in this section:
- company overview
- about us
- our brands
- president’s message
- our network
- our vision
- client successes
The Keys to the Internet
CDNS & CommunityDNS
The longtime leader in providing unprecedented levels of security and capacity.
From day one CommunityDNS has always ensured resilience through incorporating exceedingly-high levels of security and efficiency into its platform design.
Early pioneering with implementations of DNSSEC, IPv6 and IDNs have allowed CommunityDNS to be early leaders and adopters, providing operational experience for such important Internet initiatives.
Three Basic Principles:
“Speed” is the unspoken word in DNS capacity. The initial design of CommunityDNS’ nodes was optimized for speed; providing the second foundational element to CommunityDNS’ success.
Economies, enterprises and users depend on the internet. Resilience of the DNS is important. The third foundational element towards CommunityDNS’ success is creating a network designed for resilience.
About Community DNS
The longtime leader in providing unprecedented levels of security and capacity. From day one CommunityDNS has always ensured resilience through incorporating exceedingly-high levels of security and efficiency into its platform design. Recognizing the importance of DNSSEC, IPv6 and IDNs have allowed CommunityDNS to be leaders and early adopters, providing operational experience for such important Internet initiatives.
Read More: Our Brochure
CDNS has a proven record for software and technology systems innovations since 1994 and has been providing DNS Resolution Services since 1996, since which time we have managed to maintain a 100% uptime for our customers.
We serve a lot of Domains
We currently provide DNS service to some of the world's top ccTLDs and registries including .EU, .PL and .BE and continue to expand our customer base and global market presence. With a constantly expanding Anycast network running some of the fastest, safest and most capable DNS technology in the world it is no wonder that CDNS has quickly become an established, trusted and respected provider in the fast-paced and competitive DNS sector. Hear for yourself from some of our satisfied customers and find out how CDNS can help you provide a better DNS service to your customers.
GLOBAL ANYCAST DNS
The Community DNS Anycast platform has been tested to a capacity of 500 million names, answering in excess of 100,000 queries per second (6 million queries per minute, 8.6 billion queries per day) on each server in its Anycast constellation, giving it ample capacity to thwart even the most sophisticated DDOS attacks of today.
The Community DNS Anycast platform has the capacity under existing configurations to accommodate the dramatic growth of any DNS Operator in the world.
See our global network: Node Locations
Capacity & Performance
CDNS and CommunityDNS are able to handle extremely large zone files (well in excess of 4-5 times the total number of ALL domain names that exist today), and remain operational with very slight degredation in performance response time and throughput.
DNSSEC & INTERNET ROOT KEY TRUST
As seen in the introductory video above. Paul Kane, the president of CDNS, was selected as one of the seven key holders of the signed Internet DNS Root Zone file, at the heart of the Internet DNS Infrastructure.
Read more about the Root Key: KTLA Article
Mission Critical Infrastructure
Fast, Responsive, Reliable DNS
Monitoring, Measurement & Alerts
“This is one of the coolest companies that I've had the privilege of leading in my long technology career. We are doing exciting things, and we have gathered the best and the brightest people, made amazing technology, and made it available at fair rates.
We literally create solutions that meet or exceed the most stringent military requirements for communications. Our focus on proprietary performance enhancements to the security, capcity and response of the DNS has been a great way to keep brilliant minds doing amazing things that benefit millions of people every day.
CDNS and Community DNS are quietly operating hundreds of thousands of DNS lookups per second in over 40 datacenters world wide.
I am personally pleased to have you interested to learn more, and I hope you are attracted to using CDNS and Community DNS as a provider.”
CDNS and CommunityDNS have one of the largest and most secure Anycast DNS constellations in service on the Internet.
With over 40 locations in over 30 countries (and growing!) in constant steady-state operation, your
domains are certain to be operational.
FUTURE COMPATIBLE AND GROWING.The impressive list above contains 42 locations. The network is designed to scale to thousands of nodes with little effort or overhead.
Our vision is simple — providing a platform to resolve the world’s queries.
Economies, organizations and people rely on the Internet. A resilient Internet is important as it aids in economic stability with country’s online presence based upon excellence.
CommunityDNS, through its unique platform, allows countries and organizations to realize excellence in their operational resilience with their DNS by providing a platform that is exceedingly-secure, has extraordinarily vast amounts of capacity and provides for high resilience. Utilizing CommunityDNS provides platform diversity as well as established experience in DNS, DNSSEC, IPv6 and IDNs.
So yes, resilience is key. It’s important. And that is why, through developing a platform engineered for security, optimized for speed and designed for resilience, CommunityDNS can truly provide a platform for resolving the world’s queries.
“One of the key services is to ensure robustness and resilience of our network infrastructure. Our choice was CommunityDNS which proved to be very, very efficient from all perspectives including the reporting which, for us is quite important. We are very happy with the service we are receiving from CommunityDNS.”
“Obviously security is an important issue. We want to offer our .BE domain holders value-added resilience for .BE domain name registration. Just operating a set of individual name servers just doesn’t do the trick in terms of security. Therefore we gladly teamed up with CommunityDNS."
“We have used CommunityDNS for over 2 years. We are very pleased with the service. It’s very good.”
“To maintain contact with the Philippines, large numbers of expatriates seek .PH-based sites.
We have chosen CommunityDNS to support my company’s continued growth as our global DNS Anycast provider due to CommunityDNS’s record of uptime, global footprint and demonstrated levels of operational capacity”
“The IGF has been given the mandate to provide a platform for multi-stakeholder policy dialogue on matters related to Internet governance under the umbrella of the United Nations. This forum provides the space where stakeholders from around the globe can share their views and exchange ideas regarding internet governance.
Having long worked with the TLD community, CommunityDNS is well versed in the challenges of the Internet. Providing one of the largest foundational services key to making the Internet resillient for all users, CommunityDNS has always worked to stay ahead of the malicious curve by delivering a service that is proven, well distributed, and secure."
"Community DNS Provides very good reliability, very good administrative web interface and statistics, and support for IPv6"
Frequently Asked Questions
Are you serious about a secure and resilient DNS? We take DNS resilience very seriously and have designed our DNS server platforms and network for maximum resilience. The following provides information on frequently asked questions of CommunityDNS as well as information we feel is important. So if you are serious about a secure and resilient DNS please contact us. We look forward to hearing from you!
Click on a question to reveal the answer
- What is DNS?
DNS (Domain Name System) is commonly referred to as the "address book of the Internet". Through DNS lookups, or queries, a human-readable website name is translated to the respective IP address understood by the destination wishing to be reached, such as a website, by the Internet.
- Why is the CommunityDNS platform proprietary and not based on either BIND or NSD?
When first looking to provide DNS services we looked at BIND. In our minds, while BIND was the most used DNS server platform, it did not meet our criteria for security and capacity. Without those you don’t have the resilience necessary to support the demands people, businesses, countries and online economies place on the Internet. Because of the deficiencies associated with BIND we knew that if we were going to build a truly resilient DNS platform we had to develop the platform ourselves. When NSD came out we felt it, like BIND, did not meet the requirements we had in providing for a resilient DNS.
Learn more: CommunityDNS' dedication towards security
- What does CommunityDNS have against Open Source?
Because of the deficiencies associated with BIND and NSD some people feel CommunityDNS has something against Open Source projects. CommunityDNS "does not" have any issue with open source development. Many great things have developed because of the "group-think" associated with Open Source. Both BIND and NSD platforms are a result of the collective open source community. Because of that it is easy to see why BIND and NSD are the most widely used of the platforms. For CommunityDNS we set the bar high with regards to ensuring a resilient DNS. As mentioned before, because of the deficiencies associated with BIND or NSD, we felt they did not have the speed, efficiencies nor the security necessary to provide for a truly resilient DNS.
CommunityDNS strongly believes that in order to have true resilience, platform diversity is necessary in every organisation's DNS environment. Therefore CommunityDNS believes organisations use CommunityDNS as a supplement to their existing DNS infrastructure; an existing infrastructure that can use either BIND or NSD. When embracing the concept of platform diversity by using both BIND or NSD, the downfall is both platforms are based on open source coding. By mixing open source with proprietary you are bringing the best of both worlds into your DNS infrastructure as you are not only utilizing two different platforms, you are utilizing a proprietary platform that is not open to the same security risks as found in an open source-developed platform. The Internet is relied heavily upon by individuals, businesses, countries and online economies. Having a resilient DNS platform that incorporates strong levels of security and capacity into its design in the best way to provide a resilient DNS.
Learn more: CommunityDNS' dedication towards security
- CommunityDNS is only a DNS network for ccTLDs and TLDs?
The short answer is "No". While CommunityDNS first grew serving customers from the ccTLD and TLD community, CommunityDNS also provides secure DNS services for the resilient-minded registrars, ISPs, hosting providers and enterprises.
- Why does CommunityDNS go to such lengths to provide for speed and security?
What is DNS? The Domain Name System, or "the DNS" is at the heart of the Internet. The DNS is what translates human readable Internet addresses into the (Internet Protocol) IP address numbers computers understand. Maintaining a resilient Internet is important.
When ever an individual Internet user, a business, a country or an online e-commerce relies on the Internet, it relies on the DNS. The malicious community has shown their willingness to disrupt DNS for financial gain. Such attempts are well documented. The malicious, or hacker community have become more organised and are well funded. To help fuel their need for money they trick users into reaching their sites, whether for selling bogus products for a profit or obtaining sensitive, personally identifiable information. This has always been a serious matter. Studies have shown that because of such actions by the malicious community there is a percentage of the Internet user base that is reluctant to purchase items through the Internet; thus limiting the potential for a country's or region's online economy. The other reason is organisations post their respective zone data through DNS. It is imperative that such data remain secure and tamper-proof. So yes, security is VERY important to us.
The reason CommunityDNS applies so much effort towards speed with each of its DNS servers, aside from it being good practice to develop efficient code, "speed" is the unspoken element in a resilient DNS. If the malicious community can send data faster than a DNS platform can handle, legitimate queries are kept from being answered, thus an outage occurs. If a DNS platform has the speed to handle high volumes of traffic legitimate queries can still be handled without appearing to "fall over". There have been well documented instances where DNS platforms fail at traffic levels far lower than what CommunityDNS handles on an average, non-busy day. With that said, speed is the unspoken dimension on DNS as it relates to resilience. The greater the speed, the greater the capacity a network has for ensuring resilience. So yes, speed is VERY important to us.
Here is a good video describing what CommunityDNS does and why we go to such lengths and why our secure DNS platform provides for maximum resilience of the DNS.
Learn more: CommunityDNS' dedication towards security
Learn more: CommunityDNS believes capacity is a necessity
- What are CommunityDNS' plans for DNSSEC?
Because of the malicious community's work in cache poisoning, the development and rollout of DNSSEC (DNS SECurity) is necessary. While there is still much to be done in DNSSEC's development it is still a good step forward. Recognizing this fact CommunityDNS supports all three flavors of DNSSEC (NSEC, NSEC3 and NSEC3 with OptOut). Recognizing this need CommunityDNS was an early adopter of DNSSEC. CommunityDNS has always supported NSEC as the platform was developed to incorporate NSEC. When NSEC3 was ratified in March 2008 CommunityDNS was NSEC3 compliant shortly thereafter. In mid 2009 CommunityDNS became fully complient with NSEC3 with OptOut.
While some DNS providers have added support for DNSSEC in 2010 and others are still planning, CommunityDNS was at the front of the movement with its support of the eventual rollout.
Learn more: CommunityDNS' dedication towards DNSSEC
- What are CommunityDNS' plans for IPv6?
Understanding how the Internet has developed greater than people had originally imagined and understanding the alarming importance of an ever decreasing number of available IPv4 addresses, CommunityDNS incorporated IPv6 (Internet Protocol version 6) into its initial dynamic DNS server platform design. Since CommunityDNS' platform was first released the network has been fully, or "naitive" IPv4 and IPv6 compliant.
- What are CommunityDNS' plans regarding IDNs?
IDNs (Internationalized Domain Names) are destined to create a fundamental shift in how the Internet is used. Being that more people do not use the Internet than those who do, the introduction of IDNs will provide not only a regionally and culturally-based Internet experience, it will also allow those who are not using the Internet today to be able to enjoy its benefits. As such CommunityDNS realized early on the importance of supporting IDNs. As such when the final method for handling IDNs was determined, CommunityDNS built in the full support of IDNs throughout its network. While IDNs at the TLD level are only now being rolled out, CommunityDNS has been supporting 2nd level, or subdomains that require IDN support for a while now.
- CommunityDNS “Fast Facts”
A good summary of CommunityDNS may be found by going to the CommunityDNS “Fast Facts” page.
- What is/will be the functionality of a “production” web management panel? Is it the same as the current one available after registration with Community DNS?
While the test bed offers limited functionality, the production server provides participating DNS Operators with a robust system in place. The participating DNS Operator instructs Community DNS to collect the zone data from a specific IP address of its master name server. Community DNS then hard codes that information in and locks it down. The DNS Operator can trigger an update by sending Community DNS a NOTIFY and the Community DNS platform will automatically update. The DNS Operator can also force an update check from the STATS pages.
- Will the web management panel provide some functionality to collect DNS statistics e.g. number of queries, ranking of networks generating most traffic, etc?
Yes, a participating DNS Operator will have access to data relating to activity in its own zone(s) from each name server location. CommunityDNS' global Anycast network map illustrates nodes positioned around the globe to ensure maximum resilience.
IN ALL CASES, monitoring tools are secure so that only the participating DNS Operator has access to data, monitoring, and other activities in its own zone(s).
In addition, a participating DNS Operator will also have access to lists of actual updates (add/modify/deletes) by time of day and maximum/minimum number of names that day as well as general graphs such as: Total query rate for the Anycast cloud, total queries to its IP Address and number of queries on each individual server location - giving the DNS Operator regional analysis, total number of names, and update levels.
- Will the Community DNS Shared Resolution System suppurt DNSSEC?
The simple answer is 'yes'. The System has been designed to anticipate the introduction of DNSSEC once appropriate standards have been adopted, published and adequately tested for implementation.
- Will the Community DNS Shared Resolution System support IXFR, TSIG?
Community DNS currently supports RFC 2136 compliant Dynamic Updates, optionally signed with an RFC 2845 compliant TSIG. A DNS Operator can test it currently on the test bed platform by simply selecting Dynamic Updates and giving Community DNS the IP address of the Operator's server followed by "/" and your TSIG key. For example:
Updates using AXFR and IXFR are also supported. The server will automatically detect if the DNS Operator's master supports IXFR and request it if it is supported.
- Will the Community DNS Shared Resolution System use RNDC KEY to authorize dynamic updates?
Community DNS prefers to use TSIG to authorize Dynamic Updates. RNDC.KEY is better used for obtaining data from the remote server. TSIG is for signing packets, while RNDC (Remote NameD Control) is for remotely controlling a bind server. But can also be used to remotely ask for very limited stats information.
- How fast is the recovery time with the Community DNS Shared Resolution System?
It is absolutely vital for a DNS solution to have a fast recovery time for many reasons including disaster recovery. And the Community DNS Shared Resolution System has the fastest in the industry. Under current conditions, for a zone of 1 million names, its recovery time would take only 4 seconds! And improved performance can be expected in the future.
- Does the Community DNS Shared Resolution System come with an SLA?
The System offers and operates to a 99.999% SLA.
- Is the Community DNS Service intended to serve as a slave or a master?
Generally, the Community DNS anycast service is intended as an outsourced slave service designed to supplement the DNS Operator's existing resolution system. However, if desired by the DNS Operator, Community DNS can implement a full DNS system, including Master and Slaves which fully utilize the Community DNS resolution capabilities.
- How much does it cost?
The Community DNS Shared Resolution System is set up to have a flat monthly fee based on the volume of domain name registrations in a DNS Operator's zone(s). It is priced at a fraction of the cost of alternative DNS providers or even in-house development and deployment costs. Pricing information, and special programs for Operators in developing regions, are available through a Community DNS representative.
- How many names can the Community DNS Shared Resolution platform handle?
As of July 2007, the System has been tested to a capacity of 500 million names, answering in excess of 100,000 queries per second (6 million queries per minute, 8.6 billion queries per day) for each server in the Anycast constellation. This not only provides zones with fast and reliable service, but gives Community DNS ample capacity to thwart even the most sophisticated DDOS attacks of today. And additional performance enhancements are on the horizon.
- Can a participating DNS Operator manage its own zone and the data that is collected?
The Community DNS Shared Resolution platform gives a DNS Operator outsource advantages with maximum ability to control and manage its own zone(s) and data, with flexible service offerings.
CommunityDNS: Proven leader in DNS
It is this level of leadership and of thoroughly understanding the importance of security that CommunityDNS strives for excellence in DNS resilience. As leaders in security and capacity as well as the early adoption of IPv6, DNSSEC and IDNs, CommunityDNS’ dynamic DNS services remains fully capable of resolving ALL of the world’s queries using the network engineered for security, optimized for speed and designed for resilience.