Cloud provider, Rackspace, improves connectivity with DNS Firewall

The challenge

As the leading provider of managed cloud services, Rackspace is always looking for ways to augment its multi-layered approach to security and stay ahead of the threats from Distributed Denial of Service (DDoS) attackers looking to exploit its global infrastructure and highly connected customer base.

High volumes of domain queries across the company’s infrastructure are an integral part of usual operations, but Rackspace was looking for ways to reduce traffic related to malicious domains and help ensure that the infrastructure wasn’t used by botnets to mount DDoS attacks. In addition to these security concerns, DDoS attacks were also parasites on their infrastructure, stealing bandwidth to carry out their malicious attacks.

The solution – DNS Firewall Threat Feeds delivered as a zone transfer feed

After a market analysis of different options, Rackspace worked with Spamhaus’ value-added delivery partner, SecurityZones, to fully deploy DNS Firewall. This included developing a pilot to ensure technical compatibility and delivery requirements with the monitoring of results prior to full implementation.

Rackspace chose to have DNS Firewall Threat Feeds delivered as a zone transfer feed to ensure domain queries were filtered on their own DNS servers to reduce latency and because they had the skills available to implement directly.

Rackspace uses industry standard BIND servers for DNS resolution and the zone transfer feed was test integrated.  Almost immediately it was delivering results; blocking malicious domains without the installation of any additional hardware.

The results – improved customer protection and connectivity

Rackspace’s customers rely on their users to have a uninterrupted online experience. For eCommerce customers that means a seamless experience from advertising through to the online store and final purchase. Underpinning this is multiple DNS resolution across different sites so any interruption would have an immediate business impact, therefore testing was a vital component to this deployment.

Following checks for technical compatibility with BIND servers and reviews of the volume of alerted traffic, DNS Firewall was made operational.

“Outbound beaconing from botnets can be a precursor to DDoS attacks so we are really excited to minimize this type of traffic and interrupt a critical component of a DDoS attack.” Jason Bratton, Manager System Engineering, Rackspace

The implementation drastically cut down on botnet and other malicious Command & Control beaconing traffic. Each beaconing message is very small but an active botnet can consume massive amounts of bandwidth when it is switched on to mount a DDoS attack. Rackspace was able to virtually eliminate this traffic with no impact on customers’ business flows.

To sign up for a free 30 day trial of DNS Firewall, click here.