PDNS: DNS as a Service

PDNS: DNS as a Service

  • Complete Bind9 based solution
  • Recursive DNS-Firewall RPZ (Response Policy Zones) for endpoint security
  • Authoritative DNS for your Organization
  • WebUI and API for DNS
  • Antispoofing, Anti-DDoS and Cache Poisoning Controls
  • DNSSEC for increased security and brand protection

DNS is a critical component behind all Internet applications, websites, e-mail, messaging and e-commerce. We at Planisys have developed the PDNS platform for task automation and full control of the DNS Operation at Service Providers, Financial Institutions and other Organizations requiring a high level of security.


Read about DNS Attacks Bind9 Vulnerability Matrix Read the PDNS Docs

Frequently Asked Questions about DNS

PDNS is Planisys' corporate platform for Domain Name System as a Service.
DNS stands for Domain Name System, which is a system that translates domain names into IP addresses so that computers can communicate with each other over the internet. Additionally, DNS may contain more records defining policies, services and information that specify forms of interacting with it and also helping protect the brand the domain is associated with.
RPZ or Response Policy Zone runs in a DNS resolver to protect the user from malicious domains. A Resolver with RPZ can help protect users' workstations from country-prohibited domains, malicious domains or even adware. Read more here
A domain name is a human-readable name that represents the IP address of a website, and a lot of additional information about the domain. For example, www.example.com is a domain name that represents the IP address of the website hosted at that address. There can be many records associated to a domain name, such as indications of where it receives e-mail, the IP addresses from where legit e-mail from this domain originates, or even a cryptographic public key stating that all legit e-mails should be automatically signed.
A domain registrar is a company that manages the registration of domain names and the assignment of IP addresses.
A DNS record is a piece of information in the DNS database that maps a domain name to an IP address or other resource record types.
An authoritative nameserver is a DNS server that is responsible for storing DNS records for a certain domain names.
DNS hijacking is an attack in which a hacker redirects traffic intended for a particular domain name to a fake website or server, often for malicious purposes. PDNS uses hardened versions of Bind9 and takes a series of defense and cleanup to measures to avoid that.
Some common techniques for troubleshooting DNS issues include checking for typos in domain names, testing DNS resolution with the nslookup or dig command, flushing DNS cache, and testing connectivity to DNS servers. PDNS provides several tools for checking and even multi-checks to query different name servers.
DNSSEC stands for Domain Name System Security Extensions. DNSSEC provides cryptographic authentication of DNS data, preventing cache poisoning attacks by ensuring the integrity and authenticity of DNS responses. Enabling DNSSEC on your domain and validating DNSSEC signatures can help protect against cache poisoning that could affect your domain.
At Planisys we always deploy the latest security patches as specified in the Bind Vulnerability Matrix, being 9.18.24-1 the current version as of February 20th 2024, that remediates those DNSSEC attacks.
Source port randomization in Planisys Bind9 deployment , helps to add entropy to DNS query transactions by randomly selecting source ports for outgoing DNS queries. This randomness makes it more difficult for attackers to predict and spoof source ports, thus improving the resilience of DNS servers against certain types of attacks, including cache poisoning.

Planisys PDNS
Hybrid Deployment


  • Based on Bind 9.16+ for Redhat and Ubuntu based systems
  • Bind9 servers on-premise, in Planisys Cloud, or Amazon/Azure/GoogleCloud/etc.
  • RPZ: Response Policy Zones for Government due access restrictions
  • Avoid noisy neighbors, cache poisoning, and domains involved in malware attacks to protect your endpoints
  • Response Rate Limiting to avoid DDoS attacks
  • DNSSEC for increased security and reputation
  • We provide DS information for your registrar's Chain of Trust
  • Real-time consistency controls of your domains between your Hidden Primary, your Authoritatives and Recursives.
Compant view of zone
Benefits

Benefits


  • Premium Technical Support - Ticketing system with Escalation Procedure
  • We help you migrate your DNS Zones to us
  • Permanent consulting on the use of DNS
  • Deploy servers wherever you like
  • Integrate with your CRM via API
  • Give access to your customers through PDNS-Web
  • We support any master-slave scenario
  • 24x7x365 DNS Monitoring and Alerts
  • Increased Security (anti-DDoS and DNSSEC)
  • Antispoofing and Antimalware

RPZ Endpoint Protection

RPZ workflow

RPZ endpoint protection workflow

Printscreens of PDNS Web

Newly created zone with automatic NS records

Newly created zone with automatic NS records

Add MX Record

Add MX Record

MX added and SOA Serial automatically increased

MX added and SOA Serial automatically increased

PDNS Reseller View

PDNS Reseller View

Multi-Check DNS Lookup Tool

Multi-Check DNS Lookup Tool

DNS Tool Lookup IDNA IPv6

DNS Tool Lookup IDNA IPv6

DNS Whois Information

DNS Whois Information

DNS Reverse Ipv4 Pre-filled Zone

PDNS Reverse Ipv4 Pre-filled Zone

Features

Web interface for DNS Resource Records

Intuitive, multi-tenant, responsive web interface for DNS Resource Records CRUD (Create Read Update and Delete). Consistency checks and alerts for changes in delegation , lame delegations or zone serial numbers out-of-sync. Prometheus and Grafana metrics and graphic dashboards.

DNSSEC and GeoDNS support

DNSSEC support for zone signing and root-of-trust in the delegation chain. GeoDNS support with graphical interface and authoritative traffic redirection depending on country and city.

Consistency monitoring and alerts

Consistency checks and alerts for changes in delegation , lame delegations or zone serial numbers out-of-sync. E-Mail and SMS alerts to keep track of dead zones and failures in zone transfers.

Recursive DNS Firewall RPZ

With a real-time feed of +1M of malware infected domains, DNS uses RPZ (Response Policy Zones) to protect all endpoints of your organization, from cellphones to desktop PCs and servers, by non resolving domains involved in Malware attacks such as C&C (Command & Control) servers.

SysDNS

SysDNS is a module to remotely manage resolvers and authoritative Bind and PowerDNS servers. As an extension of PDNS web interface, it permits management of different ACLs for zone transfers for different scenarios, with both trusted CIDRs and HMAC-MD5 keys.

2 way authentication

As DNS is a critical component of the organizations' Internet presence as well as for internal systems, logins to the PDNS platform are protected by two-way authentication with SMS messages.That way, there's more certainty about the users' identity, because a user owns its cellphone and knows its password.

Auditlog

PDNS keeps track of user modification by means of an encrypted auditlog that honours the privilege hierarchy, having a superadmin that can view all users' activity. Delegation events originated in other systems are also being timestamped and recorded together with manual interventions, to have a better understanding and forensics of DNS configuration history.

Domain and X509 expiration alerting<

PDNS provides ways to protect and alert administrators by e-mail and SMS before his domains are going to expire, by looking up their WHOIS information on a regular basis. X509 certs can also be uploaded as associated information to the domains, and keep administrators alerted about expiry dates.

Multi-tenant, white-label administration

PDNS' web interface is multi-tenant , with granular permissions to ensure proper access privileges and management of DNS resources according to superadmins, admins, resellers and final customers. PDNS can be deployed at customer's premises or as SaaS in the cloud. PDNS can also be implemented in the infrastructure of your company, in addition to being available in Software-as-a-service mode in the cloud.

Contact Us!

Captcha: captcha
Planisys 2024 © All rights reserved.