Dot-com da-bomb Verisign fires off an OpenDNS rival

Domain biz offers 'DNS Firewall'

Operator of the dot-com registry Verisign has launched a rival to popular online security service OpenDNS, called DNS Firewall.

Announcing the service in a blog post, Verisign's Michael Kaczmarek said that protecting a company from cyberattacks was "becoming increasingly difficult and expensive," and pointed out that hackers are increasingly getting around the traditional network firewall by targeting users.

Verisign's new DNS Firewall is cloud-based, and offers "robust protection from unwanted content, malware and advanced persistent threats." It claims the system is easy to configure and will work out significantly cheaper than traditional (hardware) network protection.

The service will identify global and local threats as was identify potential botnets and provide editable content filters. It is designed to protect businesses from a range of online threats from malware to phishing and even targeted attacks.

Implementing it requires you to sign up to the service – no word yet on pricing – and then simply change your DNS settings to run its through Verisign.

The service has an existing rival in OpenDNS – a very similar recursive DNS service that Cisco will acquire by the first quarter of next year. OpenDNS has grown dramatically in recent years, and claims it has 2,000 paying customers alongside many more users of its free service. It charges $28 per user per year for its most basic package; more advanced packages are negotiated on a per-customer basis.

Verisign is likely to be targeting the large corporate market, using its long history as a core DNS provider (it not only runs dot-com, the largest registry in the world by some distance, but also operates the internet's 'A' root.)

We spoke to OpenDNS CEO David Ulevitch about his new rival, and he was surprised it hadn't happened sooner.

"Adding security to one of the most important control points on the Internet, the DNS, is important, and I am happy to see focus here from Verisign," he told us. "I'm surprised it took them this long to recognize the critical nature of DNS for enterprise customers."

He added cheekily: "I look forward to next year when I hope they will catch up to our 2011 feature set."

According to Verisign's Kaczmarek, citing McAfee, there was a 75 per cent increase in new malware in 2014. He also notes that the average data breach will cost a large organization $3.8m. ®

The first edition of this article compared DNS Firewall to Cloudflare, a related but different DNS service. DNS Firewall and OpenDNS offer recursive DNS services whereas Cloudflare offers an authoritative DNS service.

Other stories you might like

  • Cloudflare says it thwarted record-breaking HTTPS DDoS flood
    26m requests a second? Not legit traffic, not even Bill Gates doing $1m giveaways could manage that

    Cloudflare said it this month staved off another record-breaking HTTPS-based distributed denial-of-service attack, this one significantly larger than the previous largest DDoS attack that occurred only two months ago.

    In April, the biz said it mitigated an HTTPS DDoS attack that reached a peak of 15.3 million requests-per-second (rps). The flood last week hit a peak of 26 million rps, with the target being the website of a company using Cloudflare's free plan, according to Omer Yoachimik, product manager at Cloudflare.

    Like the attack in April, the most recent one not only was unusual because of its size, but also because it involved using junk HTTPS requests to overwhelm a website, preventing it from servicing legit visitors and thus effectively falling off the 'net.

    Continue reading
  • Man gets two years in prison for selling 200,000 DDoS hits
    Over 2,000 customers with malice on their minds

    A 33-year-old Illinois man has been sentenced to two years in prison for running websites that paying customers used to launch more than 200,000 distributed denial-of-services (DDoS) attacks.

    A US California Central District jury found the Prairie State's Matthew Gatrel guilty of one count each of conspiracy to commit wire fraud, unauthorized impairment of a protected computer and conspiracy to commit unauthorized impairment of a protected computer. He was initially charged in 2018 after the Feds shut down 15 websites offering DDoS for hire.

    Gatrel, was convicted of owning and operating two websites – and – that sold DDoS attacks. The FBI said that DownThem sold subscriptions that allowed the more than 2,000 customers to run the attacks while AmpNode provided customers with the server hosting. AmpNode spoofed servers that could be pre-configured with DDoS attack scripts and attack amplifiers to launch simultaneous attacks on victims.

    Continue reading
  • Big Tech shrank the internet while growing its own power
    Classic internet ideas matter less now that CDNs and private networks dominate traffic

    Comment The internet has become smaller, the result of a rethinking of when and where to use the 'net's intended architecture. In the process it may also have further concentrated power in the hands of giant technology companies.

    Given the ever-expanding content and resources available online, and proliferation of connected devices, the notion that the internet has shrunk is counter-intuitive. But shrunk it has – to the point at which some iPhones do not immediately connect to the open internet.

    Those phones are iPhones running the latest version of Apple's iOS and the opt-in service called Private Relay. The iGiant bills Private Relay as a privacy enhancement because it obscures users' DNS lookups and IP addresses by funneling traffic over networks operated by Cloudflare, according to specs set by Apple.

    Continue reading
  • Cloudflare stomps huge DDoS attack on crypto platform
    At 15.3 million requests per second, the assault was the largest HTTPS blitz on record lasting 15 seconds

    Cloudflare this month halted a massive distributed denial-of-service (DDoS) attack on a cryptocurrency platform that not only was unusual in its sheer size but also because it was launched over HTTPS and primarily originated from cloud datacenters rather than residential internet service providers (ISPs).

    At 15.3 million requests-per-second (rps), the DDoS bombardment was one of the largest that the internet infrastructure company has seen, and the largest HTTPS attack on record.

    It lasted less than 15 seconds and targeted a crypto launchpad, which Cloudflare analysts in a blog post said are "used to surface Decentralized Finance projects to potential investors."

    Continue reading
  • Developer adoption is our priority, profits second, Cloudflare tells bankers
    We seem to give away stuff for free at just the right time, says CFO

    If Cloudflare CFO Thomas Seifert's take on his company's direction is accurate, expect future strategy to focus on how it can use its slew of newly announced tools to make the biggest dent in existing markets. Profit motivations come a distant second, as least for now.

    Speaking at the Morgan Stanley Technology, Media and Telecom conference, Seifert told analyst Keith Weiss that 2022 will be all about growing Cloudflare's Zero Trust solution as well as Workers, its serverless code platform.

    Even with those products, Seifert said, the security-focused content-delivery network's strategy isn't about earnings – it's about gaining users. "We think primarily about adoption in the developer community penetration and less about dollars and revenue at this point in time," Siefert told the audience of investors and financial analysts.

    Continue reading
  • Cloudflare, Akamai: Why we're not pulling out of Russia
    Yanking connectivity would do more harm than good, they say

    Though Cloudflare and Akamai have voiced their opposition to President Vladimir Putin's invasion of Ukraine, they have stopped short of pulling completely out of Russia despite mounting pressure to do so.

    In a March 6 statement, Cloudflare CEO Matthew Prince said his company, which provides DDoS protection and other internet networking and security services, has received "several calls to terminate" all business inside Russia. He added that "we've watched in horror the Russian invasion of Ukraine," adding: "Our thoughts are with the people of Ukraine and the entire team at Cloudflare prays for a peaceful resolution as soon as possible."

    That said, after discussing the situation with government and private-sector experts, Prince said Cloudflare concluded: "Russia needs more internet access, not less."

    Continue reading

Biting the hand that feeds IT © 1998–2022