DNSFilter: Protecting Websites from Security Threats and Unwanted Content
They met as mentors for startup companies at a South Carolina incubator and ended up deciding to create one of their own together.
Ken Carnesi ran a company called Anaptyx—which provides managed WiFi networks to hotels, apartment complexes, and cities—and used OpenDNS for content filtering. Unhappy with the service, and unable to find a better solution, he came up with the idea to build an alternative. Mike Schroll, who had started a hosting company while he was in high school, was immediately interested. He says he was “obsessed” with DNS, having “dealt with more than 1,000 customers, their domains, and all kinds of DNS-related issues.”
After three months of conversations, that serendipitous meeting of the minds led to the founding of DNSFilter in the fall of 2015, with Carnesi as CEO and Schroll as CTO. The mission of the company was to provide enterprise-grade features for filtering unwanted content and online security threats. By leveraging AI and virtual environments, they would be able to provide global coverage and top-tier service that would also be cost-effective.
From the beginning, Schroll wanted DNSFilter to run on a global anycast network. He looked at a number of hosting provider options, and “Packet just made a lot of sense at the time,” he says. For one thing, “Packet was one of the few people who actually let you bring your own IP space. We had to work hard to get our own IP space because ARIN was out of IPs in North America. We had to go to APNIC in Australia to get our IPs.”
Plus, “we were a small startup and bootstrapped, and Packet has this option that you could get an inexpensive dedicated server that was available in a handful of locations,” says Schroll. “That was the strategy for a while, to have some global coverage. It was cheap and easy for us to spin up.”
Building a Balanced Anycast Network
At the same time, DNSFilter used a hosting company that allowed for setting up virtual servers and hosting anywhere. “But we came to the conclusion that they were not a good provider to run an anycast network,” says Schroll. “There are a lot of nuances with having a balanced anycast network. You need a lot of knowledge and cooperation from the hosting provider. You need to know that they’re using the right transit providers and they’re giving you the right knobs to tweak in your configuration. Otherwise, you can’t properly run your anycast network.”
To solve that problem, Schroll decided to add another hosting provider, NetActuate, which specializes in anycast networks on virtual servers. And in order not to have all his eggs in one basket, he increased the number of Packet locations so that each customer would have two IP addresses to configure for its DNS: “One of them now goes to Packet servers, and one of them goes to NetActuate servers,” he says. “That’s been our approach for the past year and a half, of having two different providers, and in most cases, they’re using different data centers, with different hardware and different network gear. We feel confident that we have the redundancy that we need.”
It’s a strategy that also allows for expanding coverage with some flexibility. For example, DNSFilter has one IP network that’s mainly Packet, except for a few locations where Packet doesn’t have a presence. In those cases, DNSFilter runs some NetActuate servers on the same IP as the Packet network.
Luckily, Packet can accommodate being used in conjunction with another hosting provider. “If you’re trying to use multiple providers at the same time on the same IPs, you need even more knobs to be able to actually pull that off,” says Schroll. “Because both of these providers are smart and savvy, have set things up properly, and provided all the correct knobs, we are able to do that. It works out perfectly.”
DNSFilter currently runs in 40+ data centers around the globe, including 16 Packet locations and counting.
We have the technology where it needs to be, so we’re focusing more on growth and scaling and offering a more complete product. I think Packet is going to be a really good partner to grow with.
Becoming a Major Player
Today, the company sells two main products: DNSFilter, a threat protection and content filtering service, and Webshrinker, a paid direct feed that provides the intelligence that DNSFilter uses to determine what category domains are and to detect threats like phishing sites. One of the biggest customer services for DNSFilter is managed service providers, which include the product in its offerings to other companies.
And DNSFilter has established itself as a big player in its space. DNSPerf.com recently ranked it as the fastest content-filtering DNS service in North America, above the competing service that inspired its creation in the first place, OpenDNS. (OpenDNS was acquired by Cisco and now operates under the name Cisco Umbrella.) “On that list are places like Google,” says Schroll, “and the fact that we’re almost 50% faster than Google is crazy.”
The Packet Difference
One differentiator from the beginning has been the company’s relationship with Packet. Schroll points out that well before Packet formalized its program to help early startups, it helped DNSFilter with monthly account credits and a discounted hourly rate for servers. “When we were an early bootstrapped startup, before we’d even raised any money from angels. It was extremely helpful for us,” says Schroll.
Additionally, Schroll says he’s been able to count on Packet to work with him when something comes up. “Whenever there’s been any kind of routing issue or we’re trying to provide new options to big customers of ours, they’re always super responsive.”
As he sees it, “Packet is competing in a world where there are 800-pound gorillas like AWS, and they need some way to differentiate themselves,” says Schroll. “They have found good ways to do that, by being very cutting edge with what they’re offering.” For example, Packet is one of the few bare-metal hosting providers that support the CoreOS operating system that DNSFilter uses on its servers.
Schroll thinks DNSFilter is in a similar situation. “We’re competing with a company that got bought by Cisco for $600 million,” he says. “We have some of the same challenges, and that’s why it’s really exciting that recently, Packet has been working with us to get us more servers and more locations.” These micro-edge locations are one big reason for DNSFilter’s stellar numbers on DNSPerf.com. “Essentially, Packet has empowered us to compete above our weight class,” Schroll adds.
The DNSFilter team is working on expanding its user agents beyond its existing Windows agent. Android, iOS, and MacOS versions, currently in beta, will be released next month. “People can install the software and roam anywhere around the globe with their machines, and they’ll still get protection from us,” says Schroll. “Because we have this great global anycast network, they’ll have performance protection too.”
It’s one of the enhancements that are part of the company’s strategy during an inflection point in its business. “We have the technology where it needs to be, so we’re focusing more on growth and scaling and offering a more complete product,” says Schroll. And because of how easy Packet makes it to spin up servers in locations as needed, “I think Packet is going to be a really good partner to grow with. It’s going to be a huge differentiator going forward.”