The Importance of
DNS Encryption for Internet Providers
DNS, as the ‘phonebook of the internet’, is a vital part of the infrastructure, needed to provide users with an optimized internet experience. Almost without exception, every action on the internet, from visiting a website, using a service via a mobile app or checking and sending emails, starts with the client looking up the IP addresses of the service using the domain name system. As such, DNS forms a critical control point on the internet, which processes lots of information and personal data.
Value User Privacy
Even though DNS is an important part of providing internet services, until recently, it remained one of the last ‘non-encrypted’ protocols. This created the potential risk of very personal data being intercepted. The IETF encryption standards DNS over HTTPS (DoH) and DNS over TLS (DoT) are changing this. DoH and DoT enhance user privacy by encrypting DNS queries and responses while in transit. Make sure you protect your customers’ privacy by leveraging DNS encryption.
Read more about the benefits of encrypted DNS for internet providers in our whitepaper.
Protect Your Subscribers’ DNS from ‘Over the Top’ providers
Together with DNS encryption, a new trend has emerged in recent years. DNS is moving away from internet service providers. Subscribers transition their DNS, sometimes deliberately, most of the times unwittingly, to ‘over the top’ cloud DNS providers who offer encrypted DNS services. This completely bypasses operators’ DNS and reduces the influence that internet service providers have over a user’s internet experience. It also means that a third party now plays an important role in a subscriber’s internet service. Using DNS for optimizing traffic to CDNs is no longer possible, resulting in an on average higher load on an ISP’s backbone network. And, moving the traffic back to an ISP’s resolver is hard to achieve.
Source: Journal of Cyber Policy - ‘Moving the traffic back to an ISP’s resolver is hard to achieve.’
Stay in Control of Your DNS
Losing your subscribers’ DNS traffic to public vendors results in serious consequences for providers, with reduced control over their own networks. Offering optimized DNS-based services to stand out from competitors involves key differentiators such as superior DNS performance and latency, location-based content delivery and complying with governmental regulations. It also means safeguarding subscribers by detecting malicious activities, filtering malware, providing family protection, offering IoT security and other value-added services based on DNS. All these DNS-based solutions are at risk. Even worse: end-users are unlikely to understand the difference and will blame the operator for any third-party DNS outage, slowness or security issue.
DNSdist Provides Encryption to Your DNS Installation
Internet service providers, take a deep breath! PowerDNS offers a solution. Our DNS proxy and load balancer DNSdist offers a wide variety of features and protective measures that include DNS encryption with DoH and DoT. It can be placed in front of PowerDNS Recursor and any legacy DNS resolver, providing all operators the opportunity to add encryption to their DNS service. This prevents moving unencrypted DNS to public vendors. Internet service providers keep control over their customers’ DNS traffic and all the valuable services that come with it.
Learn more about DNS encryption with our DNS proxy and load balancer DNSdist.