PDNS is Planisys' corporate platform for Domain Name System as a Service.

DNS stands for Domain Name System, which is a system that translates domain names into IP addresses so that computers can communicate with each other over the internet. Additionally, DNS may contain more records defining policies, services and information that specify forms of interacting with it and also helping protect the brand the domain is associated with.

RPZ or Response Policy Zone runs in a DNS resolver to protect the user from malicious domains. A Resolver with RPZ can help protect users' workstations from country-prohibited domains, malicious domains or even adware. Read more about RPZ

Yes, you get as many dedicated resolvers as you want. They can be on-premise, in Planisys' Cloud or in any Cloud you choose. And yes, the service is configurable by enabling/disabling different blocklists. There is although a cheapear, shared version of Planisys RPZ, where you can choose out of five different fixed levels of protection.

A domain name is a human-readable name that represents the IP address of a website, and a lot of additional information about the domain. For example, www.example.com is a domain name that represents the IP address of the website hosted at that address. There can be many records associated to a domain name, such as indications of where it receives e-mail, the IP addresses from where legit e-mail from this domain originates, or even a cryptographic public key stating that all legit e-mails should be automatically signed.

A domain registrar is a company that manages the registration of domain names and the assignment of IP addresses.

A DNS record is a piece of information in the DNS database that maps a domain name to an IP address or other resource record types.

An authoritative nameserver is a DNS server that is responsible for storing DNS records for a certain domain names.

DNS hijacking is an attack in which a hacker redirects traffic intended for a particular domain name to a fake website or server, often for malicious purposes. PDNS uses hardened versions of Bind9 and takes a series of defense and cleanup to measures to avoid that.

Some common techniques for troubleshooting DNS issues include checking for typos in domain names, testing DNS resolution with the nslookup or dig command, flushing DNS cache, and testing connectivity to DNS servers. PDNS provides several tools for checking and even multi-checks to query different name servers.

DNSSEC stands for Domain Name System Security Extensions. DNSSEC provides cryptographic authentication of DNS data, preventing cache poisoning attacks by ensuring the integrity and authenticity of DNS responses. Enabling DNSSEC on your domain and validating DNSSEC signatures can help protect against cache poisoning that could affect your domain.

At Planisys we always deploy the latest security patches as specified in the Bind Vulnerability Matrix, being 9.18.24-1 the current version as of February 20th 2024, that remediates those DNSSEC attacks.

Source port randomization in Planisys Bind9 deployment , helps to add entropy to DNS query transactions by randomly selecting source ports for outgoing DNS queries. This randomness makes it more difficult for attackers to predict and spoof source ports, thus improving the resilience of DNS servers against certain types of attacks, including cache poisoning.

It depends. If you're chasing malware in your own environment, and want to identify infected workstations, we can provide you either with a VMWare image or a Network Appliance for the RPZ service. But if you're looking for a streamlined protection service, you can rely on our Cloud servers. You can either use a dedicated RPZ server with customized protection settings for your customers, or use one of our different pre-configured RPZ shared servers.

Yes. You can find the documentation in https://docs.planisys.net/pdns/

YES! Planisys PDNS supports ECS (EDNS Client Subnet) to indicate where the query is coming from and provide GeoDNS responses. So for example, if you are querying about Facebook or Google from Argentina and you forward the queries from a bind9 server to your assigned Planisys resolver in the US, this resolver will forward the Geolocation information and obtain local CDN IP addresses from services like Instagram, Google, Netflix, Instagram, etc

Planisys is co-located in Miami with a latency of only 0.1ms to the root name-servers, which makes the service extremely stable and fast. Planisys has also a proprietary caching technology on top of bind's that make frequent queries never expire while detecting changes of TTL and contents. For very high volumes we use hardware based Crypto-Acceleration to ensure DNSSEC's root of trust and protect from spoofing and poisoning.

Planisys PDNS
Hybrid Deployment

Based on Bind 9.18+ for Redhat and Debian/Ubuntu based systems
Bind9 servers on-premise, in Planisys Cloud, or Amazon/Azure/GoogleCloud/etc.
RPZ: Response Policy Zones for Government due access restrictions
Avoid noisy neighbors, cache poisoning, and domains involved in malware attacks to protect your endpoints
Response Rate Limiting to avoid DDoS attacks
DNSSEC for increased security and reputation
We provide DS information for your registrar's Chain of Trust
Real-time consistency controls of your domains between your Hidden Primary, your Authoritatives and Recursives.

Benefits

Premium Technical Support - Ticketing system with Escalation Procedure
We help you migrate your DNS Zones to us
Permanent consulting on the use of DNS
Deploy servers wherever you like
Integrate with your CRM via API
Give access to your customers through PDNS-Web
We support any master-slave scenario
24x7x365 DNS Monitoring and Alerts
Increased Security (anti-DDoS and DNSSEC)
Antispoofing and Antimalware

Printscreens of PDNS Web

Newly created zone with automatic NS records

Add MX Record

MX added and SOA Serial automatically increased

PDNS Reseller View

Multi-Check DNS Lookup Tool

DNS Tool Lookup IDNA IPv6

DNS Whois Information

PDNS Reverse Ipv4 Pre-filled Zone

PDNS Recursive Statistics for 10k Users

PDNS Query Distribution

PDNS Recursive use of IPv4 and IPv6

Malware avoided with RPZ

Features

Web interface for DNS Resource Records

Intuitive, multi-tenant, responsive web interface for DNS Resource Records CRUD (Create Read Update and Delete). Extensive checks at the user level interface to avoid invalid zones being rejected by Bind DNS.

DNSSEC,EDNS and RRL support

DNSSEC support for zone signing and root-of-trust in the delegation chain. Also extensive use of EDNS to provide bigger UDP packets and together with RRL (Response Rate Limiting) mitigate DDoS attacks.

DNS Firewall

Threat intelligence feeds to block malicious CIDRs and malicious IPs involved in C2 (Command and Control) in order to avoid exfiltration and C&C driven attacks.

Response Policy Zones

With a real-time feed of +10M of malware infected domains, both from Planisys Threat Intelligence and market qualified 3rd parties, DNS uses RPZ (Response Policy Zones) to protect all endpoints of your organization by non resolving domains involved in Malware attacks.

Emergency DDoS

In case your network is under an extensive DDoS attack, you can apply a Response Rate Limiting brake from Planisys Control Panel, also blocking newly discovered attacking IPs.

2 way authentication

As DNS is a critical component of the organizations' Internet presence as well as for internal systems, logins to the PDNS platform are protected by two-way authentication with OTP. You can also rely on Active Directory login integration and thus its own MFA mechanisms.

Auditlog

PDNS keeps track of user modification by means of an encrypted auditlog that honours the privilege hierarchy, having a superadmin that can view all users' activity. Delegation events originated in other systems are also being timestamped and recorded together with manual interventions, to have a better understanding and forensics of DNS configuration history.

Domain and X509 expiration alerting<

PDNS provides ways to protect and alert administrators by e-mail and SMS before his domains are going to expire, by looking up their WHOIS information on a regular basis. X509 certs can also be uploaded as associated information to the domains, and keep administrators alerted about expiry dates.

Multi-tenant, white-label administration

PDNS' web interface is multi-tenant , with granular permissions to ensure proper access privileges and management of DNS resources according to superadmins, admins, resellers and final customers. PDNS can be deployed at customer's premises or as SaaS in the cloud. PDNS can also be implemented in the infrastructure of your company, in addition to being available in Software-as-a-service mode in the cloud.

PDNS: DNS as a Service