DNS Infrastructure for the Play Network

DNS Infrastructure Transformation for the Play Network

Every internet connection begins with a DNS query, and at the scale of a nationwide mobile network, this means millions of operations executed every second. In the face of 5G deployment, a growing number of attacks targeting DNS infrastructure, and increasingly stringent regulatory requirements, this project focused on delivering a solution capable of handling such scale and complexity.

Project Genesis

The goal of the project was to design a modern, distributed DNS infrastructure ready to support network growth for years to come.

In modern telecom operator networks, DNS has become a critical component affecting performance, security, and regulatory compliance. With the rollout of 5G and the rapid growth in IoT devices, Play’s DNS infrastructure had to cope with a sharp increase in traffic while remaining resilient to attacks and compliant with applicable regulations.

About the Client

P4 Sp. z o.o., the operator of the Play network, serves millions of subscribers in Poland, providing mobile, fixed-line, and television services. As a provider of critical infrastructure, Play must ensure the highest service availability (High Availability) and minimal latency. DNS (Domain Name System) is a key element of this ecosystem—every user click on the internet starts with a DNS query.

Business Requirements

The DNS modernization had to meet Play’s business requirements: ensuring service continuity, scalability, and regulatory compliance, while enabling the development of new services.

Service continuity: elimination of single points of failure and minimization of downtime.
Scalability: handling the growing volume of DNS queries driven by 5G and IoT.
Regulatory compliance: rapid implementation of gambling domain blocking and malicious content filtering.
Flexibility: the ability to launch new services, such as parental controls, without replacing hardware.

Technical Challenges

At the same time, the project posed significant technical challenges. Handling massive 5G traffic volumes, ensuring resilience against attacks, and integrating modern DNS standards required an advanced architecture and extensive customization.

Performance (QPS): handling hundreds of thousands of queries with low latency.
Attack resilience: effective mitigation of DDoS and DNS water torture attacks.
Modern DNS standards: full support for DNSSEC, DoH, and DoT to enhance security and privacy.
Customization and integration: adapting the infrastructure to Play’s network specifics and integrating it with monitoring and security systems.

Modern DNS Architecture Based on Knot Resolver

Redge Technologies designed and implemented a new DNS architecture based on Knot Resolver - a modern, open-source solution developed by CZ.NIC.

Knot Resolver as the foundation

A high-performance, non-blocking DNS engine capable of handling very large query volumes with low latency.

Anycast architecture

DNS traffic is distributed across multiple nodes throughout Poland. In the event of a node failure, queries are automatically routed to the nearest available server.

Advanced RPZ filtering

The system enables instant blocking of gambling domains and protects users from phishing and malware—without impacting performance.

Lua-based customization

Lua scripting made it possible to implement dedicated routing logic, monitoring, and anomaly response mechanisms, perfectly tailored to the specifics of the Play network.

Controlled DNS Transformation for the 5G Network

Proof of Concept

Performance testing in a laboratory environment with traffic exceeding real Play network loads.

Canary Deployment

Redirecting a small portion of subscriber traffic to the new infrastructure to validate stability under production conditions.

Gradual migration

Sequential switching of additional regions and network segments.

Integration with security systems

Connecting DNS with monitoring platforms and the anti-DDoS layer.

Implementation Outcomes: Faster, Safer, and More Flexible DNS

The collaboration between Redge Technologies and P4 concluded with full operational success, delivering tangible benefits across multiple areas.

Performance: significant reduction in DNS resolution latency, resulting in faster website loading times for Play customers.
Stability: the microservices- and Anycast-based architecture eliminated single points of failure (SPOF).
Security: effective mitigation of DNS attacks and full DNSSEC support, ensuring response authenticity.
Flexibility: with Knot Resolver, Play can now deploy new services (e.g., parental filtering) more quickly, without hardware replacement.

The use of Knot Resolver combined with Redge Technologies’ engineering expertise enabled Play to build one of the most advanced DNS infrastructures in Poland, fully prepared for the challenges of the 5G and IoT era. This implementation at P4 demonstrated that enterprise-grade open-source solutions such as Knot DNS, when supported by an experienced integrator like Redge Technologies, often outperform expensive, closed commercial “black box” solutions. A key success factor was the ability to deeply customize DNS server behavior using Lua, allowing the system to be precisely tailored to the specific requirements of a mobile operator network.

Contact us

We can adjust the technology to your needs. Hence, we listen carefully how we can help.