ix.Cloud Edge
Service Description: Public DNS Service ix.Cloud Edge
The Public DNS Service is part of the Internet Perimeter ix.Cloud Edge and enables authoritative name resolution of public zones. Zone distribution takes place globally via an Anycast network. The service meets regulatory requirements (revDSG / FINMA) through localized data storage and audit-proof processes.
The service is available exclusively under the SLA Rhodium and must be ordered via "Generic Request".
Service Architecture
Zone data management is handled centrally on the Inventx infrastructure via a server that is not accessible from the Internet (Hidden Primary). DNS queries from around the world are answered via an upstream Anycast network.
This distributed architecture eliminates single points of failure and reduces latencies.
Service Scope
| Performance Feature | SLA Rhodium |
|---|---|
| Initial Setup | ◼ |
| Hidden Primary Architecture | ◼ |
| Anycast Zone Distribution | ◼ |
| GeoLoad Balancing | ◼ |
| Security (DNSSEC & RPC Listen) | ◼ |
| Audit Security & Compliance | ◼ |
(◼ = Included in standard service, ◻ = Project-based / one-time service)
Service Options
The following performance elements define the service and its operation:
Initial Setup
The initial specification, configuration, and migration of existing public zones are carried out as part of an initial setup in collaboration with the customer.
Hidden Primary & Zone Distribution
Zone management takes place on an internal primary server (Hidden Primary) to reduce the attack surface. Zone information is distributed to clients exclusively via the Anycast network. Sovereign fallback runs via the Hidden Primary.
GeoLoad Balancing
DNS queries can be dynamically delegated to Internet endpoints across different locations. This includes ix.Cloud locations as well as connected public cloud providers for distributed load management.
Security & Administration
- DNSSEC: Cryptographic protection of DNS responses against manipulation.
- RPC Listen: Implementation of Response Policy Zones for active filtering and control of name resolutions.
- Administration: Zone management strictly according to the four-eyes principle including audit-proof auditing.
Supported Record Types
The following DNS records are supported for public zones (forward mapping):
| Record Type | Forward Mapping | Reverse Mapping | Purpose / Description |
|---|---|---|---|
| A Record | ◼ | Resolution of a hostname to an IPv4 address. | |
| AAAA Record | ◼ | Resolution of a hostname to an IPv6 address. | |
| CNAME Record | ◼ | Alias entry that points one hostname to another. | |
| MX Record | ◼ | Definition of the responsible mail servers for email receipt for the domain. | |
| NS Record | ◼ | Definition of the responsible name servers for a zone or subzone (delegation). | |
| PTR Record | ◼ | Resolution of an IP address to a hostname (reverse mapping), often used to verify mail servers for spam prevention. | |
| SRV Record | ◼ | Definition of the availability of specific services (including port and protocol). | |
| TXT Record | ◼ | Storage of text information, often used for security and verification purposes (e.g., SPF, DKIM, DMARC). | |
| CAA Record | ◼ | Definition of which certificate authorities (CAs) are authorized to issue TLS/SSL certificates for the domain. |