Hardened physical appliances

delivered to over 101 countries worldwide

 

TCPWave has combined two diverse DNS technologies in one appliance and can inject routes with intelligence into the network via BGP or OSPF. The appliances have ISC BIND and our own diverse DNS technologies. We primarily partner with Dell and offer an appliance that can be shipped globally and can be serviced globally. We are a strategic Dell partner. Our appliance can automatically switch to the secondary DNS software if there are problems or attacks on the primary DNS software. Our appliance comes with Quagga running BGP (or OSPF) to provide advanced Anycast routing for unsurpassed disaster recovery. We include feature-rich dashboard reporting tools and charts; so your NOC can receive real-time alarms, history, trending, and general health of the DNS service. There are multiple modules with smart logic built via SNMP. The TCPWave appliances include NTP and DNSSEC. Additionally, we developed features such as black hole detection, flood detection, sanity checks, auto restart, packet capture, automatic Cache-to-Master recovery and a host of security features that will reduce the chance of a bug or attack. Our appliances have the ability to detect, identify, report and shutdown, an attempted DNS DDOS attack. Today, there are no DNS providers that can deliver the DNS redundancy, intelligent routing ability, and security that TCPWave offers. We are the only DNS company that has successfully bundled all of this advanced technology and routing ability in a hardened DNS appliance.

We provide 24h support backed by the most comprehensive SLA in the industry. Plus we custom design our appliance to work with your existing infrastructure so you don't need to forklift your DNS; allowing you to take advantage of all of our improvements while staying within budgets.

Features Include:

  • DNS Diversity: Running in a chroot environment, you will have two DNS servers, TWC DNS and ISC BIND DNS software, each backing up the other, neither sharing the same code, for true diversity. When a bug is discovered, or a problem interrupts one DNS software, the appliance automatically toggles over to the other. Then it notifies your NOC detailing what the problem was via SNMP.
  • Serve when Sane: The TCPWave appliances do self monitoring. If problems are detected, and not repaired by auto restart, then the NOC is notified using SNMP, the server shuts itself down, and traffic is rerouted using OSPF/BGP. Sys log and query logs are captured.
  • Auto restart: Any of the primary software; TWC DNS, BIND, BGP, SNMP and NTP will auto restart if there is an interruption in service or if a problem is detected. The auto restart feature will attempt to fix the problem three times. If the problem persists the server will shut down, and automatically reroute DNS and NTP traffic to the other servers. Your NOC will be notified each step of the way.
  • DNS Flood Detector: TCPWave's appliances will detect top talkers or anomalies, then send an alarm to the NOC, including the offending IP address, allowing you to block the address and investigate the problem.
  • Cache to Master: TCPWave appliances have the ability to switch over to an emergency non-recursive authoritative server when isolated from the production network. Then, when connections to the DNS roots are restored, it will automatically switch back to a recursive server.
  • Black Hole detection: TCPWave appliances will automatically shutdown routing if the DNS process is not responding. We have added dependencies which get triggered periodically to determine if the DNS appliance performing a DNS Blackhole.
  • Packet Capture: TCPDump is included for packet capture. The packet trace can be loaded into Wireshark for analysis. 
  • Query Scrubber: TWC DNS sanitizes query result. Any data that the scrubber can not confirm as authoritative will not be added to the cache.
  • Source Port Randomization: The range of random ports can be specified by the customer.
  • DNSSEC: DNSSEC is built into the platform, not bolted on independently the way most DNS providers have added this security feature.

Dashboard: TWC DNS is integrated with SNMP to send traps to any SNMP compatible dashboard including Cati, Smarts, Open View, InfoVista, or Ops View.

  • We allow your NOC to monitor and record: CPU, memory, and disk space
  • TWC DNS can sends alarms based on your parameters
  • Provide charts for capacity planning and fault management
  • Monitors all service applications: TWC or ISC DNS, SNMP, NTP, Zebra's BGP or OSPF
  • RRD Round Robin Database

IS Compliance and added security:

  • Password hygiene- Encryption algorithm called SHA- 512 for password hashes
  • Optional TACACS, Radius, LDAP, Safeword, or other secure logins are available.
  • Only one functional account called twcadmin for management of the appliance
  • Restrictions on twcadmin available such as blocking any changes or downloads to the OS
  •  Root logins are not permitted
  • All actions are logged and auditable
  • TWC DNS supports GGS TSIG
  • CLI only. No graphical interface – port 80 is not opened
  • No complex Java processes, no insecure ports, no need to schedule downtime to address any non-DNS security patches.

Security Updates: TCPWave is the single stop for getting patches and notifications about Quagga, NTP and DNS vulnerabilities. TCPWave is on First-to-be-Notified "Priority" lists for notifications, patches, and exploits. Our security experts leverage our partnerships and maintain memberships with several communities and groups that focus on routing, DNS, and the hacker community.

Click here to read more about Anycast DNS and routing (Our Whitepaper)