Search
Appgate SDP
SDP Overview
Learn how Appgate SDP reduces risk and complexity, and why it's the industry's most comprehensive Zero Trust network access solution.
How Appgate SDP Works
Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.
SDP Integrations
Explore security, IT and business-system integrations that can enhance and help you adapt Appgate SDP to your existing workflows
SDP for Developers
Access developer tools and resources to maximize the value of your Appgate SDP deployment.
Zero Trust Network Access for:
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.
SECURE NETWORK ACCESS

Greg ShieldsNovember 3, 2021

It’s Always DNS

How does the latest version of Appgate SDP help overcome complex DNS challenges?

Share

Domain name system (DNS) servers are an important piece of infrastructure in any organization. The job they do is as simple as it is critical … convert a name to an IP address to make a resource reachable across a network.

In an enterprise, however, DNS servers often move inside the infrastructure and when they stop working properly, productivity can be impacted because applications and resources can’t be reached which hinders people from doing their jobs.

Internal DNS challenges can be created by several root causes, most tied to configuration mistakes or errors that can be difficult to solve if you are not sure what to look out for. Improperly configured DNS records, high TTL (time to live) values, DDoS attacks, hardware or network failures and high DNS latency are all potential culprits that can create a DNS problem.

Failing DNS servers can cause severe problems and news of large internet outages caused by DNS issues are more commonplace. In July of this year, Akamai, a large content delivery network that helps move data around the internet, experienced a “bug” in its Edge DNS Service. The DNS outage took down large portions of the internet and affected the websites of Delta Airlines, Capital One, UPS, Costco, Home Depot, several financial services institutions and many others.

When an organization’s DNS server fails, bad things can happen. One of the systems impacted can be an Active Directory (AD) server. Active Directory Domain Services (AD DS) uses DNS as its domain controller location mechanism. AD operations such as authentication, updating or searching all rely on DNS to locate Active Directory domain controllers. According to Frost and Sullivan, “The use of AD is so common that approximately 90% of the global Fortune 1000 companies use it as a primary method to provide seamless authentication and authorization.” So when it fails it can impact all areas of the enterprise.

Further complicating the role DNS servers play in an organization's network is the shift from insecure perimeter-based security solutions like VPNs to Zero Trust architecture to secure an ephemeral perimeter. The days of looking at networks as connecting a data center to headquarters and branch offices are over. Networks now connect Alice and Bob from wherever they are located to applications they need to do their jobs regardless of where those applications reside. And there is a good chance that Alice and Bob are relying on DNS to reach those applications

You can now start to see how DNS is in the middle of everything and how impactful it can be when it is not working properly.

New version of Appgate SDP solves more complex enterprise DNS challenges

Up until last week’s release of Appgate SDP 5.5 version, DNS was set by the identity provider when a user was trying to reach an Appgate SDP Gateway protected resource. This worked well for most of our customers, but we recognized we could improve the flexibility and capability of DNS in the platform and that was a major focus for this new version.

In the 5.5 release we have substantially improved the way Appgate SDP, an industry-leading Zero Trust Network Access (ZTNA) solution, works with DNS to provide enhanced flexibility in complex enterprise networks, including:

  • Improvements to the Client software to make DNS behavior uniform across all operating systems
  • A DNS forwarder that can act as a DNS proxy for Clients
  • Dynamically resolving multiple subdomains without human intervention or maintaining IP lists in like GitHub, e.g., images.github.com
  • Determining DNS by policy to enable a user’s geo-location to determine how their DNS is set, which is particularly powerful for multinational customers

DNS is a vital and powerful part of any corporate network. Improperly configured and/or improperly maintained DNS can have a substantial detriment on an organization’s overall ability to function. Appgate SDP puts the power of DNS to work in our customers’ environments with superb flexibility in how it is used and an enhanced, secure user application experience. It is another way that we deliver “people-defined security.”

For additional information, visit www.appgate.com/sdp or sign up for one our weekly live demos, which occur weekly on Wednesdays at 11:00 am ET.

Receive News and Updates From Appgate