DNS Internet Resolution Services for the Greater Toronto Area
We run our
Domain Name System, or commonly known as DNS, as an open and recursive resolver to our local service areas of Toronto & Mississauga, Ontario, Canada.
Our objective with this server is to serve the community and to help clean up some of the internet, so we have taken ample security measures at multiple layers to mitigate DoS & DDoS attacks. We have also implemented a series of scripting programs that run on schedule to update our spam-prevention, bad domain, IP data and then supplementing our DNS server configuration with the collected information.
Our DNS resolver breakdown
Our DNS server IP address is...
Your internet IP address probably is...
How to use
Contact your IT technician or consultant to configure our DNS server as one of your DNS servers located within your router or firewall. We encourage users of our server to configure our DNS server IP address inside your WAN/internet/untrusted instead of entering the configuration into your LAN/local/trusted network DHCP server.
If you would like to configure our server as one of your private DNS server forwarders, please do so; However, it's important to secure your environment by ensuring that your local DNS server is responding authoritatively to your local domain's forward and reverse lookup zones. Regardless of whose DNS server you use, failing to configure your zones appropriately will expose your local network's subnet and addressing scheme to any forwarding resolver.
If you need help configuring your private DNS server and do not have existing IT support, we'll be happy to be your regular IT solutions partner. Complete on-site IT support is available through us in our service area. We accept calls for remote work from all over Ontario.
How is our DNS resolver different than other servers in Canada?
A "deny, then allow" policy always works best
- We deny DNS queries from IP addresses outside North America or outside of ARIN-managed allocations
- We block some cloud service providers who rent out virtual machines to random subscribers. We're focused on serving actual Canadian private infrastructure. This is done to eliminate DNS server abuse of our server as most instances of abuse originate from cloud service provider VPS systems.
- We deny DNS resolution of known malicious domains, with invalid
- Malicious IP address ranges are placed into what's called, a
blackhole, so probable attacks are ignored
- We ignore reverse DNS queries from IP addresses that look up APIPA ranges. This reduces traffic load from our resolver to the internet by cutting out addresses that should be resolving at your network.
Rate Response Limiting to spread things around
- DNS reponses per domain, per user are set to very low amount
- Total DNS responses are set to low amount
- DNS users that attempt to automate attacks get throttled in their tracks
- Suppression of requests for NXDOMAINS or domains that cannot be resolved to IP
Network quality, stability and fairness via UDP session limiting
- Enforcing UDP session limits ensures that a greater share of light web surfers and small offices benefit
- Aggressive users who open too many tabs or windows to the same website on multiple PCs are not automatically eating up a substantial portion of our network resources
- UDP session limits also prevent users who tend to surf at low-quality and inefficient websites from overusing our network bandwidth and DNS server
- UDP session limits also prevent high-CPU utilization and memory consumption caused by malicious and excess consumption by users
We monitor and have had to manually ban IPs in the past
- We block IP addresses due to those who appear to be engaging in fishy email activity, such as excessive MX lookups per minute to variants of the same domain, or anything that does not appear to be legitimate mailing list or email activity.
- We block those who insert large payloads into their domain's TXT records and then run many recursive lookups for their domain from multiple IP addresses simultaneously.
- We block those who manually engage in excessive random subdomain lookups and excessive SRV record lookups that do not appear to be actual web surfing activity.
- Anything that quickly fills up sessions on our network will be manually suppressed or eliminated, if abuse persists beyond a reasonable amount of time.
Optimal DNS cache configuration
- We have our DNS cache and TTL (expiration) set to a low value, so that poisoned records that cause domain redirections do not stay loaded for long.
- Queries are served reasonably fresh, then stored and flushed again before they turn rancid.
- A great feature for those who update web host DNS records and want a server that will pick up the correct host record sooner
DNS management solutions and priority queued recursive DNS plans are available for business or enterprise
We can have DNS queries sent from your office to have a customized configuration and response behaviour. We can help your business or organization improve web application performance by handling your queries and DNS traffic with a higher degree of customization
What can be customized?
DNS responses can be prioritized for you in a number of ways…
- Priority management properties, such as DSCP and Assured Forwarding (AF), are applied at the network-level before the queries even hit our DNS server
- Bandwidth management properties, such as guaranteed bandwidth per-source-IP can be increased just for your designation (limits apply). This ensures that you get more of a wider pipe of dedicated traffic both during the query and the response
- Increased UDP session limits per-source IP or WAN IP range (limits apply)
- Decreased and softening our RRL or response rate limiting at the DNS server
If your business subscribes to a static IP plan, simply provide us your internet IP address above or static IP and we'll make sure we configure your IP within our system accordingly.
Clients from the Greater Toronto Area who consult us for regular IT management will receive priority DNS resolution services free-of-charge.
Does your business or organization have slow internet browsing performance?
Our DNS server used as a forwarder might not be a worthwhile choice as a resolver for a larger corporation. Many businesses who already own a large amount of IT resources might benefit from having us configure their DNS services for them instead, especially if they run multiple services on the same physical server as their DNS host.
Getting the right IT with us will benefit you
If you want to operate or continue to operate your own DNS resolvers and need help, we can configure both Microsoft DNS Servers with Active Directory or BIND according to what's optimal for the current network gear or server platform you use at your location.
Assessing your needs
Your configuration might be optimally configured, but we're here for you in case you need a second opinion.
By default, your DNS server will search for the root servers themselves and answer queries directly for your network unless configured with DNS forwarders, such as our server or your ISP's DNS server(s). Some businesses benefit by using a mix of conditional forwarders and root hints.
NOTE:We cannot guarantee that your internet performance will improve or worsen while using our DNS server, especially if your connection is already experiencing technical issues, such as line or signal issues. First, always review your internet performance with your internet service provider. We also perform nightly modem reboots after hours, which can last up to 10 minutes long, so be sure to configure both primary and secondary DNS addresses at the WAN level so that you do not lose your internet browsing capability during unexpected moments. If down time is planned during business hours (8AM-6PM EST), we will alert all our clients ahead of time, if we have your email address.
Our server stack and backup procedure
We currently use Rogers Business Internet as our ISP. Our backup procedure consists of multiple levels of backup layers including, file-based backups, image-based backups, and LUN backups to further secure our private virtualized infrastructure. We also utilize high-availability measures such as complete network battery backup or brown-out protection as well as deployment of pooled hypervisors that allows us to provide protection against one physical computer failure, at the very least. We also backup our network infrastructure devices and their configuration files, so you can expect reliable service during most circumstances, plus quick response during the unthinkable.
We strive for the highest uptime possible; although, we admittedly cannot compete with large data centers that may provide 99.9% uptime. Despite of our limitations, we want to earn your business by providing value-added services to our clients and to local businesses throughout the GTA, and for those who want to keep their domain name requests off the largest networks.
Do you have any feedback?
Your comments are greatly encouraged. Send an email to us with any comments regarding our DNS server, requests for information technology work or request an estimate for computer hardware.
If you wish to make a donation to support our public recursive DNS service initiatives, we'd appreciate it.