the solution brief for Canadian Higher Education

PROTECT YOUR BUSINESS
INSTITUTION
Using
D-Zone
Transaction
Anycast DNS
Signatures
D-ZONE SOLUTION BRIEF: UNIVERSITY AND COLLEGE
SITUATION
A typical Canadian College or University website has traffic ranking in the Alexa top
1000 for Canada. Analysis of several large institutions DNS traffic has shown that
they get around 50 per cent global and 50 per cent Canadian traffic – a surprising
fact for many IT administrators.
For an institution, web properties are critical for both its marketing and operations.
They are used for recruiting, alumni relations, student and faculty communication
and a host of online applications. Traffic to these sites is often campaign driven (such
as recruitment or fundraising) and can spike for periods of days or weeks. Because
these campaigns represent a significant commitment in time and resources from the
administration, DNS outages can have a very high impact on the institution and on
the credibility of the IT operations team.
CHALLENGES
A technical review of the public DNS shows that most institutions are running
one or two unicast name servers on the same subnet in their own data centre.
This has negative implications for performance and up-time. In addition, 71 per
cent don’t appear to have a back-up provider. Website performance is impacted
by having all DNS queries answered on campus, with the impact amplified for
out of province and international visitors. The lack of diversity of name servers
on the same subnet also increases the risk of DNS downtime because the
servers share a common router port, switch, cabling and power source. Unicast
servers on the same subnet also lack the resiliency required to withstand a
DDoS attack that could bring down the servers and flood the Internet access.
SOLUTION
CIRA’s D-Zone Anycast DNS secondary service can be added to an existing
infrastructure and be configured to answer all external DNS queries. With
anycast, a globally distributed cloud of name servers share a single IP address.
Layer 3 routing automatically routes queries to the closest name server, reducing latency and providing transparent
fault tolerance. In addition, the massive distributed capacity and bandwidth of the D-Zone Anycast DNS service adds
DDoS resiliency.
Implementing D-Zone does not require any capital equipment or changes to the existing DNS administration process.
The interface between an existing name server and D-Zone is a standard DNS zone transfer. For the IT team, the
reporting features that D-Zone provides them with, gives information on the traffic patterns and health of the DNS
that many don’t have.
RESULTS
Universities and Colleges get improved reliability and performance for their external DNS by allowing D-Zone to
answer queries from their users on the Internet. A 100 per cent uptime SLA provides reliability while the latency of
DNS queries has be shown to be improved by as much as 100 per cent (and more) for international queries. However,
resilience and performance are only part of the results. Institutions also benefit from having 24x7 monitoring, 24x7
support and a new and advanced set of DNS metrics to help them to better manage this mission critical network
service.
LEARN MORE
To get D-Zone Anycast DNS working for you, please visit www.cira.ca/d-zone or contact us today by email
[email protected] or by phone 1-844-863-9663