Opanga Networks


Forward-looking insights for a fast-moving industry

DNS Darkness: Let Opanga light the way

All networks today are dependent on the identification and classification of different types of data traffic and applications to ensure proper billing, firewall management and traffic optimization functions. Often this identification and classification is done through a process called Deep Packet Inspection (DPI). Every time a smartphone, laptop, or PC reaches out to the Internet, it uses a method called Domain Name System (DNS) look up to determine the IP address of the server which has the content being requested. For example, when a user browses to Facebook their phone sends a request to a DNS server with www.facebook.com and the DNS server returns an IP address where the application can connect to Facebook.

Opanga provides a portfolio of non-DPI based Advanced Flow Detection (AFD) solutions implementing innovative Machine Learning technology that lights the way for network operators to navigate the impending DNS Darkness.

Currently, DNS requests are unencrypted enabling DPI solutions to monitor and track customers’ data traffic. This unencrypted DNS data raises both security and privacy concerns and so in response, advocacy groups and content providers are adopting DNS over HTTPS (DoH) and DNS over TLS (DoT) to encrypt DNS traffic. These methods remove the ability to observe the DNS request thus rendering DPI obsolete, resulting in what the industry refers to as “DNS Darkness.” The impact of encrypting DNS requests has severe implications to enterprise and service provider networks. When DNS goes dark, operators will lose the ability to bill, optimize and enforce security protocols. So, the critical question is, what can network operators do in the face of DoH and DoT? Just as networks had to make major adjustments overnight during the shift to packet encryption (HTTPS), operators will need to deploy modern, innovative solutions that preserves network visibility and control in this environment.