Thunder® CFW Native DNS over HTTPS Capability Helps Service Providers’ DNS Security by Preventing Interference and Enabling User Privacy

SAN JOSE, Calif. – March 5, 2020 – A10 Networks (NYSE: ATEN) today announced the availability of its Domain Name System (DNS) over HTTPS (DoH) capability in the Thunder Convergent Firewall (CFW). This native capability enables service providers to offer DoH services to their subscribers. It helps organizations who run DNS infrastructure deliver higher DNS security by preventing interference and enabling user privacy protection through end-to-end encryption for DNS queries, without sacrificing the performance and latency needed for DNS infrastructure. DoH ensures deeper protection to subscribers against DNS-based attacks. This ultimately improves operational efficiencies for customers while enhancing security.

Encryption is fundamental for the privacy of data on the internet. HTTPS (encrypted HTTP) has one of the largest shares of traffic on the internet today. Due to privacy concerns after the 2013 Snowden leaks, HTTPS is now the de facto standard with sources such as Mozilla Firefox, which showed a 300 percent increase over the period. DNS traffic, by contrast, remains a largely unencrypted channel on the internet. When the DNS traffic is unencrypted, it is vulnerable to manipulation and privacy violations. For example, in A10 Networks’ Q4 2019 State of DDoS Weapons report, DNS resolvers are one of the top-five DDoS weapons and DNS service ports are one of the top-10 UDP targets. DNS is also exploited for malware, ransomware and data theft attacks. Resilient, high-performance DNS infrastructure is essential for the proper functioning of service provider networks and the internet itself.

A10 Networks has worked with large service provider customers to develop a DoH capability, and it is now deployed in production at tier-one service provider networks. The capability is based on a proposed standard published as RFC 8484 by the Internet Engineering Task Force (IETF).

DNS over HTTPS is available today as a native capability with Thunder CFW on any hardware or software appliance, including containerized instances. DoH can be combined with the product’s other security features, including the application delivery controller (ADC) functionality to support comprehensive protection and availability for DNS, while maintaining the performance needed in service provider-scale DNS infrastructure.

DoH solution provides:

“Security of the DNS infrastructure has never been more critical for service providers and for their enterprise customers than now. DNS queries are transmitted in clear text, unencrypted. As a result, DNS queries are easily subject to spoofing, interception, hijacking and other issues,” said Gunter Reiss, VP of worldwide marketing at A10 Networks. “A10’s DNS over HTTPS capability helps service providers protect their DNS infrastructure from devastating attacks, while providing the performance and scale required.”

Related links:

Follow Us on Social Media:

About A10 Networks
A10 Networks (NYSE: ATEN) is a leading provider of secure application services and solutions, with a range of high-performance application networking solutions that help organizations ensure that their data center applications and networks remain highly available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, Calif., and serves customers globally with offices worldwide. For more information, visit: and @A10Networks.


The A10 logo, A10 Networks and Thunder are trademarks or registered trademarks of A10 Networks, Inc. in the United States and other countries. All other trademarks are the property of their respective owners.

Media Contact Karin Gilles Director of Public Relations 408-240-5176