Skip to content

Superior Performance with DNS Load Balancing PowerDNS DNSdist

DNSdist is a unique DNS proxy and load balancer that brings out the best possible performance in any DNS deployment. It optimizes DNS traffic in front of the PowerDNS Recursor, and both are normally deployed together to provide an unrivaled feature set for DNS services. However, DNSdist can also be deployed with any legacy DNS server on the network, letting your users benefit from DNSdist’s advantages with your legacy DNS installation. This provides your internet users with optimized delivery, while adding an additional layer of security through DNS encryption with DoT and DoH, and protection against DDoS and abusive traffic.

balancers-01

DNS-aware load balancer for DNS traffic in front of recursive or authoritative servers

protection-01-1

Protection against malicious and abusive traffic, e.g. DDoS, DNS tunneling and exfiltration

DNS encryption-01-1

Supports DNS encryption with DoT and DoH to allow incoming encrypted traffic from a DNS client

124565ddf4 -01

Works seamlessly with PowerDNS Recursor, but can also be used in front of legacy servers

DNS Encryption Whitepaper

Download the DNS encryption whitepaper to learn more about DoH and DoT with DNSdist.

rapid-secure-internet-experience

For a Rapid, Secure Internet Experience

DNSdist protects and filters internet users’ DNS traffic and acts as a load balancer in front of recursive servers. It is a highly DNS-, DoS- and abuse-aware load balancer that routes requests from your internet users to the best available server. DNSdist optimizes the DNS traffic of hundreds of millions of internet users all around the world, providing top performance and rapid content delivery.

DNS-Aware Load Balancing

DNSdist is a uniquely powerful DNS proxy that offers DNS-aware load balancing using a variety of balancing and high availability techniques. It provides a policy engine for smart routing of outgoing queries to allow distribution to ‘backend’ resolvers in a dynamic way, for example, using ‘round robin’ or sending queries to the PowerDNS Recursor that has the fullest cache.

dns-aware-load-balancing
dns-encryption-with-doh-and-dot

DNS Encryption with DoH and DoT

DNSdist supports incoming DNS over TLS (DoT) and DNS over HTTPS (DoH) connections to encrypt traffic from the client to DNSdist. This lets you offer additional privacy to your internet users and protect their personal data against interception and profiling. Providing an encryption-capable DNS resolver is vital for Internet Service Providers in order to prevent DNS requests moving to ‘OTT DNS providers’. DNSdist provides such an encrypted DNS service and lets network operators keep control over users’ DNS traffic.

Learn more about PowerDNS in action

quad9logo-1

Contributing to Quad9's encrypted DNS service

Supporting Quad9 in providing a worldwide encrypted, privacy-friendly public DNS resolving service.

Protection against DDoS and Abuse

DNSdist is highly optimized to protect against malicious and abusive traffic. A flexible policy engine allows the enabling of new rules and filters to suit the characteristics of local traffic. Combined with rate limiting of incoming requests per IP address/CIDR, it provides comprehensive protection against DDoS attacks. DNSdist also detects and blocks DNS tunneling and exfiltration and prevents misuse of the DNS services as a communication channel. A reporting interface provides query statistics, hit rates and status notifications, letting you monitor performance and protective activities.

protection-against-ddos-and-abuse
fully-capable-with-powerdns-or-legacy-dns

Fully Capable with PowerDNS or Legacy DNS

DNSdist is ideal to balance DNS traffic in front of the PowerDNS Recursor. However, it can also be used in front of third-party DNS resolvers, allowing operators to add the advantages of DNSdist to their legacy DNS recursive servers. This flexibility lets operators add DoH and DoT DNS encryption standards to their setup. With PowerDNS Cloud Control, we also offer the option to implement DNSdist on Kubernetes platforms for cloud-native installations. Regardless of your deployment, PowerDNS experts are available to assist with support and services whenever needed.

DNSdist in a Nutshell

DNSdist is a state-of-the-art DNS-aware load balancer that protects, balances and filters internet users’ DNS traffic in front of recursive servers and is used to optimize the DNS traffic of hundreds of millions of internet users. It includes protection against malicious and abusive traffic, such as DDoS attacks, DNS tunneling and exfiltration. To meet specific needs and local requirements, DNSdist is completely flexible and customizable, based on a LUA scripting language. It comes with the crucial DNS encryption support for DoH and DoT that is required today, ultimately letting you retain control over your internet users’ DNS traffic and all the possibilities and advantages that come with it. A monitoring interface provides you with data, analysis and notifications about performance and attacks. Of course, DNSdist is built to interact seamlessly with the PowerDNS Recursor, but also improves and adds additional functionality (such as encryption) to your existing DNS recursive servers.

Contact us to learn more about our products.