in this section:

Secure, Speedy, and Resilient

CDNS & CommunityDNS

The longtime leader in providing unprecedented levels of security and capacity.

From day one CommunityDNS has always ensured resilience through incorporating exceedingly-high levels of security and efficiency into its platform design.

Early pioneering with implementations of DNSSEC, IPv6 and IDNs have allowed CommunityDNS to be early leaders and adopters, providing operational experience for such important Internet initiatives.

Three Basic Principles:

1Engineered for Security.
A Network engineered around security is one of our three foundational steps towards resilience. CommunityDNS’ platforms were designed to adhere to military-grade specifications.
2Optimized for Speed. (and Capacity)
“Speed” is the unspoken word in DNS capacity. The initial design of CommunityDNS’ nodes was optimized for speed; providing the second foundational element to CommunityDNS’ success.
3Designed for Resilience.
Economies, enterprises and users depend on the internet. Resilience of the DNS is important. The third foundational element towards CommunityDNS’ success is creating a network designed for resilience.
CommunityDNS brings resilience through six anycast networks with over 40 nodes spanning 5 continents.

About Community DNS

The longtime leader in providing unprecedented levels of security and capacity. From day one CommunityDNS has always ensured resilience through incorporating exceedingly-high levels of security and efficiency into its platform design. Recognizing the importance of DNSSEC, IPv6 and IDNs have allowed CommunityDNS to be leaders and early adopters, providing operational experience for such important Internet initiatives.

Read More: Our Brochure

Background

CDNS has a proven record for software and technology systems innovations since 1994 and has been providing DNS Resolution Services since 1996, since which time we have managed to maintain a 100% uptime for our customers.

We serve a lot of Domains

We currently provide DNS service to some of the world's top ccTLDs and registries including .EU, .PL and .BE and continue to expand our customer base and global market presence. With a constantly expanding Anycast network running some of the fastest, safest and most capable DNS technology in the world it is no wonder that CDNS has quickly become an established, trusted and respected provider in the fast-paced and competitive DNS sector. Hear for yourself from some of our satisfied customers and find out how CDNS can help you provide a better DNS service to your customers.

GLOBAL ANYCAST DNS

The Community DNS Anycast platform has been tested to a capacity of 500 million names, answering in excess of 100,000 queries per second (6 million queries per minute, 8.6 billion queries per day) on each server in its Anycast constellation, giving it ample capacity to thwart even the most sophisticated DDOS attacks of today.

The Community DNS Anycast platform has the capacity under existing configurations to accommodate the dramatic growth of any DNS Operator in the world.

See our global network: Node Locations

Capacity & Performance

CDNS and CommunityDNS are able to handle extremely large zone files (well in excess of 4-5 times the total number of ALL domain names that exist today), and remain operational with very slight degredation in performance response time and throughput.

DNSSEC & INTERNET ROOT KEY TRUST

As seen in the introductory video above. Paul Kane, the president of CDNS, was selected as one of the seven key holders of the signed Internet DNS Root Zone file, at the heart of the Internet DNS Infrastructure.

Read more about the Root Key: KTLA Article

Our Brands

CDNS Logo

Mission Critical Infrastructure
CDNS provides mission critical infrastructure to many international companies and Internet Registries that can afford no downtime.
Top Level Domain registries like .EU, and companies like Amazon.com or TomTom depend upon CDNS' infrastructure to reinforce their continuous uptime and operation. If you need to have 100% confidence in your internet presence, you need CDNS.

  • Commissioned Reports
  • Compliance Fulfillment
  • Security & Infrastructure
 
CDNS.NET Logo

Fast, Responsive, Reliable DNS
Our DNS has unmatched, robust capacity and performance. With a current capacity at 585,000,000,000 queries per day (that's 585 Billion) and a rapid response rate (less than 1 milli-second with optimised routing) our system is approximately 7 times faster than other traditional DNS platforms.

  • Corporate Services Overview
  • Mission Critical Infrastructure
  • Global Anycast DNS
  • Global Resolution
CommunityDNS Logo

Anycast
CDNS’s Domain Name Service network is comprised of six Anycast clouds with over 40 servers in more than 30 countries across the world. This means your customers and audience are always provided with the fastest, safest and most efficient DNS service, no matter where they happen to be.

  • Services For ccTLDs
  • Service For ISPs
  • Hosting Companies
  • For Registrars
  • For Open Source Projects
 
ClearDNS Logo

Resolver Services
Our ClearDNS service offers consortia and community defined standards compliance for companies, ISPs, Governmental or community Organizations, along with the ability to safeguard PCs from a constantly adaptive list of malware and phishing sites.

  • Custom Resolvers
  • Blocks majority of Malware/Phishing
  • Government / Community Standards Filtration
  • Corporate Standards Adherence
inOne Logo

Monitoring, Measurement & Alerts
Security and Stability are paramount in the digital economy. Companies that are mostly or entirely dependant upon their online presence for delivery of products and services being fully accessible, available, and load capable 24 hours a day, 7 days a week, and 365 days a year rely on strong service levels - which are contractually stated - and monitoring them ensures they are Available and Secure.
For Monitoring, Measurement, Alerting and Testing, we have it all in One control panel.

  • Internet Presence Moniotoring
  • Penetration Testing
  • Load / Attack Simulation
  • Presence / SLA Metrics
  • Reports and Alerting
 

“This is one of the coolest companies that I've had the privilege of leading in my long technology career. We are doing exciting things, and we have gathered the best and the brightest people, made amazing technology, and made it available at fair rates.

We literally create solutions that meet or exceed the most stringent military requirements for communications. Our focus on proprietary performance enhancements to the security, capcity and response of the DNS has been a great way to keep brilliant minds doing amazing things that benefit millions of people every day.

CDNS and Community DNS are quietly operating hundreds of thousands of DNS lookups per second in over 40 datacenters world wide.

I am personally pleased to have you interested to learn more, and I hope you are attracted to using CDNS and Community DNS as a provider.”

CDNS Nodes World Map

Our Network

CDNS and CommunityDNS have one of the largest and most secure Anycast DNS constellations in service on the Internet. With over 40 locations in over 30 countries (and growing!) in constant steady-state operation, your domains are certain to be operational.
Secure

CommunityDNS has handled 53% more queries during major attacks as customer's other DNS providers are unable to handle the load, thus resolvers automatically switching more traffic to CommunityDNS.

Speedy

Platform efficiency, capacity and speed enable CommunityDNS to handle high traffic volumes that are well beyond what are availble using other platforms.

Resilient

Comprised of six anycast clouds, with clustering incorporated in the native design, the network has experienced 100% uptime in operation since 1996.

    North America
  • Ashburn, USA
  • Chicago, USA
  • Los Angeles, USA
  • New York City, USA
  • San Jose, USA
    Asia / Pacific
  • Bangkok, Thailand
  • Chennai, India
  • Delhi, India
  • Hong Kong, China
  • Jakarta, Indonesia
  • Kyiv, Ukraine
  • Manila, Philippines
  • Moscow, Russia
  • Mumbai, India
  • Perth, Australia
  • Semey, Kazakhstan
  • Singapore, Singapore
  • St. Petersburg, Russia
  • Tehran, Iran
  • Yerevan, Armenia
    Europe
  • Amsterdam, Netherlands
  • Brussels, Belgium
  • Budapest, Hungary
  • Copenhagen, Denmark
  • Dublin, Ireland
  • Helsinki, Finland
  • Heraklion, Greece
  • Ljubljana, Slovenia
  • London, United Kingdom
  • Luxembourg City, Luxembourg
  • Madrid, Spain
  • Milan, Italy
  • Paris, France
  • Riga, Latvia
  • Sofia, Bulgaria
  • Vienna, Austria
  • Warsaw, Poland
  • Zagreb, Croatia
    Africa
  • Johannesburg, South Africa
  • Lagos, Nigeria
  • Nairobi, Kenya
FUTURE COMPATIBLE AND GROWING.
The impressive list above contains 42 locations. The network is designed to scale to thousands of nodes with little effort or overhead.

Our Vision

CDNS - Our Vision

Our vision is simple — providing a platform to resolve the world’s queries.

Economies, organizations and people rely on the Internet. A resilient Internet is important as it aids in economic stability with country’s online presence based upon excellence.

CommunityDNS, through its unique platform, allows countries and organizations to realize excellence in their operational resilience with their DNS by providing a platform that is exceedingly-secure, has extraordinarily vast amounts of capacity and provides for high resilience. Utilizing CommunityDNS provides platform diversity as well as established experience in DNS, DNSSEC, IPv6 and IDNs.

So yes, resilience is key. It’s important. And that is why, through developing a platform engineered for security, optimized for speed and designed for resilience, CommunityDNS can truly provide a platform for resolving the world’s queries.

Client Successes

Giovanni Seppia, External Relations Manager for EURid, the .EU Registry

Giovanni Seppia, External Relations Manager for EURid, the .EU Registry

“One of the key services is to ensure robustness and resilience of our network infrastructure. Our choice was CommunityDNS which proved to be very, very efficient from all perspectives including the reporting which, for us is quite important. We are very happy with the service we are receiving from CommunityDNS.”

Peter Vergote, Legal Admin Manager for DNS.be, the .BE Registry

Peter Vergote, Legal Admin Manager for DNS.be, the .BE Registry

“Obviously security is an important issue. We want to offer our .BE domain holders value-added resilience for .BE domain name registration. Just operating a set of individual name servers just doesn’t do the trick in terms of security. Therefore we gladly teamed up with CommunityDNS."

Zbigniew Jasinski, Naukowa i Akademicka Sieć Komputerowa (NASK), the .PL Registry


Zbigniew Jasinski, Naukowa i Akademicka Sieć Komputerowa (NASK), the .PL Registry

“We have used CommunityDNS for over 2 years. We are very pleased with the service. It’s very good.”

Joel Dissini, President and CEO of DotPH

Joel Dissini, Presedent and CEO of DotPH

“To maintain contact with the Philippines, large numbers of expatriates seek .PH-based sites.

We have chosen CommunityDNS to support my company’s continued growth as our global DNS Anycast provider due to CommunityDNS’s record of uptime, global footprint and demonstrated levels of operational capacity”

Markus Kummer, IGF Executive Coordinator

Markus Kummer, IGF Executive Coordinator

“The IGF has been given the mandate to provide a platform for multi-stakeholder policy dialogue on matters related to Internet governance under the umbrella of the United Nations. This forum provides the space where stakeholders from around the globe can share their views and exchange ideas regarding internet governance.

Having long worked with the TLD community, CommunityDNS is well versed in the challenges of the Internet. Providing one of the largest foundational services key to making the Internet resillient for all users, CommunityDNS has always worked to stay ahead of the malicious curve by delivering a service that is proven, well distributed, and secure."

Finnish Communications Regulatory Authority

Finnish Communications Regulatory Authority

"Community DNS Provides very good reliability, very good administrative web interface and statistics, and support for IPv6"

Frequently Asked Questions

Are you serious about a secure and resilient DNS? We take DNS resilience very seriously and have designed our DNS server platforms and network for maximum resilience. The following provides information on frequently asked questions of CommunityDNS as well as information we feel is important. So if you are serious about a secure and resilient DNS please contact us. We look forward to hearing from you!

Click on a question to reveal the answer
What is DNS?

DNS (Domain Name System) is commonly referred to as the "address book of the Internet". Through DNS lookups, or queries, a human-readable website name is translated to the respective IP address understood by the destination wishing to be reached, such as a website, by the Internet.

Why is the CommunityDNS platform proprietary and not based on either BIND or NSD?

When first looking to provide DNS services we looked at BIND. In our minds, while BIND was the most used DNS server platform, it did not meet our criteria for security and capacity. Without those you don’t have the resilience necessary to support the demands people, businesses, countries and online economies place on the Internet. Because of the deficiencies associated with BIND we knew that if we were going to build a truly resilient DNS platform we had to develop the platform ourselves. When NSD came out we felt it, like BIND, did not meet the requirements we had in providing for a resilient DNS.

Learn more: CommunityDNS' dedication towards security

What does CommunityDNS have against Open Source?

Because of the deficiencies associated with BIND and NSD some people feel CommunityDNS has something against Open Source projects. CommunityDNS "does not" have any issue with open source development. Many great things have developed because of the "group-think" associated with Open Source. Both BIND and NSD platforms are a result of the collective open source community. Because of that it is easy to see why BIND and NSD are the most widely used of the platforms. For CommunityDNS we set the bar high with regards to ensuring a resilient DNS. As mentioned before, because of the deficiencies associated with BIND or NSD, we felt they did not have the speed, efficiencies nor the security necessary to provide for a truly resilient DNS.

CommunityDNS strongly believes that in order to have true resilience, platform diversity is necessary in every organisation's DNS environment. Therefore CommunityDNS believes organisations use CommunityDNS as a supplement to their existing DNS infrastructure; an existing infrastructure that can use either BIND or NSD. When embracing the concept of platform diversity by using both BIND or NSD, the downfall is both platforms are based on open source coding. By mixing open source with proprietary you are bringing the best of both worlds into your DNS infrastructure as you are not only utilizing two different platforms, you are utilizing a proprietary platform that is not open to the same security risks as found in an open source-developed platform. The Internet is relied heavily upon by individuals, businesses, countries and online economies. Having a resilient DNS platform that incorporates strong levels of security and capacity into its design in the best way to provide a resilient DNS.

Learn more: CommunityDNS' dedication towards security

CommunityDNS is only a DNS network for ccTLDs and TLDs?

The short answer is "No". While CommunityDNS first grew serving customers from the ccTLD and TLD community, CommunityDNS also provides secure DNS services for the resilient-minded registrars, ISPs, hosting providers and enterprises.

Why does CommunityDNS go to such lengths to provide for speed and security?

What is DNS? The Domain Name System, or "the DNS" is at the heart of the Internet. The DNS is what translates human readable Internet addresses into the (Internet Protocol) IP address numbers computers understand. Maintaining a resilient Internet is important.

When ever an individual Internet user, a business, a country or an online e-commerce relies on the Internet, it relies on the DNS. The malicious community has shown their willingness to disrupt DNS for financial gain. Such attempts are well documented. The malicious, or hacker community have become more organised and are well funded. To help fuel their need for money they trick users into reaching their sites, whether for selling bogus products for a profit or obtaining sensitive, personally identifiable information. This has always been a serious matter. Studies have shown that because of such actions by the malicious community there is a percentage of the Internet user base that is reluctant to purchase items through the Internet; thus limiting the potential for a country's or region's online economy. The other reason is organisations post their respective zone data through DNS. It is imperative that such data remain secure and tamper-proof. So yes, security is VERY important to us.

The reason CommunityDNS applies so much effort towards speed with each of its DNS servers, aside from it being good practice to develop efficient code, "speed" is the unspoken element in a resilient DNS. If the malicious community can send data faster than a DNS platform can handle, legitimate queries are kept from being answered, thus an outage occurs. If a DNS platform has the speed to handle high volumes of traffic legitimate queries can still be handled without appearing to "fall over". There have been well documented instances where DNS platforms fail at traffic levels far lower than what CommunityDNS handles on an average, non-busy day. With that said, speed is the unspoken dimension on DNS as it relates to resilience. The greater the speed, the greater the capacity a network has for ensuring resilience. So yes, speed is VERY important to us.

Here is a good video describing what CommunityDNS does and why we go to such lengths and why our secure DNS platform provides for maximum resilience of the DNS.

Learn more: CommunityDNS' dedication towards security

Learn more: CommunityDNS believes capacity is a necessity

What are CommunityDNS' plans for DNSSEC?

Because of the malicious community's work in cache poisoning, the development and rollout of DNSSEC (DNS SECurity) is necessary. While there is still much to be done in DNSSEC's development it is still a good step forward. Recognizing this fact CommunityDNS supports all three flavors of DNSSEC (NSEC, NSEC3 and NSEC3 with OptOut). Recognizing this need CommunityDNS was an early adopter of DNSSEC. CommunityDNS has always supported NSEC as the platform was developed to incorporate NSEC. When NSEC3 was ratified in March 2008 CommunityDNS was NSEC3 compliant shortly thereafter. In mid 2009 CommunityDNS became fully complient with NSEC3 with OptOut.

While some DNS providers have added support for DNSSEC in 2010 and others are still planning, CommunityDNS was at the front of the movement with its support of the eventual rollout.

Learn more: CommunityDNS' dedication towards DNSSEC

What are CommunityDNS' plans for IPv6?

Understanding how the Internet has developed greater than people had originally imagined and understanding the alarming importance of an ever decreasing number of available IPv4 addresses, CommunityDNS incorporated IPv6 (Internet Protocol version 6) into its initial dynamic DNS server platform design. Since CommunityDNS' platform was first released the network has been fully, or "naitive" IPv4 and IPv6 compliant.

Learn more: CommunityDNS' support and early, native adoption of IPv6

What are CommunityDNS' plans regarding IDNs?

IDNs (Internationalized Domain Names) are destined to create a fundamental shift in how the Internet is used. Being that more people do not use the Internet than those who do, the introduction of IDNs will provide not only a regionally and culturally-based Internet experience, it will also allow those who are not using the Internet today to be able to enjoy its benefits. As such CommunityDNS realized early on the importance of supporting IDNs. As such when the final method for handling IDNs was determined, CommunityDNS built in the full support of IDNs throughout its network. While IDNs at the TLD level are only now being rolled out, CommunityDNS has been supporting 2nd level, or subdomains that require IDN support for a while now.

Learn more: CommunityDNS' support and early adoption and use of IDNS

CommunityDNS “Fast Facts”

A good summary of CommunityDNS may be found by going to the CommunityDNS “Fast Facts” page.

What is/will be the functionality of a “production” web management panel? Is it the same as the current one available after registration with Community DNS?

While the test bed offers limited functionality, the production server provides participating DNS Operators with a robust system in place. The participating DNS Operator instructs Community DNS to collect the zone data from a specific IP address of its master name server. Community DNS then hard codes that information in and locks it down. The DNS Operator can trigger an update by sending Community DNS a NOTIFY and the Community DNS platform will automatically update. The DNS Operator can also force an update check from the STATS pages.

Will the web management panel provide some functionality to collect DNS statistics e.g. number of queries, ranking of networks generating most traffic, etc?

Yes, a participating DNS Operator will have access to data relating to activity in its own zone(s) from each name server location. CommunityDNS' global Anycast network map illustrates nodes positioned around the globe to ensure maximum resilience.

IN ALL CASES, monitoring tools are secure so that only the participating DNS Operator has access to data, monitoring, and other activities in its own zone(s).

In addition, a participating DNS Operator will also have access to lists of actual updates (add/modify/deletes) by time of day and maximum/minimum number of names that day as well as general graphs such as: Total query rate for the Anycast cloud, total queries to its IP Address and number of queries on each individual server location - giving the DNS Operator regional analysis, total number of names, and update levels.

Will the Community DNS Shared Resolution System suppurt DNSSEC?

The simple answer is 'yes'. The System has been designed to anticipate the introduction of DNSSEC once appropriate standards have been adopted, published and adequately tested for implementation.

Will the Community DNS Shared Resolution System support IXFR, TSIG?

Community DNS currently supports RFC 2136 compliant Dynamic Updates, optionally signed with an RFC 2845 compliant TSIG. A DNS Operator can test it currently on the test bed platform by simply selecting Dynamic Updates and giving Community DNS the IP address of the Operator's server followed by "/" and your TSIG key. For example:

13.23.78.20/I4y5M+5kgwTjnoccle6d0w==

Updates using AXFR and IXFR are also supported. The server will automatically detect if the DNS Operator's master supports IXFR and request it if it is supported.

Will the Community DNS Shared Resolution System use RNDC KEY to authorize dynamic updates?

Community DNS prefers to use TSIG to authorize Dynamic Updates. RNDC.KEY is better used for obtaining data from the remote server. TSIG is for signing packets, while RNDC (Remote NameD Control) is for remotely controlling a bind server. But can also be used to remotely ask for very limited stats information.

How fast is the recovery time with the Community DNS Shared Resolution System?

It is absolutely vital for a DNS solution to have a fast recovery time for many reasons including disaster recovery. And the Community DNS Shared Resolution System has the fastest in the industry. Under current conditions, for a zone of 1 million names, its recovery time would take only 4 seconds! And improved performance can be expected in the future.

Does the Community DNS Shared Resolution System come with an SLA?

The System offers and operates to a 99.999% SLA.

Is the Community DNS Service intended to serve as a slave or a master?

Generally, the Community DNS anycast service is intended as an outsourced slave service designed to supplement the DNS Operator's existing resolution system. However, if desired by the DNS Operator, Community DNS can implement a full DNS system, including Master and Slaves which fully utilize the Community DNS resolution capabilities.

How much does it cost?

The Community DNS Shared Resolution System is set up to have a flat monthly fee based on the volume of domain name registrations in a DNS Operator's zone(s). It is priced at a fraction of the cost of alternative DNS providers or even in-house development and deployment costs. Pricing information, and special programs for Operators in developing regions, are available through a Community DNS representative.

How many names can the Community DNS Shared Resolution platform handle?

As of July 2007, the System has been tested to a capacity of 500 million names, answering in excess of 100,000 queries per second (6 million queries per minute, 8.6 billion queries per day) for each server in the Anycast constellation. This not only provides zones with fast and reliable service, but gives Community DNS ample capacity to thwart even the most sophisticated DDOS attacks of today. And additional performance enhancements are on the horizon.

Can a participating DNS Operator manage its own zone and the data that is collected?

The Community DNS Shared Resolution platform gives a DNS Operator outsource advantages with maximum ability to control and manage its own zone(s) and data, with flexible service offerings.

CommunityDNS: Proven leader in DNS

It is this level of leadership and of thoroughly understanding the importance of security that CommunityDNS strives for excellence in DNS resilience. As leaders in security and capacity as well as the early adoption of IPv6, DNSSEC and IDNs, CommunityDNS’ dynamic DNS services remains fully capable of resolving ALL of the world’s queries using the network engineered for security, optimized for speed and designed for resilience.