I recently had the opportunity to completely over haul the DNS for a large IT organization and wanted to take this opportunity to do a complete DNS review. As part of the over-haul, the internal DNS would remain on Windows Active Directory servers however the public facing external DNS servers that had been running bind 4 on Sun Solaris needed to be replaced.
My choices were to either upgrade the existing Sun hardware, implement openSource DNS application or implement a commercial DNS appliance. For this particular job a major consideration was that the engineers that would be modifying DNS did NOT have VI experience and were not some familiar with UNIX/LINUX.
That pretty much ruled out an upgrade and left me with only a DNS appliance solutions. Even with a web front-end on a Linux server the need was made clear that this group also needed to maintain the server too which nailed it down to commercial appliance. So what are some good viable solutions for stable commercial DNS appliances.
Easy to use Point and Click front-end, ability to easily recover from a failure, ability to un-do changes, ability to link records to avoid large amounts of orphaned dns records.
Products In The DNS Review:
Blue Cat Networks – Adonis $8000 estimate retail value
InfoBlox – DNSone $8000 estimated retail value
Appliansys – DNSBox $3000 estimate retail value
Right off the bat the price for the Appliansys DNSBox was very appealing but it did not meet the requirements. It did have a decent point and click front-end that was fairly intuitive. It also had an easy way to ensure the communication between dns servers were secure and the the ability to recover from a failure was also met. However no record linking was present.
The InfoBlox product was very interested. Promoting a Grid package that was a patented Infoblox technology for linking distributed appliances into a unified Infoblox grid. This was definately made to handle large distributed dns systems and the ability to recover failure. The product also came with a built in IPAM (IP Address Management) solution which integrated your DNS, DHCP and IP administration in one convenient place. Talk about the holy grail of IP management solutions. The big issue with the InfoBlox product was that even with all of this great technology there was no ability to link records to avoid orphaned files/records.
Lastly there was the BlueCat Adonis. For some reason there just seems to be a lot of “blue” network appliance companies coming out these days, Blue Coat, Blue Socket and now BlueCat? Anyway, the name aside we got a chance to review the Adonis 1000. This was a very slick product. Extremely clean and intuitive interface made dns maintenance and administration very easy. Multiple methods of backing up the dns database, with up 99 un-do’s. There was also a built-in cvs type locking mechanism where the dns database would be locked to prevent more than one engineer from making changes. Finally the Adonis had the ability to link files to one another! CNAME records and MX records could be directly linked with A Records across multiple domains. There was also the support for multiple bind views. The final bonus with the BlueCat product was with its Proteus IPAM solution. This was an IP Address Management solution that would integrate all DNS, DHCP, and IP databases into one manageable platform. You could even integrate your Windows DNS so that you could have one consistent view. Now the Proteus is NOT free and is very pricey but overall the BlueCat product line met every requirement and then some.