PowerDNS:Platform2016

The PowerDNS Platform delivers all the capabilities of our unmodified Open Source products together with powerful ready-to-use additional capabilities. This is delivered without sacrificing the modularity and flexibility of an Open Source solution, but also with guaranteed performance levels and top notch support.

In short, with the Platform, we aim to be "the most open of the commercial DNS suppliers", or the other way around "the best commercially deployable open DNS solution". For more detailed information or quotes, please head to our contact page.

The PowerDNS Platform features:

   The existing Open Source workhorses: Authoritative Server, dnsdist and Recursor
   A centralized control panel for these components
       Zone management
       Error log searching
       Cache flushing
   Integrated graphing and monitoring
       Aggregate
       Per server
   Operator friendly licensing that does not require additional licenses to unlock performance of more cores or more servers

   Modest hardware requirements
       Supports virtual machines, Network Function Virtualization (NFV) version available
       No dedicated appliance required
   Certified performance up to millions of queries/second
       Guaranteed numbers for 100%, 98% and 90% cache hit rates
       Typical production numbers per commodity (8GB ram, 8 cores) server: 400kqps of real live traffic including botnet and malware traffic
       Under benchmarking conditions: millions of queries/second
       We can commit to performance levels on your existing hardware
   Full solution for malware blocking, detection, parental control, ad-blocking

Services, SLAs

   Full migration of legacy systems
   Certifying/guaranteeing performance levels on virtual machines, NFV platforms
   24/7 dedicated support
   Optional live telemetry reporting of all statistics to PowerDNS Support which enables more rapid problem resolution and reduced staff load when diagnosing problems
   Latency monitoring for best subscriber/customer experience

Network features, Large scale query logging/querying, Security

   Built-in DoS protection / service assurance under malware attack
       Deflects random domain subnet query attacks
       Rate-limits customers making excessive queries
       Quarantines infected users to dedicated 'abuse' pool
       Is not a substitute for network level filtering of multi-gigabit attacks
   Long term full query logging & rapid searching
       Dimensioned at a trillion queries/day (1000 billion) on commodity hardware with long term retention
       For security research, lawful intercept/data retention requirements, customer intelligence, quality assurance/diagnostics
   Network based fail-over and load-balancing
       ECMP
       Anycast
       OSPF
   Native load balancing with DNS-specialized load-balancing rules
       Query concentration for enhanced cache hit rate
       Smooth server startup with no customer disruption
   Out of the box production support for DNS64
   Recovery of subscriber identity through (CG)NAT

Ease of management

   Fully automated deployment & configuration management
       Deploy new ACLs, new IP addresses, new features, new versions with ease
   Easy deployment of (court ordered) DNS blocking lists
       Global
       Per region
       Per subscriber
   Web-based control panel

Selective filtering, parental control, malware protection & detection

   Selective filtering based on leading categorization & filtering partners:
       Parental control, selective parental control (DNS & URL based, per-device, per-subscriber)
       Malware filtering, selective malware filtering (DNS & URL based, per-device, per-subscriber)
       Ad-filtering, selective ad-filtering (DNS & URL based, per-device, per-subcriber)
       Modest hardware requirements (8GB of RAM)
   Comes with subscriber self-management module
       And API to integrate with existing customer portals
   Selective filtering options
       Scales to tens of millions of customers
       Preference changes communicated instantly
       Select categories to be filtered (malware, 'child friendly', 'brand safe', advertising)
       Per subscriber preset filter sets ('light, medium, heavy' filtering for example)
       Time-window for filtering ('no filtering at night')
       Per subscriber blacklist and whitelist
       Highly modular to support any use case or existing categorization lists
       Out of the box support for:
           Zvelo
           WebROOT
           ThreatSTOP (RPZ)
           Spamhaus (RPZ)
           Farsight (RPZ)
   IP/Customer tracking infrastructure that ingests from
       Radius
       DHCP
       Custom sources
   Support for CGNAT/DS-LITE port mapping to identify customers
   Per-device instead of per-subscriber settings with aid of CPE
       Inject MAC address or other identifier using industry standard protocols
   NXDOMAIN redirection & advertising landing page