Maintain DNS Resilience

The A10 DNS portfolio shields DNS infrastructure from DDoS attacks and exploits while augmenting capacity for recursive and authoritative functions.

Secure and Scale DNS Infrastructure for Uninterrupted Service 

DNS is an inherently insecure protocol and is vulnerable to a variety of cyberattacks that can disrupt network and service availability and violate confidentiality of users and their data. This poses a challenge for the ISPs responsible for ensuring uninterrupted DNS service and maintaining user privacy. 

Mitigate Threats to Revenue, Brand and Reputation 

DNS is a favorite target for cybercriminals and a top target for DDoS attacks. When attackers incapacitate a service provider’s DNS servers, subscribers can’t resolve domain names, visit websites, send email, or use other vital internet services. DNS attacks have brought down service providers’ DNS services for hours, even days. Organizations can suffer lost revenue and brand damage if an attacker disrupts access to DNS infrastructure and prevents users from accessing vital services. 

Sustain High-speed Subscriber Experience 

DNS is critical to maintaining the subscriber experience of speed, security, and availability. Underperforming DNS technology will slow DNS resolution, add latency to query responses, cause slow web page downloads, timeout of applications and other problems that can impact the subscriber experience.  

How We Can Help

The A10 DNS portfolio includes high-performance Defend Mitigator, Thunder ADC and Thunder CFW products that provide several critical DNS solutions for better protection and processing capability to offload or replace existing DNS servers.

Recursive DNS Consolidation

DNS servers can be consolidated or eliminated with Thunder ADC or Thunder CFW, providing high-speed resolver and cache support while coexisting with current DNS features. This shields DNS servers from attacks and reduces the number of DNS servers that need to be provisioned, lowering capital expenses.

Authoritative DNS Cache

A10 Defend Mitigator can be used as a high-performance authoritative DNS cache. The solution’s non-stop DNS operational mode can cache millions of DNS records and respond to queries at millions of queries-per-second during a DNS DDoS attack.


With the DoH/DoT features in Thunder CFW, service providers can offer their subscribers the option of higher security and enhanced privacy protection through end-to-end encryption for DNS queries.

DNS Application Firewall

Thunder ADC and CFW shield DNS infrastructure from attacks with the powerful and comprehensive DNS application firewall (DAF). The solution stops buffer overflow, malformed requests and denial of service (DoS) attacks, shielding DNS servers.

DNS Load Balancing

Thunder ADC and Thunder CFW can load-balance multiple DNS servers and cache DNS responses, providing scale and enabling DNS servers to handle heavy loads and massive attacks.

Case StuDy

Tier-1 Cable Provider Protects Subscriber Privacy with Encrypted DNS at Scale with A10 Networks Thunder CFW

Critical Issues

  • Rapidly support the new encrypted DNS protocol toprotect subscriber privacyand security while maintainingservice continuity


  • Meet the performance and scalability requirements of encrypted DNS queries from potentially tens of millions of subscribers
  • Able to support up to 600 million encrypted DNS queries per day
  • Gain enhanced security and visibility to protect its DNS infrastructure from multiple attack vectors
  • Protect key services such as parental controls and content delivery

Related Product: A10 Thunder CFW


“As encrypted DNS grows in usage, the cable operator can assure privacy and security for tens of millions of subscribers without impacting the user experience.”

Tier-1 Cable Operator

Ready to get started?

Ready to See?

Schedule a Demo

Ready to Try?

Get a Free, 30-Day Trial

Ready to Buy?

Call sales at 1-888-A10-6363 or fill out our contact form