Navigation

Nethost DNS Stack

Security and accessibility is key for us. For the operation of our own services server management and server server or application hosting is required to provide secure, fast, redundant, and trusted authoritative dns servers. Along with them also servers for resolving forward and reverse records within the requirements for dns from our managed systems. Therefore, we run servers as part of our dns-stack from several locations (see map below), where they are also least doubled in each location.

For the operation of customer systems, which are usually accessible through a public domain name system, it is necessary to ensure the operation of authoritative dns servers in the highest quality.

Public address resolving systems cannot be relied upon to run managed servers and ensure trustworthiness. To ensure availability, it is necessary to run non-authoritative resolvers for our systems. Valid and fast response of dns servers is together with ntp servers to ensure the absolute accuracy of the system time management system – a basic parameter for the operation of eg geolocation services.

We use the following measures to ensure individual requirements

High security

• We run our nameservers on various versions of dns software
• All publicly available nameservers are not master-dns
• All dns contain ids / ips protection
• All dns servers in the stack have dedicated roles
• All dns servers support dnssec by default
• Each customer optionally has their own keyset

Quick updates

• Production systems are controlled by non-public master-dns
• Servers support dynamic zone reload and AXFR notifications
• Servers support individual TTL and expiration settings

Operational and geographic redundancy

• Servers are run on different DNS software and different OS
• Servers are located in data centers on backbone networks
• DNS stacks are connected to at least 10Gbit / s networks in each location
• Servers are operated with a dual connection against the switch-stack

Comfortable configuration

• We have a clear and intuitive administration
• Our administration supports all dns server settings
• We comfortably manage both A (IPv4) and IPv6 records

Quick response from around the world

• We operate servers all over the world, in 15 locations on the backbone network
• We optionally offer services of operation of anycast dns servers
• Our servers support the geographical diversity of responses
• We run our servers exclusively dualstack (IPv4 / IPv6)

High capacity and reserve

• We run servers on powerful hardware
• We allocate more than 3× more necessary resources to the server
• We expand servers if the utilization of the node exceeds 20%
• We perform load distribution optimization

IP hijacking protection

• We choose only trusted providers
• We choose only providers where we have other technology on L2
• We use IP trap and IP monitoring

Protection against DDoS attacks

• We choose only data centers with implemented DDoS protection
• For servers we pay extra protection up to the level of the 7th layer (Layer7)
• The servers contain our own IPS / IDS protection ASFA