Hyperscale and Protect Your DNS While Optimizing Global App Delivery

Scaling and securing every environment helps protect your business from site outages and improves DNS and application performance. Securing DNS infrastructures from the latest distributed denial-of-service (DDoS) attacks and protecting DNS query responses from cache-poisoning redirects will help keep your business online and viable. But to fully achieve these goals, you need efficient ways to monitor DNS infrastructure and application health and to scale on demand to meet exact requirements. F5® BIG-IP® DNS (formerly BIG-IP® Global Traffic Manager™) distributes DNS and user application requests based on business policies, data center and cloud service conditions, user location, and application performance. The BIG-IP platform delivers F5’s high-performance DNS services with visibility, reporting, and analysis; hyperscales and secures DNS responses geographically to survive DDoS attacks; delivers a complete, real-time DNSSEC solution; and ensures high availability of global applications in all hybrid environments.

Unmatched DNS Performance

BIG-IP DNS delivers hyperscale performance that can handle even the busiest sites. When sites have a volume spike in DNS queries due to legitimate requests or DDoS attacks, BIG-IP DNS manages requests with multicore processing and F5 DNS Express™, dramatically increasing authoritative DNS performance up to 50 million RPS to quickly respond to all queries. This helps your organization provide the best quality of service (QoS) for your users while eliminating poor application performance. DNS Express improves standard DNS server functions by offloading DNS responses as an authoritative DNS server. BIG-IP DNS accepts zone transfers of DNS records from the primary DNS server and answers DNS queries authoritatively.

Benefits and features of multicore processing and DNS Express include:

  • High-speed response and DDoS attack protection with in-memory DNS
  • Authoritative DNS replication in multiple BIG-IP or DNS service deployments
    for faster responses
  • Authoritative DNS and DNSSEC in virtual clouds for disaster recovery and fast,
    secure responses
  • Scalable DNS performance for quality of app and service experience
  • The ability to consolidate DNS servers and increase ROI

In cases of very high volumes for apps and services or a DNS DDoS attack, BIG-IP DNS hyperscales in Rapid Response Mode (RRM) up to 100 million RPS. It extends availability with unmatched performance and security—absorbing and responding to queries at up to 200 percent of the normal limits. See page 13 for performance metrics and details.

DNS Caching and Resolving

DNS latency can be reduced by enabling a DNS cache on BIG-IP DNS and having it respond immediately to client requests. BIG-IP DNS can consolidate the cache and increase the cache hit rate. This reduces DNS latency up to 80 percent, with F5 DNS caching reducing the number of DNS queries for the same site. When used in hardware on the F5 VIPRION® platform, DNS caching hyperscales for ultimate query response performance. In addition to caching, BIG-IP DNS allows the device to do its own DNS resolving without requiring the use of an upstream DNS resolver.