Community Blog


Five Reasons to Consider a DNS-based Approach for Subscriber Services

Historically, many service providers have built value-added subscriber services such as parental control using legacy approaches such as deep packet inspection (DPI) tools and proxies. While these approaches can support subscriber services, there are major challenges including limited scalability, extensive performance impacts, and blind spots into details about individual users.


While the legacy approach has been the most common tactic for years, many service providers often overlook or do not know about an alternative way to deploy subscriber services—the DNS-based approach. In fact, the DNS-based deployment options are more powerful and cost-effective for services such as content filtering, extended security, and message insertion. 


Since the DNS-based approach for subscriber services might be a new concept for some SPs or telcos, below are five key reasons why leveraging a DNS-based approach often leads to a more-cost effective and scalable option when compared to a DPI or proxy based-approach. 


More Cost-Effectiveness by Leveraging Existing Infrastructure

In contrast to standalone solutions such as DPI tools or proxies for subscriber services, a DNS-based approach leverages existing core networking infrastructure to provide the extended visibility, content control, and security to end users. This greatly reduces the additional up-front investment needed to provide value-added offers since the DNS infrastructure is already deployed. Now instead of requiring more costly, standalone tools for services, SPs or telcos get more value by providing two key services from a single deployment.


Higher Scalability by Limiting Required Footprint

As the number of subscribers increases and resources move closer to the end user, service providers using standalone tools or proxies cannot just throw a linear number of legacy boxes at the problem due to exorbitant cost and scalability challenges. In general, a DNS-based approach is much more scalable  than DPI approaches because it is more flexible and has less demanding deployment options. Since it acts on the DNS signaling path and only redirects a small portion of traffic instead of all user traffic, scalability is greatly improved over traditional approaches that analyze all in-line traffic and require more and more expensive capacity as users and bandwidth increase.   


Less Performance Impact via Targeted Analysis

With traditional approaches, the overall quality of experience (QoE) can be negatively impacted because all traffic is analyzed regardless of whether the user is a paid subscriber or not. Processing unnecessary traffic can create an impact that is felt by all users. With a DNS-based approach, SPs can leverage powerful DNS-caching capabilities and can provide a much better first-connection experience because only the traffic from specific customers is analyzed, reducing the overall impact. In addition, DNS-based services improve performance by filtering encrypted traffic without the need for decryption of user-plane traffic.


Improved Intelligence with Enhanced Visibility

A common challenge legacy DPI or proxy approaches face is not being able to identify individual users behind gateways or routers. The Infoblox DNS-based approach can support the EDNS0 Client ID injection capability, which means individual device information can be conveyed to the DNS server, which correlates the subscriber traffic to its profile, and therefore enforces the appropriate security and content filtering polices. In layman’s terms, this means a parent’s mobile phone and child’s laptop can be on the same home gateway, yet each have unique policies that are applied based on permissions. Legacy approaches cannot handle this. 


Unified Services for Fixed and Mobile Access

At a macro level, SPs typically focus on mobile users only and ignore fixed-access subscribers for value-added services because the bandwidth requires an exorbitant number of proxies in the legacy approach. Since the DNS-based approach has better scalability and segmentation of subscribers and non-subscribers, providers can now offer convergent subscriber services for fixed and mobile access. This greatly improves revenue potential and provides differentiation against competitors.


Why Infoblox for Subscriber Services

Infoblox is the market leader in service provider-grade secure DNS, DHCP, and IP address management (DDI) solutions. With the announcement of our pre-packaged subscriber service capabilities, service providers can quickly deploy new services, taking advantage of the five benefits listed above.


Infoblox provides the most scalable DDI infrastructure that supports on-premises, virtual, private/public cloud, software-defined networking (SDN), and network functions virtualization (NFV) on a single platform. In addition, Infoblox provides a faster return on investment (ROI) by reducing the upfront capital requirements with a pay-as-you-grow or subscription model.


Service providers can take advantage of Infoblox’s market leadership and create more powerful subscriber services in a more cost-effective, scalable approach. To learn more, visit or contact your local Infoblox representative today.

Showing results for 
Search instead for 
Do you mean 

Demo: Infoblox IPAM plug-in integration with OpenStack Newton