Building Resilient Applications with Cloudflare DNS

Building Resilient Applications Using
Cloudﬂare DNS

Confidential. Copyright © Cloudflare, Inc.Confidential. Copyright © Cloudflare, Inc.
2
● Cloudflare overview
● Let’s talk about DNS
● Cloudflare Managed DNS
● Customer stories
● Demo
● Q&A
Agenda

3
Cloudﬂare Overview

The Internet is critical
for your business.
Conﬁdential. Copyright © Cloudﬂare, Inc.

There are imperatives for business applications and employees
Provide the essential
infrastructure for business-critical
applications and networks.
Enable a secure and agile
workforce that is increasingly
working from remote locations.

Today’s Internet requires
PERFORMANCESECURITY RELIABILITY
● Mitigate DDoS attacks
● Prevent customer data breaches
● Stop malicious bot abuse
● Accelerate Internet applications
● Optimize content delivery
● Ensure application availability
● Improve DNS resolution time

“Band-Aid” network boxes were built for a world of
on-premise infrastructure
7
Challenges
● Expensive
● Hard to use
● Specialized hardware
● Inconsistent security policies
● Tremendous human cost to manage and maintain

The problem is: the rapid move to the cloud creates new challenges
Internet
Applications
On-Premise
Multi-Cloud
Hybrid Cloud
SaaS
75% of organizations
use at least one cloud
provider1
54% of organizations
have hybrid or multi-cloud
environment1
Confidential. Copyright © Cloudflare, Inc.1- Forrester Consulting on behalf of Cloudflare

A global cloud platform that delivers
security, performance, and reliability across
on-premise, public cloud, hybrid, and SaaS applications.
9
What's needed?

Cloudﬂare is an intelligent, integrated global cloud network
that delivers security, performance, and reliability for all your
Internet infrastructure, people and connected devices.
CLOUDFLARE’S MISSION:
Help build a better Internet

27M+
Internet properties
200+
Cities and 95 countries
45B
Cyber threats blocked each day in
Q1’20
99%
Of the Internet-connected population
in the developed world is located
within 100 milliseconds of our
network
Note: Data as of June 28, 2019.
Cloudﬂare’s network operates at massive scale

PERFORMANCE &
RELIABILITY
SECURITY
Domain Name
System (DNS)
Firewall
AnalyticsWorkers
IoT Security
Cache
Load Balancing
SSL/TLS
Secure Origin
Connection
Rate
Limiting
Bot Management
DDoS Protection
Intelligent
Routing
Image
Optimization
Access
CLOUDFLARE FOR INFRASTRUCTURE
CLOUDFLARE
FOR TEAMS
Magic Transit
Gateway
Workers KV
SERVERLESS
APPLICATION
PLATFORM
Stream
Integrated, Intelligent Global Cloud Network

How does Cloudﬂare work?
Accelerated Performance
Cloudﬂare’s Globally
Distributed Network
Attackers
Visitors /
Users
Crawlers,
Bots
Multi-Cloud
On-premise
Hybrid Cloud
SaaS

With a reverse proxy, setup is a DNS change
Without Cloudflare, an origin is
exposed to visitors and attackers.
Origin ServerVisit/User 1.2.3.4
With Cloudflare, all requests route to
the nearest data center via Anycast
and proxy to the origin.
Origin ServerVisit/User
104.x.x.x
Nearest
Cloudflare Data
center
1.2.3.4

15
Let’s talk DNS

Millions of dollars invested in building and
securing web properties can go to waste if your
DNS fails and your customers can’t ﬁnd you.

SECURITY
Weak link in
security strategy
PERFORMANCE
Slows down your
user experience
RELIABILITY
Single point of
failure for online
availability
Impact of a weak DNS strategy
You’re only as fast and available as your DNS is.

Enterprise DNS strategy has evolved
● Maintain on-prem DNS
infrastructure
● Resides behind the
corporate ﬁrewall
● Slow query resolution for
distant traﬃc
● Leverage multiple DNS
providers to maximize
redundancy
● No single point of failure
Multi-DNS Setup
● Managed DNS provider acts
as Authoritative DNS —
maintaining DNS records and
resolving queries
● Offers better speed and
protection
● Improved redundancy
compared to traditional DNS
setups
Single Managed Provider
In-House DNS

Diﬀerent DNS setups to
increase redundancy
19

● Improve speed
● Reduce TCO
● Minimize eﬀort
● Attain superior security
posture
Managed
Authoritative DNS
Authoritative DNS Hidden Master Primary-Secondary Multi-Master
1

● Primary/Master DNS
(usually maintained by the
organization itself)
maintains and updates all
records
● Managed DNS provider
acts as Secondary — gets
a copy of the record and
faces the public internet
2
Hidden Master
Secondary DNS

● Primary DNS maintains and
updates all records and
secondary DNS gets a copy of
the record
● Both primary and secondary
DNS resolve queries, with
recursive resolvers deciding
which one to use.
● Single or multiple secondary
DNS can be deployed
3

4
Primary DNS
Primary DNS
● Two DNS providers can be set
up as primary
● No zone information passes
from one to the other —
updates are made
independently on each system
● Both providers face the public
internet

24
Cloudﬂare Managed DNS

Cloudflare acts Secondary DNS,
maintaining a copy of the records
and receiving updates from the
Primary DNS.
Organizations can maintain their
own Primary DNS or get a
Managed DNS provider to act as
Primary.
Cloudflare protects and
accelerates any organization’s
DNS infrastructure.
Organizations maintain their own
DNS infrastructure — maintaining
and updating their DNS records.
Secondary DNS
Authoritative DNS DNS Firewall
Cloudflare acts as Authoritative
DNS, maintaining and updating all
DNS records.
Organizations onboard and
configure their DNS records to
Cloudflare.
Cloudflare DNS
Choosing the right setup is critical
Cloudflare Managed DNS

Enterprise-grade managed DNS service that oﬀers the
fastest response time, unparalleled redundancy, and
advanced security.
Cloudﬂare DNS

27
The Cloudﬂare Diﬀerence

Cloudﬂare Load
Balancing comes with
built-in unlimited and
unmetered DDoS
mitigation
Our Global Anycast
Network allows DNS
resolution in each of our
data centers across 200+
cities.
Zero Downtime
A global network with high redundancy

Superior Performance
Cloudﬂare DNS is the fastest in the world
Cloudﬂare Load
unmetered DDoS
mitigation

Cloudﬂare Load
unmetered DDoS
mitigation
Built-in DNSSEC adds an
additional layer of security
at every level in the DNS
lookup process.
Integrated Security
One-click DNSSEC along with unmetered, unlimited DDoS mitigation

Cloudﬂare Load
unmetered DDoS
mitigation
Migrate your DNS
records in bulk within
minutes using our
dashboard or API
Onboarding and conﬁguration support
Migrate with zero downtime

Granular analytics
Leverage data to make the right decisions
Cloudﬂare Load
unmetered DDoS
mitigation
Know the health of your
DNS traﬃc in real-time

Support unlimited
queries/records
Free, one-click DNSSEC Easy conﬁguration
Premium support — migrate with
zero downtime
Role-based access controlsCustom nameservers
Unlimited and Unmetered
DDoS Mitigation
Key Features

34
Demo

35
Q&A

36
Contact us:
Dina Kozlov (dkozlov@cloudﬂare.com)
Christopher Shelley (cshelley@cloudﬂare.com)

Building Resilient Applications with Cloudflare DNS

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Building Resilient Applications with Cloudflare DNS

Similar to Building Resilient Applications with Cloudflare DNS (20)

More from DevOps.com

More from DevOps.com (20)

Recently uploaded

Recently uploaded (20)

Building Resilient Applications with Cloudflare DNS