Distributed network


Fault-Tolerant Network

Constellix operates a triple Anycasted network that utilizes a system of multi-tiered redundancy to withstand query surges and DNS-based attacks.

Our network has built-in DDoS mitigation services that redirect pernicious traffic to upstream scrubbing facilities in the event of an attack.

If any of our systems become overwhelmed by an attack, the traffic is redirected to nearby systems to help absorb the attack. In the event of resource failure, there are multiple fail-safes in place for every one of our thousands of nameservers so there is no single point of failure anywhere in our network.

We exclusively partner with Tier-1 data and bandwidth providers at 16 critical peering points around the world. We’ve spent the better of two decades engineering our network for optimal performance and redundancy, so you don’t ever have to worry.


Double Down on DNS

Even though we have a strong network, it is still considered a single point of failure to only use one DNS provider. DNS provider outages have been the cause of notorious hours-long outages in the past, rendering the use of more than one provider to become almost a necessity for some businesses.

Contrary to its name, Secondary DNS is not a Primary provider with a designated backup provider. Rather, both providers are equally authoritative for responding to queries. If one provider is unable to answer queries, then the remaining provider will make up the difference.

Secondary DNS is only a solution for some, though. Both providers must have the same configurations at all times, or else queries could be resolved incorrectly. That means both providers must offer the same services you require, which is usually not the case for GeoDNS and advanced load balancing services.

Secondary DNS terminal
Constellix GeoProximity


Ramp Up Internal Security

We have multiple measures that come standard with all accounts that help assure that your account and domain configurations are protected:

  • Session time outs
  • Email alerts whenever a configuration is changed
  • Strong password enforcement
  • Activity logs (by IP address and changes made)
  • Version control

We also offer additional features that you can enable to have even more granular control over user permissions and account activity:

  • Two-Factor Authentication
  • Role-based and sub-user domain permissions
  • Role-based API permissions
  • Easy account roll-back to the last version
  • Compare versions and revert any desired version


Secure Your Domains

SSL Certification

HTTPS is now mandatory for most major browsers, like Chrome, which means you need to have an SSL certificate for your domain.

Usually, DNS doesn’t have much to do with SSL certifications, which are typically installed on your web server (your DNS just points to it). But when you start to involve more complex configurations, like a CDN (Content Delivery Network), you may run into some issues with security.

CDN Provisioning

CDN providers act as a middleman between your users and your web server. The CDN will store a cache of your website files and distribute them from many points of presence around the world, reducing load times. Your CDN service also needs to use your SSL certificate in order to make secure requests from your web server.

Typically, your SSL certificate is configured through your CDN provider, but since Constellix now offers a CDN provisioning service, you will also need to configure it through Constellix. It only takes one extra step, before you provision your CDN provider(s), make sure you add your SSL certificate information.

CAA Records

Always configure a CAA record if you have an SSL certificate! This ensures that no one else can use a false SSL certificate for your domain. If someone does, you’ll be alerted instantly and their certificate will not be able to authenticate.

Usually, DNS doesn’t have much to do with SSL certifications, which are typically installed on your web server (your DNS just points to it). But when you start to involve more complex configurations, like a CDN (Content Delivery Network), you may run into some issues with security.


Coming soon! DNSSEC is a service that signs your domain at the root with a cryptographic key, preventing man-in-the-middle attacks.

Analytics Dashboard


Detect Attacks Earlier

Coming soon! Get notified when your query usage becomes abnormal. We use Artificial Intelligence to learn patterns in your query usage and are able to detect the slightest anomalies that could indicate an attack or system misconfiguration.


See Your Queries in Real Time

Detect the early signs of an attack while there’s still time to take action. Our advanced Analytics services gives you all the tools you need for total domain visibility. Narrow down your focus to a single domain and location to troubleshoot fluctuations and rule out system misconfigurations.

Record minute long logs of your incoming queries to find holes in your network architecture and identify poorly configured records that could be costing you in overages. You can even log attacks in real time and use them for root cause analysis later.

Constellix GeoProximity
Constellix IP Filters


Block Unwanted Traffic

Filter out potentially malicious traffic by region, country, city, network (ASN), IPv4, or IPv6 address. IP Filters make it easy to create your own IP blacklist that you can apply to multiple records and domains.

You can even combine your filtering rules to make more granular logic. For example, you can filter out traffic by network and country.

Can't Get Enough?

Check These Blogs Out

IP Blocking 101

Learn how to create an IP Blacklist in just a few minutes.

Watch the video

Ultimate Guide to Secondary DNS

The essential Secondary DNS guide chock full of strategies, performance tips, and tutorials.

Read more

New! Multi CDN Features

Integrate your CDN providers, SSL certificates, and more.

Read more

Ready to Try Constellix?

Get a $50 credit just by completing a demo with our team.

Get Your Credits