A decade ago we built our first CDN/WAF solution to keep sites from getting reinfected after cleanups. We learned fast that
security without performance won’t fly—few will trade speed for safety (but many will do the opposite). Our first design ran on a single Anycast network: effective for many,
but it hit limits under large-scale attacks and during outages, especially for partners/platforms managing thousands of properties.
With NOC, we chose a different path: tackle performance and security, and add flexibility where it matters most—during incidents.
Architectures Matter
A common fallacy in CDN-land is that only networks with hundreds of POPs are “fast.” In reality, that scale matters for a minority of traffic profiles.
Many free tiers quietly serve from a handful of POPs, and large mesh topologies can create freshness issues: a near edge accepts the TCP handshake,
but responses bubble from mid-tier layers, not the true edge.
Our view is simple: not everyone needs a global mega-mesh. We cache at the edge and avoid unnecessary mid-tier hops.
The result is comparable (often better) real-world speed because the design reduces indirection.
The NOC Network Topology
We started with the Domain Name System—specifically, Authoritative DNS (AuthDNS). By building an Anycast AuthDNS foundation, we decoupled routing control from the CDN itself and unlocked advanced policies rarely offered by traditional CDNs. That improves resilience, availability, and continuity during outages.

In practice, AuthDNS optimizes every request based on geography and health, then pairs it to a secondary layer where the CDN and WAF operate in a geographically aligned location. You get Anycast’s HA/failover plus the precision routing of Authoritative DNS.
The NOC Stack
Our differentiators aren’t just the topology—they’re how three core services work together:

WAF / CDN / AuthDNS operate in concert to defend against Layer 3/4/7 events while keeping content fast.
Our security posture uses an updated deny-all strategy tuned for open-source CMSs. We virtually harden and patch at the edge, reducing reliance on origin changes.
Combined with our network choices, performance rivals much larger providers.
Requirements: host your Authoritative DNS with us, or use an external AuthDNS that supports APEX ALIAS records.
Why Try the NOC Platform
Security | Most free CDNs don’t ship real security. NOC plans start at $1/domain and include speed and protection (DDoS mitigation and exploit blocking). |
Performance | Fewer POPs, fewer hops, fresher cache. Edge-first delivery often outperforms larger meshes in key markets. |
Control | Advanced, DNS-driven routing for incident response: geo steering, health-based failover, and smart origin routing. |
Continuity | Self-healing patterns and targeted failovers reduce blast radius during outages and large-scale attacks. |
Questions? We’re here to help: support@noc.org.
NOC — Authoritative DNS, CDN & WAF
Accelerate and protect your sites with global DNS, edge caching, and an always-on web application firewall.
See Plans