the every recursive DNS resolver is assigned a different IP Internet. OpenDNS blends Anycast’s fewest-hop routing address. Some services may offer a single IP address logic to ensure your DNS queries go to the nearest PoP, per PoP even if it consists of hundreds of servers, which and our proprietary network topology using two is commonly implemented by load-balancers deployed overlapping global Anycast “clouds” with different at each location, but this has the same drawbacks of routing policies to enable your stub DNS resolvers to Unicast routing. Anycast routing enables multiple pick the lowest-latency route. servers at multiple locations to advertise the same IP address globally, not per location, and without load balancers adding more latency and risk of failure. In regards to OpenDNS’s DNS service, it enables our global PoPs consisting of 1000s of identical recursive DNS resolvers to advertise the same IP address pair. OpenDNS absorbs the time, cost and complexity to setup our true Anycasted security network. It requires that we maintain our own hardware, a large IP address space, direct relationships with your upstream ISPs, and sophisticated network routing policies. The benefit to you is that it is much simpler to setup every network device by using the same  
Self-Healing Routes Lead to a More Reliable Internet Experience Rather than crude round-robin methods or physical load balancers, Anycast uses load- balanced routing logic, which is invisible to individual servers or entire PoPs. If a server or entire PoP is taken offline for maintenance, disasters, failures or attacks, it ceases to advertise its shared IP address and upstream as other layer-3 network devices will transparently re-route global services the traffic. So when you send a DNS query to claiming 99.999% up- OpenDNS, it will always return a response from the time SLAs (service level quickest, closest available DNS resolver! This agreements) so often do. It’s that eliminates you ever needing to make changes because reliable and why we can truly claim that we are conducting maintenance on servers closest to we’ve had 100% uptime since we launched our your network locations or we experience a major failure, services in 2006. SmartCache Leads to a Even Faster and Smarter Internet Experience OpenDNS receives billions of DNS queries daily from Many authoritative DNS outages, attacks or failures almost 2% of the Internet’s users and their devices. have impacted business-critical sites such as When OpenDNS receives each subsequent DNS query, salesforce.com, amazon.com and petco.com, or even we already know the answer (much more often than millions of domain, such as when the top-level domain your regional ISPs), so we do not make you wait on the used by Germany (.de) was unreachable. When such authoritative DNS servers to return this same answer. incidents occur, which is not uncommon, OpenDNS still While we know almost every server’s address across returns the last-known correct address using our entire global Internet at any given, this is not what exclusive caching logic, whereas the rest of the makes our caching technology unique. Internet’s users will not be able to reach the domain. DNS RESOLVER: STUB   RECURSIVE AUTHORITATIVE   What uses it? Every device worldwide OPTION 1 OPTION 2 Third-party servers (e.g. clients, servers) Regional ISP Servers Global OpenDNS Servers worldwide Non-Cached Query: STEP 1: IS THERE A VALID/NON-EXPIRED CACHED ANSWER? “where is foo.com?” Less likely with only Very likely with 40+ billion + lookup latency regional coverage global queries daily No Cached Response Cached Response: Answer #1 (GOOD): Gets Answer #1: (added latency) ê “foo.com is at 1.2.3.4” “foo.com is at 1.2.3.4” How does it work? “foo.com is at 1.2.3.4” STEP 2: IF THERE IS NO/EXPIRED CACHED ANSWER, THEN... or (always with OpenDNS) Query: “where is foo.com?” + lookup latency Answer #2 (BAD): or New Response: (#1)“foo.com is at 1.2.3.4” or “Server Failed” Gets Answer #2: New Response: Last-Known Cached Response: “Server Failed” (sometimes with ISP) (#2) “Server Failed” “foo.com is at 1.2.3.4” For more information please visit: www.opendns.com or call 877-811-2367

Recommandé

DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017APNIC
 
NZNOG 2020: DOH
NZNOG 2020: DOHNZNOG 2020: DOH
NZNOG 2020: DOHAPNIC
 
Dnssec
DnssecDnssec
Dnssecguest3131f85
 
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache ServersNANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache ServersChika Yoshimura
 
DNS & DNSSEC
DNS & DNSSECDNS & DNSSEC
DNS & DNSSECAPNIC
 
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct AccessWindows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct AccessCompuTrain. De IT opleider.
 
Campus networking
Campus networkingCampus networking
Campus networkingJisc
 
Investigation of dhcp packets using wireshark
Investigation of dhcp packets using wiresharkInvestigation of dhcp packets using wireshark
Investigation of dhcp packets using wiresharkjpratt59
 

Recommandé

DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017APNIC
 
NZNOG 2020: DOH
NZNOG 2020: DOHNZNOG 2020: DOH
NZNOG 2020: DOHAPNIC
 
Dnssec
DnssecDnssec
Dnssecguest3131f85
 
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache ServersNANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache ServersChika Yoshimura
 
DNS & DNSSEC
DNS & DNSSECDNS & DNSSEC
DNS & DNSSECAPNIC
 
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct AccessWindows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct AccessCompuTrain. De IT opleider.
 
Campus networking
Campus networkingCampus networking
Campus networkingJisc
 
Investigation of dhcp packets using wireshark
Investigation of dhcp packets using wiresharkInvestigation of dhcp packets using wireshark
Investigation of dhcp packets using wiresharkjpratt59
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxjasembo
 
Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Hari
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsDan Kaminsky
 
Configuration DHCP
Configuration DHCPConfiguration DHCP
Configuration DHCPTan Huynh Cong
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsAFRINIC
 
Lesson 01 - Network Assessment
Lesson 01 - Network AssessmentLesson 01 - Network Assessment
Lesson 01 - Network AssessmentAngel G Diaz
 
Technical interview questions -networking
Technical interview questions -networkingTechnical interview questions -networking
Technical interview questions -networkingrafiq123
 
An Introduction and Comparison of Dante, AVB and CobraNet Methodologies
An Introduction and Comparison of Dante, AVB and CobraNet MethodologiesAn Introduction and Comparison of Dante, AVB and CobraNet Methodologies
An Introduction and Comparison of Dante, AVB and CobraNet MethodologiesrAVe [PUBS]
 
Introduction P2p
Introduction P2pIntroduction P2p
Introduction P2pDavide Carboni
 
DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2Haystack Technologies
 
unit 2
unit 2unit 2
unit 2Sangeetha Rangarajan
 
Dhcp 11
Dhcp 11Dhcp 11
Dhcp 11Jainul Musani
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
Gabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYGabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYIKT-Norge
 
Lesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionLesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionMahmmoud Mahdi
 
DYNAMIC HOST CONFIGURATION PROTOCOL
DYNAMIC HOST CONFIGURATION PROTOCOLDYNAMIC HOST CONFIGURATION PROTOCOL
DYNAMIC HOST CONFIGURATION PROTOCOLVENKATESHAN A S
 
Ipo spaces calling document-v1
Ipo spaces calling document-v1Ipo spaces calling document-v1
Ipo spaces calling document-v1ManmeetShandilya2
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupNetCraftsmen
 
mDNS / Bonjour
mDNS / BonjourmDNS / Bonjour
mDNS / BonjourAsociatia ProLinux
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
Docker at OpenDNS
Docker at OpenDNSDocker at OpenDNS
Docker at OpenDNSOpenDNS
 
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...OpenDNS
 

Contenu connexe

Tendances

Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxjasembo
 
Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Hari
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsDan Kaminsky
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsAFRINIC
 
Lesson 01 - Network Assessment
Lesson 01 - Network AssessmentLesson 01 - Network Assessment
Lesson 01 - Network AssessmentAngel G Diaz
 
Technical interview questions -networking
Technical interview questions -networkingTechnical interview questions -networking
Technical interview questions -networkingrafiq123
 
An Introduction and Comparison of Dante, AVB and CobraNet Methodologies
An Introduction and Comparison of Dante, AVB and CobraNet MethodologiesAn Introduction and Comparison of Dante, AVB and CobraNet Methodologies
An Introduction and Comparison of Dante, AVB and CobraNet MethodologiesrAVe [PUBS]
 
DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2Haystack Technologies
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
Gabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYGabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYIKT-Norge
 
Lesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionLesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionMahmmoud Mahdi
 
DYNAMIC HOST CONFIGURATION PROTOCOL
DYNAMIC HOST CONFIGURATION PROTOCOLDYNAMIC HOST CONFIGURATION PROTOCOL
DYNAMIC HOST CONFIGURATION PROTOCOLVENKATESHAN A S
 
Ipo spaces calling document-v1
Ipo spaces calling document-v1Ipo spaces calling document-v1
Ipo spaces calling document-v1ManmeetShandilya2
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupNetCraftsmen
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 

Tendances (20)

Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linux
 
Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackops
 
Configuration DHCP
Configuration DHCPConfiguration DHCP
Configuration DHCP
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defs
 
Lesson 01 - Network Assessment
Lesson 01 - Network AssessmentLesson 01 - Network Assessment
Lesson 01 - Network Assessment
 
Technical interview questions -networking
Technical interview questions -networkingTechnical interview questions -networking
Technical interview questions -networking
 
An Introduction and Comparison of Dante, AVB and CobraNet Methodologies
An Introduction and Comparison of Dante, AVB and CobraNet MethodologiesAn Introduction and Comparison of Dante, AVB and CobraNet Methodologies
An Introduction and Comparison of Dante, AVB and CobraNet Methodologies
 
Introduction P2p
Introduction P2pIntroduction P2p
Introduction P2p
 
DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2
 
unit 2
unit 2unit 2
unit 2
 
Dhcp 11
Dhcp 11Dhcp 11
Dhcp 11
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
Gabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYGabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHY
 
Lesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionLesson 5: Configuring Name Resolution
Lesson 5: Configuring Name Resolution
 
DYNAMIC HOST CONFIGURATION PROTOCOL
DYNAMIC HOST CONFIGURATION PROTOCOLDYNAMIC HOST CONFIGURATION PROTOCOL
DYNAMIC HOST CONFIGURATION PROTOCOL
 
Ipo spaces calling document-v1
Ipo spaces calling document-v1Ipo spaces calling document-v1
Ipo spaces calling document-v1
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
 
mDNS / Bonjour
mDNS / BonjourmDNS / Bonjour
mDNS / Bonjour
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 

En vedette

Docker at OpenDNS
Docker at OpenDNSDocker at OpenDNS
Docker at OpenDNSOpenDNS
 
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...OpenDNS
 
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote SlidesOpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote SlidesOpenDNS
 
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsNew DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsOpenDNS
 
Security Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training ProgramSecurity Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training ProgramOpenDNS
 
Blackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationBlackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationOpenDNS
 
Docker with BGP - OpenDNS
Docker with BGP - OpenDNSDocker with BGP - OpenDNS
Docker with BGP - OpenDNSbacongobbler
 

En vedette (7)

Docker at OpenDNS
Docker at OpenDNSDocker at OpenDNS
Docker at OpenDNS
 
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...
 
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote SlidesOpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
 
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsNew DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
 
Security Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training ProgramSecurity Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training Program
 
Blackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationBlackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream Presentation
 
Docker with BGP - OpenDNS
Docker with BGP - OpenDNSDocker with BGP - OpenDNS
Docker with BGP - OpenDNS
 

Similaire à OpenDNS Whitepaper: Platform Technology

How to configure dns server(2)
How to configure dns server(2)How to configure dns server(2)
How to configure dns server(2)Amandeep Kaur
 
Lecture 4 -_internet_infrastructure_2_updated_2011
Lecture 4 -_internet_infrastructure_2_updated_2011Lecture 4 -_internet_infrastructure_2_updated_2011
Lecture 4 -_internet_infrastructure_2_updated_2011Serious_SamSoul
 
Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!
Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!
Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!Wes Morgan
 
Learning series fundamentals of Networking and Medical Imaging
Learning series fundamentals of Networking and Medical ImagingLearning series fundamentals of Networking and Medical Imaging
Learning series fundamentals of Networking and Medical ImagingRyan Furlough, BSCPE CPAS
 
Storage Primer
Storage PrimerStorage Primer
Storage Primersriramr
 
Networking & Servers
Networking & ServersNetworking & Servers
Networking & ServersBecky Holden
 
lec3_10.ppt
lec3_10.pptlec3_10.ppt
lec3_10.pptImXaib
 
Computer networks7
Computer networks7Computer networks7
Computer networks7Ali Raza
 
Tech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery PlatformTech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery PlatformCourtland Smith
 
SWG Buyer Guide: Competitive Comparison
SWG Buyer Guide: Competitive ComparisonSWG Buyer Guide: Competitive Comparison
SWG Buyer Guide: Competitive ComparisonCourtland Smith
 
Topic #3 of outline Server Environment.pptx
Topic #3 of outline Server Environment.pptxTopic #3 of outline Server Environment.pptx
Topic #3 of outline Server Environment.pptxAyeCS11
 
Protect Websites against DDoS attacks with Reblaze
Protect Websites against DDoS attacks with ReblazeProtect Websites against DDoS attacks with Reblaze
Protect Websites against DDoS attacks with ReblazeJason Newell
 
HTTP_SS_ENTERPRISE_EN
HTTP_SS_ENTERPRISE_ENHTTP_SS_ENTERPRISE_EN
HTTP_SS_ENTERPRISE_ENBernd Thomsen
 
RIPE 82: DNS Evolution
RIPE 82: DNS EvolutionRIPE 82: DNS Evolution
RIPE 82: DNS EvolutionAPNIC
 
Large-Scale System Integration with DDS for SCADA, C2, and Finance
Large-Scale System Integration with DDS for SCADA, C2, and FinanceLarge-Scale System Integration with DDS for SCADA, C2, and Finance
Large-Scale System Integration with DDS for SCADA, C2, and FinanceRick Warren
 

Similaire à OpenDNS Whitepaper: Platform Technology (20)

How to configure dns server(2)
How to configure dns server(2)How to configure dns server(2)
How to configure dns server(2)
 
DNS: EdgeCast Route - Technical DNS Service Overview
DNS: EdgeCast Route - Technical DNS Service Overview DNS: EdgeCast Route - Technical DNS Service Overview
DNS: EdgeCast Route - Technical DNS Service Overview
 
Lecture 4 -_internet_infrastructure_2_updated_2011
Lecture 4 -_internet_infrastructure_2_updated_2011Lecture 4 -_internet_infrastructure_2_updated_2011
Lecture 4 -_internet_infrastructure_2_updated_2011
 
Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!
Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!
Going Cloud? Going Mobile? Don't Let Your Network Be A Showstopper!
 
Linux and DNS Server
Linux and DNS ServerLinux and DNS Server
Linux and DNS Server
 
Learning series fundamentals of Networking and Medical Imaging
Learning series fundamentals of Networking and Medical ImagingLearning series fundamentals of Networking and Medical Imaging
Learning series fundamentals of Networking and Medical Imaging
 
Bcs 052 solved assignment
Bcs 052 solved assignmentBcs 052 solved assignment
Bcs 052 solved assignment
 
DNS - MCSE 2019
DNS - MCSE 2019DNS - MCSE 2019
DNS - MCSE 2019
 
Storage Primer
Storage PrimerStorage Primer
Storage Primer
 
Networking & Servers
Networking & ServersNetworking & Servers
Networking & Servers
 
lec3_10.ppt
lec3_10.pptlec3_10.ppt
lec3_10.ppt
 
Computer networks7
Computer networks7Computer networks7
Computer networks7
 
Tech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery PlatformTech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery Platform
 
SWG Buyer Guide: Competitive Comparison
SWG Buyer Guide: Competitive ComparisonSWG Buyer Guide: Competitive Comparison
SWG Buyer Guide: Competitive Comparison
 
Topic #3 of outline Server Environment.pptx
Topic #3 of outline Server Environment.pptxTopic #3 of outline Server Environment.pptx
Topic #3 of outline Server Environment.pptx
 
Protect Websites against DDoS attacks with Reblaze
Protect Websites against DDoS attacks with ReblazeProtect Websites against DDoS attacks with Reblaze
Protect Websites against DDoS attacks with Reblaze
 
HTTP_SS_ENTERPRISE_EN
HTTP_SS_ENTERPRISE_ENHTTP_SS_ENTERPRISE_EN
HTTP_SS_ENTERPRISE_EN
 
Network Testing ques
Network Testing quesNetwork Testing ques
Network Testing ques
 
RIPE 82: DNS Evolution
RIPE 82: DNS EvolutionRIPE 82: DNS Evolution
RIPE 82: DNS Evolution
 
Large-Scale System Integration with DDS for SCADA, C2, and Finance
Large-Scale System Integration with DDS for SCADA, C2, and FinanceLarge-Scale System Integration with DDS for SCADA, C2, and Finance
Large-Scale System Integration with DDS for SCADA, C2, and Finance
 

Dernier

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Dernier (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

OpenDNS Whitepaper: Platform Technology

  • 1. DELIVERY PLATFORM AND TECHNOLOGY OVERVIEW OpenDNS Enterprise Secures Internet Connections with 100% Uptime Our global security network, Anycast routing and SmartCache™ technologies deliver a simpler, faster and more reliable Internet experience without requiring you to change your network topology. Let’s face it, if there were no security and compliance However, even if we lived in a threat-free world, you threats to protect users and devices from, you wouldn’t still would deal with the inherent complexity and complicate and risk your network infrastructure by inconsistency of several, less-than-100%-reliable installing countless network devices (e.g. firewalls, in-line recursive DNS services provided by your ISPs. This filters, proxies). You would deploy the minimum number of common situation impacts organizations that use switches and routers between your devices and the redundant Internet pipes with more than one ISP or Internet. Traffic would flow at the maximum speed and have multiple network locations with different ISPs. throughput provided by your ISPs (Internet Service OpenDNS addresses both these problems, while Providers), and there would be no additional points of securing every Internet connection, by eliminating failure (or complication) to manage and maintain daily. the common requirement to add network devices or You would be happy, and your end users would be happy. in any way change your network topology, and Regrettably, the risk of data loss, identity theft, simultaneously consolidating all these disparate inappropriate or malicious resource consumption, brand recursive DNS services into one ultra-reliable global damage, etc. is great enough to justify adding network DNS service with the same two consistent IP infrastructure risks and investing your time. addresses (208.67.222.222 and 208.67.220.220). Connected at Internet’s Core Fabric for a Faster, More Global Service The Internet is often referred to as a “Network of networks and OpenDNS’s services, as well as Networks”, as it consists of over 5,000 ISPs between authoritative DNS servers and OpenDNS’s interconnected with one another in a sparsely meshed services. More geographic isolation between IXPs, fabric. The core of the Internet’s fabric is created using translates to fewer issues in one region spilling over peering agreements at IXPs (Internet Exchange Points), and impacting another (e.g. disaster at datacenter, which allow first-tier ISPs or other service providers like large-scale OpenDNS to exchange traffic bound for one another’s routing customers. Millions of business networks and billions of errors). home networks are connected via transit agreements for DIA (direct Internet access) from each ISP’s PoP (points of presence). Transit agreements are also used to connect OpenDNS to first-tier ISPs and first-tier ISPs to smaller ISPs, commonly at the Internet’s edges. OpenDNS selects strategic IXPs to connect our PoPs to the Internet’s core using two criteria – Internet connectivity and geography. More peering and transit agreements established with ISPs at a IXP, translates to fewer connection hops and latency incurred between the customer’s For more information please visit: www.opendns.com or call 877-811-2367
  • 2. Many regional second- or third-tier ISPs that business available everywhere today, there are further plans to or home networks receive DIA from have no peering increase usage in Asia-Pacific and South America. agreements at IXPs or geographic dispersion making their DNS services susceptible to greater latency to retrieve DNS responses or outages, respectfully. OpenDNS currently has selected 12 PoPs, which interconnect with the number one, two and three most well-connected IXPs globally, and in particular in the Americas, Europe and Asia-Pacific. While OpenDNS is “All Roads Lead to Rome” for a Faster, Simpler Internet Experience Most local network setups or global services use pair of IP addresses. Such as configuring DHCP servers traditional Unicast routing, for which each server at and creating, backing up or cloning hard disk or virtual each location advertises a unique IP address. In machine images used anywhere, at any time. The regards to an ISP’s DNS service, it would mean that benefit to your end users is faster connections to the every recursive DNS resolver is assigned a different IP Internet. OpenDNS blends Anycast’s fewest-hop routing address. Some services may offer a single IP address logic to ensure your DNS queries go to the nearest PoP, per PoP even if it consists of hundreds of servers, which and our proprietary network topology using two is commonly implemented by load-balancers deployed overlapping global Anycast “clouds” with different at each location, but this has the same drawbacks of routing policies to enable your stub DNS resolvers to Unicast routing. Anycast routing enables multiple pick the lowest-latency route. servers at multiple locations to advertise the same IP address globally, not per location, and without load balancers adding more latency and risk of failure. In regards to OpenDNS’s DNS service, it enables our global PoPs consisting of 1000s of identical recursive DNS resolvers to advertise the same IP address pair. OpenDNS absorbs the time, cost and complexity to setup our true Anycasted security network. It requires that we maintain our own hardware, a large IP address space, direct relationships with your upstream ISPs, and sophisticated network routing policies. The benefit to you is that it is much simpler to setup every network device by using the same  
  • 3. Self-Healing Routes Lead to a More Reliable Internet Experience Rather than crude round-robin methods or physical load balancers, Anycast uses load- balanced routing logic, which is invisible to individual servers or entire PoPs. If a server or entire PoP is taken offline for maintenance, disasters, failures or attacks, it ceases to advertise its shared IP address and upstream as other layer-3 network devices will transparently re-route global services the traffic. So when you send a DNS query to claiming 99.999% up- OpenDNS, it will always return a response from the time SLAs (service level quickest, closest available DNS resolver! This agreements) so often do. It’s that eliminates you ever needing to make changes because reliable and why we can truly claim that we are conducting maintenance on servers closest to we’ve had 100% uptime since we launched our your network locations or we experience a major failure, services in 2006. SmartCache Leads to a Even Faster and Smarter Internet Experience OpenDNS receives billions of DNS queries daily from Many authoritative DNS outages, attacks or failures almost 2% of the Internet’s users and their devices. have impacted business-critical sites such as When OpenDNS receives each subsequent DNS query, salesforce.com, amazon.com and petco.com, or even we already know the answer (much more often than millions of domain, such as when the top-level domain your regional ISPs), so we do not make you wait on the used by Germany (.de) was unreachable. When such authoritative DNS servers to return this same answer. incidents occur, which is not uncommon, OpenDNS still While we know almost every server’s address across returns the last-known correct address using our entire global Internet at any given, this is not what exclusive caching logic, whereas the rest of the makes our caching technology unique. Internet’s users will not be able to reach the domain. DNS RESOLVER: STUB   RECURSIVE AUTHORITATIVE   What uses it? Every device worldwide OPTION 1 OPTION 2 Third-party servers (e.g. clients, servers) Regional ISP Servers Global OpenDNS Servers worldwide Non-Cached Query: STEP 1: IS THERE A VALID/NON-EXPIRED CACHED ANSWER? “where is foo.com?” Less likely with only Very likely with 40+ billion + lookup latency regional coverage global queries daily No Cached Response Cached Response: Answer #1 (GOOD): Gets Answer #1: (added latency) ê “foo.com is at 1.2.3.4” “foo.com is at 1.2.3.4” How does it work? “foo.com is at 1.2.3.4” STEP 2: IF THERE IS NO/EXPIRED CACHED ANSWER, THEN... or (always with OpenDNS) Query: “where is foo.com?” + lookup latency Answer #2 (BAD): or New Response: (#1)“foo.com is at 1.2.3.4” or “Server Failed” Gets Answer #2: New Response: Last-Known Cached Response: “Server Failed” (sometimes with ISP) (#2) “Server Failed” “foo.com is at 1.2.3.4” For more information please visit: www.opendns.com or call 877-811-2367