Infoblox's DNS One
Infoblox describes DNS One, a product of the company founder's research into distributed database technology, as the next phase in distributed computing. You can use DNS One as a caching server and as a conditional forwarding server for zones and networks. Infoblox plans to add support for stub zones in 2004.
DNS One integrates a standards-based DHCP server with the latest stable release of BIND 9. Integration of DHCP with DNS services lets DNS One support dynamic registration of DHCP clients into DNS, regardless of the client OS support for DDNS. The DHCP server supports networks that use variable-length subnet masks (VLSMs) and Classless Inter-Domain Routing (CIDR) addressing. Support for DHCP Relay and BOOTP lets DNS One provide DHCP services for enterprisewide multivendor networks.
Like most of the other appliances in this article, DNS One runs under a simplified hardened version of Linux. Only a few TCP/IP ports are open on DNS One, and these ports are configurable. Port 53 (DNS) and port 443 (SSL) are open; optionally, you can open port 66 or port 67 (DHCP) or port 15300 (scripting API). According to Infoblox, you can use DNS One for networks that contain as many as 100,000 IP addresses. DNS One's AD support lets it act as a high-performance secondary DNS server for AD-based zones. Infoblox designed DNS One for mixed environments, including networks with mixed-OS clients, Voice over IP (VoIP) clients, and other gateways.
To configure and manage DNS One, you use a Java-based GUI. An integrated SSL-supporting Web server implements this GUI. Support for granular, role-based administration lets the primary administrator delegate administration responsibility to other administrators, limiting their management access to specific zones and management functions. DNS One includes SNMP support, which enables integration with third-party network management products. A one-button update feature lets you apply software and security updates with little effort. Using an API, which is accessible through Perl, you can automate common administrative tasks. DNS One's Phone Home feature notifies you when hardware and software problems arise.
When you link two units, DNS One supports automatic failover. Working in active/passive failover mode, DNS One reassigns the server's media access control (MAC) and IP addresses to the passive server at failover. DNS One costs $12,000.
Offmyserver's DNSdevil
Offmyserver, a new player in the DNS server appliance market, plans to make DNSdevil available in second quarter 2004. Unlike the other appliances I cover in this article, DNSdevil uses a custom-configured FreeBSD kernel. The system uses a Pentium 4 processor with 1GB of DDR RAM, a 40GB disk drive, and four Intel 100Mbps Ethernet controllers.
DNSdevil also implements BIND 9, with AD support and support for DDNS registration. You'll be able to configure DNSdevil through an SSL-secured Web interface and access the system through a Secure Shell (SSH) when necessary.
DNSdevil supports default zone settings, which simplifies the process of creating new zones. The appliance even supports bulk creations.
DNSdevil offers many tools. For example, a DNS query tool will let you compare the results of a query against the local server with the results of the same query against other DNS servers on the Internet, which demonstrates that the domain name and local server are both properly configured for public use. Other tools simplify zone management by auditing resource records.
DNSdevil will cost $5,500. Offmyserver will provide security updates and other patches for free, with additional levels of support available for a fee.
Threshold Networks' Razzo IP Series
Threshold Networks offers Razzo IP E-1000 and Razzo IP C-2500. These DNS server appliances differ from each other primarily in the level of fault tolerance of the underlying hardware platform. Razzo IP E-1000 has a 2GHz Celeron processor, 1GB of RAM, an 80GB IDE disk drive, and dual 100Mbps Ethernet controllers. Razzo IP C-2500 includes two 2.4GHz Xeon processors, 2GB of RAM, and mirrored 36GB Ultra 160 SCSI disk drives, with dual Gigabit Ethernet controllers, hot-swappable hard disks, and redundant hot-swappable power supplies.
Razzo IP implements BIND 9 and the Internet Software Consortium's (ISC's) implementation of DHCP 3.0. The appliance stores DNS and DHCP information in a SQL-style database, with support for a one-step backup-and-restore operation as well as the ability to roll back some kinds of administrative updates. The integration of DNS and DHCP functions lets Razzo IP's DDNS features automatically add or remove DNS host information for DHCP clients as those clients' leases are granted and expired.
Razzo IP's integrated WINS server manages name resolution for WINS clients. A built-in firewall protects Razzo IP from Denial of Service (DoS) attacks and lets you control which IP and TCP ports are open. Razzo IP runs under a customized hardened Linux kernel for additional system stability and security. AD support lets you import and export SRV records between Razzo IP and AD-based DNS zones.
You can use a Win32 management application or a Java-based Web GUI to configure and manage Razzo IP. Software updates for Razzo IP are available on CD-ROM, or you can download them from Threshold Networks' Web site. SNMP support lets SNMP-based network-management systems receive Razzo IP system performance information. Host discovery features let you compare discovered network addresses to the list of hosts maintained in the Razzo IP database; a wizard helps you add discovered hosts when appropriate. Another feature lets you convert DHCP clients so that those clients can use static IP addresses.
Both Razzo IP E-1000 and Razzo IP C-2500 support hardware failover to a second, standby appliance. Razzo IP C-2500 costs $4995, which includes unlimited host licenses. Razzo IP E-1000 costs $2995, which includes 10,000 host licenses.
A Viable Alternative
Each of the DSN server appliances I described here has a unique set of strengths. An appliance that features a standard BIND implementation in a low-maintenance package (e.g., Adonis, DNS One, DNSdevil, Razzo IP) might appeal to some administrators, whereas an appliance that features a proprietary source-code implementation (e.g., MSA 300, DNSBOX300) might appeal to other administrators. Some administrators might need a highly secure, high-performance DNS server appliance to use with their public network (e.g., Adonis, DNS One), whereas other administrators might need a DNS server appliance for use in a small, private network (e.g., DNSBOX050). No matter what your needs might be, DNS server appliances offer a low-cost, high-reliability alternative to running Windows' DNS Service on general-purpose servers.
Register
