2019-08-22 08:21Blog post

How to secure your DNS services

If you use just one DNS provider or solution, you expose your business to unnecessary risk. In this post, we will take a look at:
  • the importance of a secondary DNS service

  • what you should think about when it comes to optimising your DNS setup

  • how to protect your network from DNS outage and DDoS attack


What are primary and secondary DNS servers?

All domains require a primary name server. The primary name server holds all the resource records and responds to DNS queries for your domain. Secondary name servers hold a copy of the information on the primary name server. They function as always-on name servers. If your primary name server suffers any kind of outage, your secondary name server will respond to DNS queries for your domain. In addition, secondary name servers are an extremely efficient and cost-effective way to ensure users a quicker and more reliable experience even when the primary name server is running normally. This is because secondary name servers enable you to reduce latency and balance load requests. 

Without a secondary name server you run the risk of providing users with slow and unreliable service and, more significantly, of suffering a major outage if your primary server goes down. Such outages have become increasingly common in recent years with the rise of Distributed Denial of Service (DDoS) attacks. 

DNS outage and DDoS attack

Some of the most widely reported network outages in recent years have been the result of DDoS attacks. In 2016, a large DNS provider suffered one of the largest DDoS attacks on record. This attack resulted in some of the biggest online retailers, media companies, gaming platforms and e-payment services suffering severe disruption and widespread outages.

Put simply, DDoS attacks overwhelm a network, server, website or online service by sending vast amounts of malicious traffic. As cyberattackers use increasingly sophisticated tactics and malware to take control of machines and IoT devices, the amount of malicious traffic that can be unleashed towards a target has grown significantly. As well as increasing in size, the number of DDoS attacks is rising year on year. Globally, the total number of DDoS attacks are predicted to reach 14.5 million per year by 2022, up from 7.5 million attacks per year in 2017. It has become not a question of if your business (or DNS provider) will be hit with a DDoS attack, but when. So what steps can you take to ensure your businesses networks, services and websites are protected?

Secondary DNS for your business

One of the easiest and most cost-effective protection strategies is to have a secondary DNS service from a reputable provider. You should look for a DNS provider that has:

  • a large global footprint

  • experience mitigating DDoS attack

  • a robust anycast DNS network

Experience mitigating DDoS attacks is essential because it means attacks can be identified and bad traffic filtered out before any damage is caused. Any remaining malicious traffic can then be easily absorbed by the anycast network which balances traffic across multiple servers around the world. This protects your business form having just one server handling DNS requests for your domain and being exposed to the very real risk of being knocked offline as a result of attack or outage.

Netnod’s Secondary DNS services 

Millions of customers and end users benefit from Netnod’s DNS services every day. We serve many of the largest Top-Level Domain (TLD) customers globally and provide an Enterprise service (via partners). We also operate one of the 13 DNS root name servers in the world. 

We have developed one of the largest, most advanced DNS anycast networks in the world. Our network is available in more than 70 locations globally which means that millions of users throughout the world are always directed to the closest available server. This ensures a quicker, more reliable experience for them and the most resilient, secure and easy to manage DNS services for customers providing web services. 

Netnod Enterprise DNS services are available via our partners, who are listed here.
If you want to become a partner, or for more information on how we can help your business, you can contact me at:

Netnod Internet Exchange i Sverige AB

Miguel Alktun
+46 76 126 98 66

Topics: DNS

About Netnod

Netnod provides critical infrastructure support ranging from interconnection services and Internet Exchanges to DNS services, root server operations and activities for the good of the Internet. As innovators at the core of the Internet with a worldwide reputation for our services and the expertise of our staff, we ensure a stable and secure Internet for the Nordics and beyond. Netnod’s range of activities include: running interconnection services and the largest Internet Exchange in the Nordics (länka till, https://www.netnod.se/ix) providing secondary DNS services to partners, enterprises and some of the largest TLDs in the world (länka till, https://www.netnod.se/dns) operating I-root, one of the world’s 13 root name servers (länka till, https://www.netnod.se/i-root) providing Time and Frequency (NTP, NTS and PTP) services for Sweden (Länka till https://www.netnod.se/time-and-frequency) Established in 1996 as a neutral and independent Internet infrastructure organisation, Netnod is based in Sweden and fully owned by the non-profit foundation TU-stiftelsen (Stiftelsen för Telematikens utveckling).