As an alternative to a VPN server, a smart DNS proxy unblocks access to websites or streaming services that may be blocked for users in specific geographic areas.
A DNS proxy is part of the Domain Name System (DNS). DNS is like the phone book of the internet — it translates the name of a website (such as www.example.com) into a string of numbers and characters (e.g., 123.145.67.189) that can be read by a computer, allowing users to quickly connect to a website. A DNS proxy is a server that an organization may use to improve the speed of DNS replies, simplify DNS management, and heighten DNS security.
How does DNS work?
The DNS service is based on a network of servers around the world that keep track of DNS domain names and IP addresses. When a user clicks a link or enters a domain name into a browser, the user’s device sends a request — a DNS query — to one or more DNS servers, which return the correct IP address, allowing the user’s device to connect to the website.
Rather than concentrating all DNS information in one server — which would create congestion and a single point of failure — DNS information is located in a highly distributed network of thousands of servers around the world. Authoritative servers hold the official records concerning DNS domains and IP addresses, while recursive servers forward DNS requests to various other servers to resolve requests most efficiently. Recursive servers also cache the results of previous DNS lookups, allowing them to respond more quickly and speed resolution since these servers are typically closer to users making requests.
How does a DNS proxy work?
To mitigate latency in the DNS process, some organizations use a DNS proxy — a server that forwards DNS requests to other recursive servers and receives replies that are sent back to user devices on the network, called DNS clients. Because DNS proxies also cache the results of previous queries, they can help to improve the speed of resolving DNS requests, especially if the proxy nodes are highly distributed across the globe. A DNS proxy may also help to simplify network management and improve DNS security.
What are the benefits of a DNS proxy?
A DNS proxy offers several benefits to organizations and IT teams.
Faster DNS resolution. Because it caches information about previously accessed domain names, a DNS proxy server can return results more quickly.
Less latency. By enabling name resolution from a DNS cache, DNS proxies also help reduce network latency.
Easier management. DNS proxies may help IT teams to simplify management of DNS configuration.
Stronger security. A DNS proxy may offer security features that help protect networks from cyberattacks such as domain hijacking and DNS spoofing.
How does a DNS proxy improve security and cyber resilience?
A DNS proxy may improve network security by masking a user’s IP address, encrypting internet traffic, and making it more difficult for threat actors to track or intercept online activity and cause a data breach. A DNS proxy may also play a buffering role between the internet and the origin name server to filter out DDoS attacks, SYN floods, UDP floods, and other attacks. DNS proxies can also perform health checks and remove any unresponsive authoritative nameservers from rotation until they are back and running, while continuing to serve stale cached records if the forward lookup fails.
How does a DNS proxy simplify management?
DNS proxy services may simplify network management by allowing IT teams to make changes to the configuration on a proxy server rather than on each individual DNS client.
What is a DNS proxy vs. a DNS firewall?
A DNS proxy forwards DNS requests and replies and caches previous results to reduce latency. A DNS firewall filters DNS requests and blocks users from accessing websites deemed to be suspicious or malicious, based on a list of unacceptable sites that’s drawn from the latest threat intelligence. DNS firewalls are an important layer of protection against attacks like malware, ransomware, data exfiltration, and page hijacking. DNS firewalls often work in tandem with a DDI management platform that manages DNS, Dynamic Host Configuration Protocol (DHCP), and IP address management. DNS firewalls may also cache previous results to improve response times. It’s possible to combine DNS firewall and DNS proxy features in a single solution.
Frequently Asked Questions (FAQ)
When a user enters a web domain into a browser, a DNS request is first sent to a recursive DNS server, or DNS resolver, which is usually managed by the user’s internet service provider (ISP). If data concerning the requested domain is stored in its cache memory, the recursive DNS server will respond with the IP information immediately. Alternatively, it will forward the request to other recursive servers that may have the information or retrieve the information from an authoritative DNS server.
Authoritative DNS servers keep the official records for web domains and their IP addresses.
Threats to DNS servers are attacks that degrade the availability, speed, or performance of DNS services. These include DNS floods that overwhelm DNS servers with requests for resources and render servers unavailable for legitimate traffic. DNS spoofing or cache poisoning attacks redirect traffic to fraudulent websites. DNS tunneling uses data encoded in DNS queries and responses to hijack a DNS server, allowing attackers to manage it remotely.
Why customers choose Akamai
Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away.