Carrier-Grade Performance

etherDNS

Carrier-Grade Recursive DNS for ISPs & Telcos

Ensure lightning-fast DNS responses, protect against threats, and control content access with etherDNS — the high-performance DNS platform engineered for networks from 10K to multi-million subscribers.

Sub-ms Latency DoH HTTP/2 & HTTP/3 DoT & DoQ ECH Support RPZ Blocking
View Pricing Request Demo
<1ms
p50 Latency
99.99%
Uptime
10M+
Queries/sec
24/7
Support

Why etherDNS for ISPs & Telcos

A specialized recursive DNS resolver — not an enterprise DDI suite. Engineered for availability, latency, and lean operations.

Carrier-Grade Recursion

Purpose-built for ISPs — no DDI/IPAM bloat, just fast, reliable recursive DNS resolution at scale.

Sub-ms p50/p95 latency

Anycast & Resilient Clustering

Keep queries local, ride out node failures, and simplify failover with built-in anycast support.

Automatic failover • Multi-PoP

Proactive Prefetching

Refresh hot records before TTL expiry for a near "zero-latency" feel. Keep your cache always warm.

Zero-latency cache hits

Complete Encrypted DNS Stack

Full support for DoH (HTTP/2 & HTTP/3), DoT, and DoQ (DNS over QUIC). The most modern encrypted DNS implementation available.

DoH H2/H3 • DoT • DoQ

Encrypted Client Hello (ECH)

Support for Encrypted SNI (ESNI) and its successor ECH. Protect subscriber privacy by encrypting the server name during TLS handshake.

ECH/ESNI support

RPZ Malware Blocking

Block malware, phishing, and C&C domains with RPZ-based blocking and real-time threat feeds.

Real-time threat intelligence

Rich Observability

Comprehensive metrics including QPS, latency, cache hit ratio, NXDOMAIN rates, and REST APIs for integration.

Dashboards • APIs • Alerts

Why a Local Recursive DNS?

Why every serious ISP must operate a local recursive DNS — not rely on public cloud resolvers.

Lower Latency, Instantly Faster

Keep lookups inside your network for sub-millisecond responses. Pages open quicker, apps feel snappier.

Correct CDN Routing

Your resolver points subscribers to the nearest CDN edge — every time. Smoother video, fewer stalls.

Cost Control

Local recursion and caching keep traffic on-net and off expensive international links. Protect your margins.

Full Control & Insight

Enforce your policies (RPZ), block malware, and spot infected lines before they harm your reputation.

Why DIY Open-Source DNS Fails for ISPs

Open source resolvers (Unbound, BIND, Knot) are excellent building blocks. But running carrier-grade recursive DNS for millions of subscribers needs a different solution.

Threat Intelligence You Can't DIY

Blocking malware and C&C domains requires curated RPZ feeds and safe, fast distribution. Maintaining those lists alone is unrealistic for a single ISP.

Performance & Quality of Experience

Legacy open source resolvers cannot deliver the performance density and low latency required for ISP deployments. Query latency rises resulting in slow page loads.

HA + Anycast + Encrypted DNS

Clustering, failover, anycast catchment and DoT/DoH overhead need careful engineering and optimization to avoid latency spikes and instability.

Operational Visibility

Useful dashboards, statistics, reports, subscriber infection detection, and RPZ analytics don't come for free — you'll build and maintain them yourself.

No Safety Net with DIY

In a resolver incident (misconfig, DDoS, route shift), DIY means no vendor SLO or hotfix path. DNS failures can have outsized impact.

DNS is a critical service — not a place to experiment.
One outage or blacklisting incident can erase years of "labor savings". etherDNS is a turnkey, high-performance DNS resolver designed specifically for ISPs.

DNS Security for ISPs

Protect your network, your subscribers, and your reputation.

Keep Control with Encrypted DNS

Support DoT/DoH without losing insight or policy control. Keep subscribers on your infrastructure — not on Google or Cloudflare.

Block Malware Before It Spreads

RPZ-based blocking and real-time threat feeds prevent access to malware, phishing, and C&C domains.

Detect Infected Subscribers

Built-in detection reveals devices repeatedly querying malicious domains. Take proactive action before infections damage reputation.

DNSSEC Validation

Full DNSSEC validation protects against forged responses, cache poisoning, and redirection attacks.

DDoS Resilient

Intelligent rate-limiting, query shaping, and Anycast clustering protect against amplification and flood attacks.

Hardened Operations

Signed updates, hardened OS base, role-based access control, and detailed audit trails.

Deployment Architectures

etherDNS supports all kinds of network deployment architectures — mix and match per region and growth stage.

Anycast

Distributed deployment with nearest-node routing and seamless failover for best QoE.

Centralized HA Cluster

Central deployment of multiple nodes in High Availability cluster.

Distributed per-PoP

Distributed deployment for large geographies and mobile cores.

No Load Balancers Needed

Save costs and simplify deployment with built-in load distribution.

Simple, Transparent Pricing

Perpetual license with predictable annual maintenance. No per-subscriber fees, no surprises.

etherDNS License

Carrier-Grade Recursive DNS

$699 perpetual license
+ $100/year annual maintenance
  • Sub-millisecond p50/p95 latency
  • DoH (HTTP/2 & HTTP/3), DoT & DoQ support
  • Encrypted Client Hello (ECH/ESNI) support
  • RPZ malware & phishing blocking
  • Anycast & HA clustering support
  • Proactive cache prefetching
  • DNSSEC validation
  • Rich metrics, dashboards & REST APIs
  • 24/7 technical support
Get Started

Ready to Upgrade Your DNS Infrastructure?

Contact our sales team for a personalized demo and architecture consultation.

Contact Sales