Share your experience using CDNetworks Cloud DNS+

We are not using AWS for ourselves, but we create solutions on AWS products for our customers.

Majorly it is EC2, RDS, and in certain cases, we also do Kubernetes and then storage solutions, network solutions, and Amazon Route 53.

It is not only Amazon Route 53 that we use as an individual solution. There are multiple products from AWS which go along with the complete solution. Amazon Route 53 is also one of them. Typically, if you understand AWS, Amazon Route 53 is used to resolve the DNS.

Your questions are mostly towards the website hosting or a specific application hosting. When it comes to the services that we offer to our customers, they do not just remain within the bracket of websites. They go beyond that. Our solutions are very wide and they are created for enterprises, typically large enterprises.

AWS is a reputed brand and is very well accepted by the enterprise customers. The services are backed by the SLAs which are very well accepted by the industry. The reliability and the durability of the services are quite high. AWS has their operations at multiple regions, which gives the advantage of choosing the facility or choosing the setup which is nearer to the customer location. Hence, it offers the minimum latency for the user to access the services.

AWS has a very wide marketplace. Customers can pick and choose other services which are third-party services that can also be integrated with the solution. The choice of onboarding any third-party solution provider is also there, which eventually gives customers enough flexibility and enough scalability to utilize the services as they need.

Since everything comes as managed services from AWS at the back end, when it comes to routing particularly, it is very well managed by AWS. We do not need to put in our hands and create the policies which will have defined paths. Since most of the services are consumed over the internet, it has been very well managed by AWS at the back end.

The health check feature is available in ALBs. It is a part of Elastic Load Balancer. That also helps to make sure that the virtual machine is highly available and if it does not qualify all the health checks, then it is being taken out.

There is always a scope for improvement when it comes to price. Even though AWS is available at multiple regions, but within a region, if they can expand their availability domains, that would further give the comfort to the customer because the services will be delivered as nearer to the customer as possible.

Almost six years now.

They are very stable and scalable, both.

They are stable and scalable, both.

We have never taken support from AWS. We have our own teams who manage the support.

We have not brought any third-party product from AWS Marketplace.

It is very straightforward and pretty easy. Once you understand the basic concept, then it is easier for any customer to deploy the services in AWS. That is the reason why AWS is so widely accepted by the enterprise customers.

I cannot give pricing for Amazon Route 53 as a standalone. For AWS services, I would put somewhere near six or seven. They are not cheap. Now we have other solutions coming from other service providers, they come at better commercials. There is always a scope to improve on the pricing.

The health check feature is available in ALBs. It is a part of Elastic Load Balancer. That also helps to make sure that the virtual machine is highly available and if it does not qualify all the health checks, then it is being taken out. The review rating provided is eight.

I am working in the enterprise part where we manage DNS, and we use other solutions that are oriented to provide DHCP and DNS at the enterprise level. I am referring to Infoblox.

Currently, I am mostly working with Infoblox BloxOne DDI, but this is an enterprise solution that is not comparable to Cloudflare. I am not only working with BloxOne Threat Defense but also with the DDI part. Typically, Threat Defense is just an extension. Even if it could be provided as its own solution, it is typically part of a DDI migration project, and then the security is just an add-on.

There have been some use cases where the RESTful API is used by some customers. Not many have been in the project, but RESTful API is a standard. The solution has almost all the methods that you find in the GUI, and you can have in the API. The automation is at least by design almost straightforward. I am currently developing a project where probably the customer will decide if they use this API or will use other mechanisms that are embedded in DNS, such as zone transfer and other update mechanisms.

Infoblox BloxOne DDI provides a long list of already available reports that are based on Splunk, so they can also provide other specialization. They have a very rich list of reports for both DNS and DHCP. What I have seen in the use case and in the integration with the security part of the customer is that typically, the project provides integration with a SIEM just to add another source so that you can correlate more easily the events with the client, the server, and the host in general.

I am working with Infoblox Secure DNS, which is called Threat Defense, or BloxOne Threat Defense, even though they change the name frequently. I am not only working with BloxOne Threat Defense but also with the DDI part. Typically, Threat Defense is just an extension. Even if it could be provided as its own solution, it is typically part of a DDI migration project, and then the security is just an add-on.

The anomaly, I would say, is malware or an attack. They can find out if there is an ongoing attack. For example, if you have malware that has not been detected, this malware typically will call home. When it calls home, it makes a DNS request because it needs to resolve a name to an IP. Infoblox BloxOne DDI could anticipate other security tools because this means that the malware has not been detected but is going to make requests to call home. Since the threat intelligence is dynamic, they collect this data worldwide. Their approach is to have a policy where you can decide if certain categories or requests have to be blocked, passed, or just monitored. In this case, the anomaly means that, for example, there could be an increase in requests for some category or domain, and you can highlight this using the tool.

DNS is also sometimes used to feed malware with data because it is open on the firewall as it is the basic part. This tool could provide functionality to find out if some data, some malware data, is piggybacked on the DNS protocol.

There are probably some strict agreements, and the answers are probably not so rapid. It is just a matter of setting the right expectations. The responsiveness could at least be improved, but I have not had many cases, just a few.

I have been working with Infoblox BloxOne DDI for more than two years.

DHCP and DNS are built with stability, so the implementation is just to decide the architecture and implement this functionality. It is fully stable. Of course, you have to design it with criteria.

Infoblox BloxOne DDI has a lot of appliances, so you can scale as you prefer, both from physical and virtual. I do not see any limitations right now.

There are probably some strict agreements, and the answers are probably not so rapid. It is just a matter of setting the right expectations. The responsiveness could at least be improved, but I have not had many cases, just a few.

Neutral

It has not been replaced, but it has been modified as a contest since the WAF part has been embedded in the application part. Since the application part was moved, it was in charge of another department. I just retained the DNS part, so we did not provide the WAF part. There was no replacement at all.

The initial setup for Infoblox BloxOne DDI is not so complex. To have a grid working is not so complex.

From a functional point of view, Infoblox BloxOne DDI is a very good solution. However, as a delivery, it is not so easy because you need a specialization and a partnership. They have their own professional services. Sometimes you have to compare things. It is not just the configuration. Most of the project is not the technology itself. You have to go from one technology to another. Even if many think DHCP and DDI are easy matters, when you work on DDI, you find out many things you need to consider. Most projects when starting from scratch are quite straightforward. However, one important thing is to pay attention to the migration. They have been doing this job for many years and are organized for it.

In my experience, I am satisfied with the functionality. There is no lack of functions. It is a very powerful solution because they work with this technology, so they are probably number one.

Infoblox BloxOne DDI has a long-time solution and expertise focused on DDI. Most of the functionality that is probably unique in this solution is that they have a centralized concept where they manage using a concept of member, where you can have a Grid Master and as a HA solution, a Grid Master candidate, and then you can promote any device, virtual or physical, as a member. This member could have several functions according to your configuration. You could provide DHCP or just DNS or DNS and DHCP. They also have other functionality such as NTP, for example, and also the DFP, which is typically used to integrate with Threat Defense. In this case, you have a proxy that proxies all the DNS requests that go through the cloud provided by Infoblox.

Infoblox BloxOne DDI has several solutions and all the functionality that has been implemented during the specification and the RFC, especially regarding DNS. They have a lot of functionality and expertise. So they provide a whole solution. They have a robust implementation, so you can decide to have a geographically distributed HA or you can have a cluster with two machines to increase availability.

You have a very feasible and very stable solution from a security point of view. Not just the security of the data, but the security of the platform. They are built for this, so they do not have any other pain as you can have on Microsoft where you find everything open and then you have to harden and protect any access. Instead, they do this job and they do this great job as a specific specialization. I would rate this solution a nine out of ten.