High-availability false-safe DNS service designed to mitigate DNS-based attacks and improve resilience and availability of DNS infrastructure

Takes seconds to deploy with the unique Reverse Proxy feature

Truncate functionality protects enterprise DNS servers against IoT-based DDoS attacks

Qrator Labs anycast network reduces DNS query latency

Safeguarding Your Business from DDoS Attacks

Why are attacks against DNS so dangerous?

Instead of attacking the website itself, attackers can target the availability and stability of a network’s DNS server containing IP addresses for every website on the Internet. In case of an attack against DNS, users' browsers might not be able to determine the target domain’s IP address, which will make a website unavailable. An attacker can constantly generate DNS queries for the DNS server in order to overload its resources. Without special protection, the only way to mitigate such an attack is to increase server power. However, a constant increase in capacity may result in leveraging the DNS server for carrying out further DDoS attacks on other resources. Failure of a DNS server can lead to partial or complete unavailability of a web resource.

Understanding the Risk and Importance of DNS hardening

Like many other Internet protocols DNS wasn’t designed with security in mind which makes DNS infrastructure vulnerable to a wide range of DDoS attacks. Yet despite being a vital component of business infrastructure DNS hardening often turns out to be overlooked.

Best-in-class Ultra-Fast DNS Protection

Distributed and reliable cloud DNS, Qrator.Secure.DNS is an integral part of our enterprise solution for business’s continuous online availability. DNS Qrator.SecondName provides minimal response time and a high level of protection against even the most complex and high-speed DDoS attacks.

Make Your DNS Server Available 24/7

Cloud solution based on Qrator Labs network

There is no need to install additional software or purchase hardware. Our global anycast network ensures high availability at no additional cost, and in case of an attack against DNS, at least one server remains up and constantly running.

Additional Qrator Labs DNS Server

It implements advanced mitigation techniques for attacks against DNS, and a special bot request processing logic working differently from the logic of handling legitimate user requests.

Easy to connect

Configure DNS security by choosing one of two implementation options: Qrator Secondary DNS (protection with full disclosure of a domain zone) or Qrator DNS Reverse Proxy (protection without full disclosure of a domain zone).

Built-in DNSSEC

The DNSSEC protocol is a DNS Security Extension created to increase the security level of DNS record authentication through the use of digital signatures. DNS Qrator.SecondName provides built-in support of DNSSEC to minimize risks of attacks and improve data integrity.

Detailed DNS traffic analysis

Advanced DNS traffic analytics is always available online in the Qrator Labs dashboard. Customers can generate detailed DNS statistics reports in their personal accounts filtered by response statuses, request types, etc.

How it works

Easy deployment with better performance and availability

Protection with full domain zone disclosure

Protection without full domain zone disclosure

A client allows the transfer of his domain zone from the current NS server to the Qrator Labs’ ns.qrator.net server.

A client specifies an IP address allocated by Qrator Labs as the authoritative server address for its zone.

Qrator Labs configures the transfer of a domain zone file from the main client’s NS server whose address is no longer known to attackers (Hidden Primary).

Applicable when a client does not have an opportunity to provide control for a domain zone.

A client reports Qrator Labs on IP address(-es) of authoritative servers (or a Hidden Primary DNS server) and specifies an IP address allocated by Qrator Labs as the address of an authoritative server for their own zone.

With this connection scenario, Qrator Labs NS server will act as a recursor server with a cache of data about a client's connected zone.

If the Qrator Labs server does not have information about a record, it will send a request to an upstream server and keep a response.

Easy deployment with better performance and availability

Learn more