Superior Performance with DNS Load Balancing PowerDNS DNSdist
DNSdist is a unique DNS proxy and load balancer that brings out the best possible performance in any DNS deployment. It optimizes DNS traffic in front of the PowerDNS Recursor, and both are normally deployed together to provide an unrivaled feature set for DNS services. However, DNSdist can also be deployed with any legacy DNS server on the network, letting your users benefit from DNSdist’s advantages with your legacy DNS installation. This provides your internet users with optimized delivery, while adding an additional layer of security through DNS encryption with DoT, DoH, DoQ and DoH3, and protection against DDoS and abusive traffic.
DNS-aware load balancer for DNS traffic in front of recursive or authoritative servers
Protection against malicious and abusive traffic, e.g. DDoS, DNS tunneling and exfiltration
Supports all standardized DNS encryption mechanisms to allow incoming encrypted traffic
Works seamlessly with PowerDNS Recursor, but can also be used in front of legacy servers
DNS Encryption Whitepaper
Download the DNS encryption whitepaper to learn more about DoT, DoH, DoQ and DoH3 with DNSdist.
For a Rapid, Secure Internet Experience
DNSdist protects and filters internet users’ DNS traffic and acts as a load balancer in front of recursive servers. It is a highly DNS-, DoS- and abuse-aware load balancer that routes requests from your internet users to the best available server. DNSdist optimizes the DNS traffic of hundreds of millions of internet users all around the world, providing top performance and rapid content delivery.
DNS-Aware Load Balancing
DNSdist is a uniquely powerful DNS proxy that offers DNS-aware load balancing using a variety of balancing and high availability techniques. It provides a policy engine for smart routing of outgoing queries to allow distribution to ‘backend’ resolvers in a dynamic way, for example, using ‘round robin’ or sending queries to the PowerDNS Recursor that has the fullest cache.
DNS Encryption Mechanisms
DNSdist supports incoming DNS over TLS (DoT), DNS over HTTPS (DoH), DNS over QUIC (DoQ) and DNS over HTTP/3 (DoH3) connections to encrypt traffic from the client to DNSdist. This lets you offer additional privacy to your internet users and protect their personal data against interception and profiling. Providing an encryption-capable DNS resolver is vital for Internet Service Providers in order to prevent DNS requests moving to ‘OTT DNS providers’. DNSdist provides such an encrypted DNS service and lets network operators keep control over users’ DNS traffic.
Learn more about PowerDNS in action
Contributing to Quad9's encrypted DNS service
Supporting Quad9 in providing a worldwide encrypted, privacy-friendly public DNS resolving service.
Protection against DDoS and Abuse
DNSdist is highly optimized to protect against malicious and abusive traffic. A flexible policy engine allows the enabling of new rules and filters to suit the characteristics of local traffic. Combined with rate limiting of incoming requests per IP address/CIDR, it provides comprehensive protection against DDoS attacks. DNSdist also detects and blocks DNS tunneling and exfiltration and prevents misuse of the DNS services as a communication channel. A reporting interface provides query statistics, hit rates and status notifications, letting you monitor performance and protective activities.
Fully Capable with PowerDNS or Legacy DNS
DNSdist is ideal to balance DNS traffic in front of the PowerDNS Recursor. However, it can also be used in front of third-party DNS resolvers, allowing operators to add the advantages of DNSdist to their legacy DNS recursive servers. This flexibility lets operators add DNS encryption standards (DoT, DoH, DoQ and DoH3) to their setup. With PowerDNS Cloud Control, we also offer the option to implement DNSdist on Kubernetes platforms for cloud-native installations. Regardless of your deployment, PowerDNS experts are available to assist with support and services whenever needed.
DNSdist in a Nutshell
DNSdist is a state-of-the-art DNS-aware load balancer that protects, balances and filters internet users’ DNS traffic in front of recursive servers and is used to optimize the DNS traffic of hundreds of millions of internet users. It includes protection against malicious and abusive traffic, such as DDoS attacks, DNS tunneling and exfiltration. To meet specific needs and local requirements, DNSdist is completely flexible and customizable, based on a LUA scripting language. It comes with the crucial DNS encryption support for DoT, DoH, DoQ and DoH3 that is required today, ultimately letting you retain control over your internet users’ DNS traffic and all the possibilities and advantages that come with it. A monitoring interface provides you with data, analysis and notifications about performance and attacks. Of course, DNSdist is built to interact seamlessly with the PowerDNS Recursor, but also improves and adds additional functionality (such as encryption) to your existing DNS recursive servers.
Contact us to learn more about our products.