|
TCPWave has combined two diverse DNS technologies in one appliance. ISC BIND and our own diverse DNS technology that is more efficient and more secure than BIND. Our appliance can automatically switch to the secondary DNS if there are problems or attacks on the primary DNS software. Our appliance comes with Quagga running BGP (or OSPF) to provide advanced Anycast routing for unsurpassed disaster recovery. We include feature-rich dashboard reporting tools and charts; so your NOC can receive real-time alarms, history, trending, and general health of the DNS service. The appliance includes NTP and DNS SEC, and port randomization. Additionally, we developed features such as; black hole detection, flood detection, sanity checks, auto restart, packet capture, automatic Cache-to-Master recovery, packet capture, and a host of security features that will reduce the chance of a bug or attack. Including the ability to detect, identify, report and shutdown, an attempted DNS attack. Today, there are no DNS providers that can deliver the DNS redundancy, routing ability, and security that TWC DNS offers. We are the only DNS company that has successfully bundled all of this advanced technology, and routing ability, in a DNS appliance.
We provide 24h support backed by the most comprehensive SLA in the industry. Plus we custom design our appliance to work with your existing infrastructure so you don't need to forklift your DNS; allowing you to take advantage of all of our improvements while staying within budgets.
Features Include:
- DNS Diversity: Running in a Chroot environment, you will have two DNS servers, TWC DNS and ISC BIND DNS software, each backing up the other, neither sharing the same code, for true diversity. When a bug is discovered, or a problem interrupts one DNS software, you DNS server automatically toggles over to the other. Then notifies your NOC detailing what the problem was.
- Serve when Sane: TWC DNS self monitors, if problems are detected, and not repaired by auto restart, then the NOC is notified using SNMP, the server shuts itself down, and traffic is rerouted using BGP. Sys log and query logs are captured
- Auto restart: Any of the primary software; TWC DNS, BIND, BGP, SNMP, NTP, will auto restart if there is an interruption in service or if a problem is detected. The auto restart feature will attempt to fix the problem three times. If the problem persists the server will shut down, and automatically reroute traffic to the other servers. Your NOC will be notified each step of the way.
- DNS Flood Detector: TWC DNS will detect top talkers or anomalies, then send an alarm to the NOC, including the offending IP address, allowing you to block the address and investigate the problem.
- Cache to Master: TWC DNS has the ability to switch over to an emergency non-recursive authoritative server when isolated from the production network. Then, when connections to the DNS roots are restored, it will automatically switch back to a recursive server. Zones are pulled daily.
- Black Hole detection: If a faulty router is still running BGP when DNS is down, TWC DNS will stop sending requests to that router and notify the NOC.
- Packet Capture: TCPDump is included for packet capture. The packet trace can be loaded into Wireshark for analysis. Query Scrubber: TWC DNS sanitizes query result. Any data that the scrubber can not confirm as authoritative will not be added to the cache.
- Source Port Randomization: The range of random ports can be specified by the customer.
- DNS SEC: DNS SEC is built into the platform, not bolted on independently the way most DNS providers have added this security feature.
Dashboard: TWC DNS is integrated with SNMP to send traps to any SNMP compatible dashboard including Cati, Smarts, Open View, Info Vista, or Ops View.
- We allow your NOC to monitor and record: CPU, memory, and disk space
- TWC DNS can sends alarms based on your parameters
- Provide charts for capacity planning and fault management
- Monitors all service applications: TWC or ISC DNS, SNMP, NTP, Zebra's BGP or OSPF
- RRD Round Robin Database
IS Compliance and added security:
- Password hygiene- Encryption algorithm called SHA- 512 for password hashes using TWOS
- Optional TACACS, Safe word, or other secure logins are available.
- Only one functional account called twcadmin for management of the appliance
- Restrictions on twcadmin available such as blocking any changes or downloads to the OS
- All logins to the appliance take place via VMware console / console account
- SSH Trust optional, and can be turned off, Root logins are not permitted
- All actions are logged and auditable
- TWC DNS supports GGS TSIG
- CLI only. No graphical interface – port 80 is not opened
Security Updates: TCPWave is the single stop for getting patches and notifications about Quagga, NTP and DNS vulnerabilities. TCPWave is on First-to-be-Notified "Priority" lists for notifications, patches, and exploits. Our security experts leverage our partnerships and maintain memberships with several communities and groups that focus on routing, DNS, and the hacker community.
|
