IBM is rolling out a new DNS-based service that will let customers securely control connectivity between distributed multicloud environments.\nNS1 Connect is one of the first fruits from IBM\u2019s acquisition of DNS specialist NS1 earlier this year. The service is aimed at helping organizations set up the best connection between clouds and end users to deliver applications optimized for performance, cost, security and availability.\nCore to the NS1 Connect package, which will be available Oct. 17, is traffic-steering technology that intelligently distributes DNS traffic across the network. DNS is often described as the Internet\u2019s phone book, working in the background to match the names of web sites that users type into a search box with the corresponding IP address.\nNS1 Connect\u2019s advanced DNS services can make dynamic decisions about where to send an internet request, based on availability, performance, time-of-day and many other calculations, according to Andrew Coward, general manager of software defined networking with IBM, who wrote a blog about the news.\nThe most common traffic-steering rules include avoiding unavailable, overloaded, or under-performing endpoints, IBM wrote in a brief about the NS1 service.\n\u201cNS1 offers a set of basic monitors you can use to track its up\/down status of an endpoint. Alternatively, you can use one of the supporting monitoring service integrations to pull data collected by third-party monitors to the NS1 platform to inform traffic steering,\u201d IBM stated.\n\u201cIf included in your NS1 account, you can configure [real user monitoring] RUM-based applications and jobs to pull real-time availability and performance metrics from shared or private data sources back to the NS1 platform to optimize load balancing across complex, global networks,\u201d IBM stated.\nCustomers can configure the system to input data from a variety of third-party management systems, such as Cisco ThousandEyes and AppDynamics, Datadog, Amazon Web Services (AWS), Rackspace, CloudWatch and Catchpoint.\n\u201cIndependent of where your customer traffic originates around the world \u2013 Boston, San Paulo, Tokyo, Nairobi, Paris \u2013 the DNS answer for where to route that traffic may be different and may vary depending on which content delivery networks (CDN) is busy, how much you\u2019re paying for transit, and what level of traffic balance you\u2019re trying to achieve,\u201d Coward wrote.\nNS1 Connect customers also get DNS reports, such as queries per second (QPS) and global traffic distribution, that can be used to detect sudden drops or upticks in DNS traffic and compare domain traffic across networks.\u00a0\nA feature called NS1 DNS Insights uses what IBM calls lightweight data feeds to provide a granular view of performance, trends, and anomalies. This gives customers the insight necessary to improve system performance and security while reducing operational costs, IBM stated.\nThe system supports DNS Security Extensions (DNSSEC), which authenticates domain name lookups and helps protect against DNS hijacking.\nEnterprise Management Associates (EMA) recently found that DNS hijacking, also known as DNS redirection, is the DNS security challenge that causes enterprise IT the most pain.\u00a0DNS hijacking involves intercepting DNS queries from client devices so that connection attempts go to the wrong IP address. Hackers often achieve this by infecting clients with malware so that queries go to a rogue DNS server, or they hack a legitimate DNS server and hijack queries at a more massive scale. The latter method can have a large blast radius, making it critical for enterprises to protect DNS infrastructure from hackers, according to EMA.\nBeyond DNS management, account administrators can manage users, teams, and API keys to ensure appropriate access levels based on the user role or function, IBM stated.\nIn addition to NS1 Connect, IBM is developing a SaaS package to help enterprises securely network heterogenous environments, including edge, on-prem and multicloud resources.\nThe IBM Hybrid Cloud Mesh is a SaaS service that implements a virtualized Layer 3-7 environment to rapidly enable secure connectivity between users, applications, and data distributed across multiple locations and environments, according Coward.\nHybrid Cloud Mesh deploys gateways within the clouds \u2013 including on-premises, AWS or other providers\u2019 clouds, and transit points, if needed \u2013 to support the infrastructure, and then it builds a secure Layer 3-7 mesh overlay to deliver applications, Coward said. At the application level, the exposure to developers occurs at Layer 7, and the networking teams see Layer 3 and 4 activities, Coward said.\nThe Hybrid Cloud Mesh offering is available to early test organizations and is expected to be generally available by the end of the year.