2018-04-11T16:35:00Z
BM
Sr. ISS at a government with 11-50 employees
  • 21
  • 29

We are looking at managed DNS providers and want to know what others are using

We have two ISP's and host our own websites and services. We need to provide failover and load balancing to services we offer.  When an ISP goes down we need to have internet users redirected to the secondary site.  We want our internet services load balanced to both ISP's.  

We are looking at Cloudflare, DNS Made Easy, DYN and Neustar.  Looking to see what others are out there and if any listed are better than the others and why.  DDOS protection is a must as we have been hit by a DDOS attack in the past.

We currently host our own outside DNS but have found that we cannot provide failover with two ISP's at different data centers. 

23
PeerSpot user
23 Answers
it_user863043 - PeerSpot reviewer
User at a tech company with 1,001-5,000 employees
Real User
2018-04-25T19:59:42Z
Apr 25, 2018

Neustar UltraDNS is an industry leader and pioneer when it comes to managed DNS services. With 20+ years of experience and non-opensource software that runs our DNS platforms, we are able to provide 100% uptime and availablity backed by our industry leading SLAs.

As far as your questions are concerned, we offer both Load Balancing Services: https://www.security.neustar/resources/product-literature/ultra-dns-traffic-controller, so working with both of your ISPs will not be a problem. We also offer monitoring and failover services: https://www.security.neustar/resources/product-literature/ultra-dns-sitebacker. At a very basic level, we include some of these services for free in all of our packages, unlike our competitors.

When it comes to DDoS protection, Neustar offers SiteProtect NG: https://www.security.neustar/resources/product-literature/ddos-mitigation-service-product-literature, included in all DNS packages to protect against DNS based DDoS attacks. If you are looking to protect other online assets, including Web Applications, our DDoS protection services + WAF can take care of those needs as well. We do have one of the largest DDoS mitigation networks on the planet, and are expanding rapidly in the years to come.

Feel free to reach out with any questions or concerns and we'll be more than happy to assist you with your needs.

Neustar UltraDNS

Product comparison that may be of interest to you
it_user159315 - PeerSpot reviewer
Sr. Enterprise Account Executive at Imperva
Vendor
2018-04-18T11:58:31Z
Apr 18, 2018

Imperva Incapsula is the solution to have for DDoS at L7, L3 and L4. This effective solution also provides CDN, LB, ADR, DNS protection, SIEM integration and of course has an awesome WAF! Cloud based, OPEX only - no HW!! Easy to use - done and done!

2018-04-24T02:24:45Z
Apr 24, 2018

i think it's not just a DDoS on the DNS issue but the resiliency you need to provide for your Internet services. So, to better answer your questions, you have to provide some sizing of the traffic per site, the kind of internet services and number of concurrent users, the source where most traffic is coming from (West coast, East coast). It's always a balance of efficiency and practicality.

VS
Sr. Product Marketing Manager at CyberArk
Vendor
2018-04-23T14:56:56Z
Apr 23, 2018

Hi,

Actually we (Radware) are one of the market leaders in both of the requested solutions.
We offer ISP load balancing and Hybrid DDoS protection.

Radware’s Linkproof (first in the industry) to ensures optimal application service level.

We optimize in real time application performance in normal WAN state for both inbound and outbound traffic, when a service is disrupted we will divert traffic from highly-utilized links and ensure service-level for real time application or business related ones (for instance VoIP , voice or just cloud applications like office 365), In addition we maintain high WAN (ISP) availability at all times and steer the traffic to the operational links when failure occurs, compared to BGP protocol we will do it instantly with no impact on the applications.

Unlike most of the competition Radware user total round trip time mechanism to ensure best user experience at all time, Radware owns a patent for this technology.
LinkProof is application aware and will use smart prioritization mechanism to ensures bandwidth management and overall bandwidth for latency-sensitive apps.
Our APM will monitors all transaction end-to-end as experienced by end user to show user friendly graphs statistics and dashboards.
Load balancing different data centers can be easily achieved with our GSLB license, our Global server load balancing (GSLB) allows Web hosters, portals and enterprises to distribute content and services geographically.

For the DDos part, we can offer protection up to L7 and SSL encrypted attacks both on prem and in the cloud, or a hybrid solution, Radware uses the same technology both on-prem and in the cloud which means when a signature was created it can apply instantly the signature in the cloud and save the le-learning process.

In addition we use our patented "user behavior" mechanism and not only rate limiting.
Reach out for more options and fine tuning the solution.

Vadim
Radware

2018-04-20T11:00:20Z
Apr 20, 2018

How may I help? I mean do you need help in suggesting a working solution, design or some hands-on configuration of existing equipment to work around the threat.

it_user859884 - PeerSpot reviewer
Group General Manager at a tech services company
Real User
2018-04-20T04:43:53Z
Apr 20, 2018

For your load balancing requirement, https://www.cloudflare.com/load-balancing/
For your DNS requirements, https://www.cloudflare.com/dns/

Hope the information provided would be useful for your consideration.

If you need more info, please feel free to email me.

Find out what your peers are saying about Cloudflare, NETSCOUT, Imperva and others in Distributed Denial of Service (DDOS) Protection. Updated: January 2023.
670,523 professionals have used our research since 2012.
JD
Principal Analyst at a tech services company with 1-10 employees
Real User
2018-04-19T02:45:23Z
Apr 19, 2018

Already many good suggestions listed. I'll add another DNS provider to look into: NS1 (https://ns1.com). They have options for private managed DNS, dedicated DNS, and a control layer for load balancing based on any number of policies you set.

All of the DNS providers listed can provide a layer of defense against DDoS, with the CDNs (Cloudflare, Incapsula, Akamai) also offering WAF. Given the nature of infrastructure attacks, many enterprises are looking to have redundant providers at the DNS level in addition to your use of separate ISPs for internet traffic. That may be an additional factor to consider in your RFP process.

it_user316782 - PeerSpot reviewer
‎IT Security Specialist at DOSarrest Internet Security
Vendor
2018-04-18T13:27:39Z
Apr 18, 2018

Take a look at DOSarrest. www.dosarrest.com They offer a low cost quick and effective Proxy solution to mitigate DDoS attacks across their global POP's as well as a BGP/GRE option if preferred called Data Center Defender. They include Load balancing and a WAF as standard features.

it_user316611 - PeerSpot reviewer
Head Of Information Security at IronFX Global Limited
Real User
2018-04-18T11:30:33Z
Apr 18, 2018

for DNS DDoS Protection you may use Incapsula DNS Protection OR move your DNS services to a big DNS player with DDoS protection OR have a combination of both.

For your webservices you may use a Balancer to balance the load between your ISPs and provide High Availability also (one ISP goes down). For this you should also use your DNS to amend the dns entries.

In case you are using Incapsula you can have both your websites active at the same time (load balance) and have a WAF,CDN and DDoS protection.

it_user736071 - PeerSpot reviewer
Group General Manager with 11-50 employees
User
2018-04-18T10:02:30Z
Apr 18, 2018

We provide and work with Cloudflare. Based on the requirements, Cloudflare should be able to fulfill it.

How should I get in touch with the user to further address your requirements?

it_user753153 - PeerSpot reviewer
Business Development Manager at a comms service provider with 51-200 employees
Real User
2018-04-18T07:28:13Z
Apr 18, 2018

Sure we can help with DDoS protection.
Please suggest how we shall proceed.

it_user92823 - PeerSpot reviewer
Online Marketing & Development Manager at a engineering company with 501-1,000 employees
Vendor
2018-04-18T05:26:22Z
Apr 18, 2018

We are using Cloudflare which provides a flexible and easy to use DNS management tools + CDN and DDos attach protection (and a lot more)

CA
Support Engineer & IT Professional at SISAP
Real User
2018-04-17T21:29:16Z
Apr 17, 2018

Hello,

The solution will depend for example you wrote that you have two IPS assuming only one site.

You can do a load balance of your services with your edge firewall.
You can do a load balance your services with a WAN load balancer (Radware,F5 or A10 Networks)

If you have two IPS and two different sites you can load balance those with:

BGP at router level before your network
GSLB with A10 Networks

For the anti DDoS you would have multiple choices:

1. Imperva WAF : Incapsula (on the cloud)
2. Arbor APS (on premise, protecting your datacenter and public services)

Let me know if this help you,

it_user569421 - PeerSpot reviewer
User at NSFOCUS
Vendor
2018-04-17T21:29:08Z
Apr 17, 2018

The solution that you are looking is to provide failover to DNS redirections.
NSFOCUS don’t have the ability to make the DNS diversion between sites and provide a load-balance.
Our solution is only to DDoS protection based on BGP advertising or inline mode that could be on-premise (appliance into your network) or cloud.

Let me know if you need more information about it.

it_user582762 - PeerSpot reviewer
Technology Strategist with 51-200 employees
User
2018-04-17T21:26:20Z
Apr 17, 2018

We utilize a few different companies that can provide Managed DDoS and DNS services. I need more info, but so far for your situation I would probably use one of these service providers: Level3 (now CenturyLink), Imperva or Akamai. Please reach out to me at mark@koiconsultants.com to discuss further and help decide which service is best. We can get you in direct contact with their teams immediately.

AH
Manager - Web Development at a engineering company with 1,001-5,000 employees
Real User
2018-04-17T21:13:39Z
Apr 17, 2018

Hi,

Assuming that you have primary and secondary website with the same domain name, configuring it over a cloudflare will provide you an option of simply switching between these websites in no time in case of an ISP failure.

When an ISP goes down, you can just point the DNS of domain to an IP address of secondary website and all the internet traffic will get redirected to the secondary website right away.

For load balancing, I found some useful and relevant information in the link stated below:

https://www.cloudflare.com/load-balancing/

Hope it will helpful.

Kind Regards,

it_user405564 - PeerSpot reviewer
Senior Information Security Analyst at a security firm with 51-200 employees
Vendor
2018-04-17T19:13:41Z
Apr 17, 2018

May I ask what is the reason you cannot use different ISPs at your data centers?
Also, to give you more precise advice can you tell me what scale of DDOS
attack you experienced before and roughly what amount of traffic we are
talking about on average?
Managed DNS is probably easiest approach to design solution you require,
but depending on circumstances may not be the best one.
I'm familiar with cloud flare and their solution offers fair protection
against DDOS.
From my experience, I was involved in multiple similar projects utilizing
a hybrid approach with wan load balancers and cloud services depends on the scale
of project and number of data centers involves. However, despite the fact
that providing different ISP links to different geographical locations
always was tricky I never came across situation it was not possible.
In an ideal world and unlimited budget, you would prefer proper scrubbing
solution to mitigate DDOS and ideally dual ISP at each center with DR site
completely separated or hybrid solution replicating key data between
centers.
Let me know if you can share more details and I will be happy to get my head around it.

it_user816366 - PeerSpot reviewer
Security Consultant at a tech services company with 11-50 employees
Reseller
2018-04-17T19:06:31Z
Apr 17, 2018

First of all, there are two ways to provide cloud DDoS protection fist one is DNS redirection and the second one is BGP prepend change. At first solution, it takes time while DNS announce the change. The second one is faster. But actually your request needs more than this, I can suggest that you focus on BIGIP DNS solution. (When an ISP goes down we need to have internet users redirected to the secondary site. We want our internet services load balanced to both ISP's. )

it_user648771 - PeerSpot reviewer
User at Akamai
Real User
2018-04-17T18:21:14Z
Apr 17, 2018

Akamai FAST DNS is an excellent solution.

it_user669060 - PeerSpot reviewer
Senior Network Consultant with 1-10 employees
User
2018-04-17T17:25:39Z
Apr 17, 2018

I would also have a look at Distil networks, https://www.distilnetworks.com/

it_user791517 - PeerSpot reviewer
Presales Engineer, Solution Architect with 11-50 employees
User
2018-04-17T16:32:49Z
Apr 17, 2018

I would recommend having a glance at Radware solution. Please visit www.radware.com .

I can introduce you to the EMEA account manager, or ask for the AMs of other regions as well.

it_user295044 - PeerSpot reviewer
Director, Security Solutions at NeuStar
Real User
2018-04-17T15:53:12Z
Apr 17, 2018

Of course, we would enjoy providing information to inquiring parties. The question I have is that you asked about DDoS protection, but the request is about DNS Services.

If you can clarify, that would help me with a proper response.

it_user787122 - PeerSpot reviewer
Global Business Development Manager with 11-50 employees
User
2018-04-17T14:32:19Z
Apr 17, 2018

Hi Are You based in Europe ? If so We so we can provide a solution for You. You will get a product + one of our engineer who will help you solve all your problems. please contact me at wm@greywizard.com or through facebook -> https://www.facebook.com/greywizardcom/

Related Questions
Satya Prakash Jha - PeerSpot reviewer
Regional Sales Manager at a tech company with 501-1,000 employees
Sep 23, 2022
Hi community,  I am a Regional Sales Manager at a large tech company. Can you please provide a comparison between the following products: A10 Thunder TPS, Cloudflare, and Corero? What are the pros and cons of each product? Thank you.
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot
Dec 1, 2022
How do you or your organization use this solution? Please share with us so that your peers can learn from your experiences. Thank you!
2 out of 6 answers
AF
Project Manager at a tech services company with 1-10 employees
Apr 26, 2021
We primarily use the solution for security purposes. We use the product for theft and DDoS protection.
RM
President and CEO at Mekas Cloud Services
May 4, 2021
We are an IT consulting company, we provide solutions to our customers. We implement the solutions for our customers. Some of our customers use CloudFlare, some of them are using Imperva and Palo Alto. Our customers use this solution for any web traffic, mostly GCP or to AWS cloud as a backend.
Related Articles
NC
Content Manager at PeerSpot (formerly IT Central Station)
Apr 25, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Distributed Denial of Service (DDO...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Mar 18, 2022
Hi community members, Here we go with a new Community Spotlight. We publish it to help YOU catch up on recent contributions by community members. Trending What open-source HCI solution do you recommend? How much time does SSO save? What are the main technical differences between Microsoft Power Automate and Blue Prism? Articles Top HCI in 2022 What is Web Design? The Ultima...
Product Comparisons
Related Articles
NC
Content Manager at PeerSpot (formerly IT Central Station)
Apr 25, 2022
Top 8 Distributed Denial of Service (DDOS) Protection Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Mar 18, 2022
Community Spotlight #10
Hi community members, Here we go with a new Community Spotlight. We publish it to help YOU catch...
Download Free Report
Download our free Distributed Denial of Service (DDOS) Protection Report and find out what your peers are saying about Cloudflare, Imperva, Sucuri Security, and more! Updated: January 2023.
DOWNLOAD NOW
670,523 professionals have used our research since 2012.