Operating System - HP-UX
1833784 Members
2440 Online
110063 Solutions
New Discussion

DNS appliances and DNS structure

 
Steven E. Protter
Exalted Contributor

DNS appliances and DNS structure

Have you used one to replace a UNIX or Linux based DNS server on the public Internet?

If so, I'd like a model number and link to the makers website.

I proposed replacing my companies DNS infrastructure today with a more reliable set of servers. I was asked at the meeting if I'd considered an appliance.

Sadly, I've worked so much the past few weeks the thought did not occur to me.

Pretty much I'm pushing off some research work on you, but I really would like to know the following:

1)Brand and website as requested above
2)What DNS structure you used.
3)What features were important, we want redundancy and absolute uptime of a master server set worldwide.
4)What was the protocol of the management interface? http(unacceptable)
5)Did it support any DNS configuration you could do with a /var/named zone file?
6)Reliability stories.
7)For a global company, do you recommend an appliance or a single function rack mount Linux/Unix server.

Fulfilling all of the above requests, which I know will take some time will result in a bunny.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
5 REPLIES 5
A. Clay Stephenson
Acclaimed Contributor

Re: DNS appliances and DNS structure

What I would do is visit www.isc.org (nothing like going to the guys who invented the stuff) and look under Bind->Vendor Products based on BIND. Several DNS appliances are listed.

My concern with using an appliance-based product is staying up to date on BIND and dynamic DNS interacting with DHCPD servers. Your patches and security updates would then be pretty much up to the appliance vendor.

This is one area whether I'm running HP-UX or Linix that I don't use the vendor supplied build but build directly from the
ISC source. It's where the bug fixes and security patches are first deployed and where the most advanced features are found.
If it ain't broke, I can fix that.
Steven E. Protter
Exalted Contributor

Re: DNS appliances and DNS structure

Interesting,

Sounds like you'd be leaning toward the solution that sysadmins can have more control over.

I will say I have a slave DNS/email server thats run 200 days or so with now downtime. Its been running before I started my current job.

Thanks very much for answering, I hope we meet in person some day. I'll give thought before assigning points, but in the end probably drop a bunny your way.

Going to sleep, not going to be able to answer any questions on this thread for 8 hours.

Cheers.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
A. Clay Stephenson
Acclaimed Contributor

Re: DNS appliances and DNS structure

Oh, and one other thing that I have found with Appliances, they often become stumbling blocks during security audits; you may find yourself in the position of having to develop custom templates and standards for your appliances. Our PC guys had been using a CDROM server appliance (Linux-based) for years and "it just worked" but we had to replace it with a PC server running Linux to do exactly the same thing. That was easier and cheaper than getting the appliance past all the stupid security hurdles even for files that were read-only.

This may not matter in your new location but it's something of which to be aware.
If it ain't broke, I can fix that.
Florian Heigl (new acc)
Honored Contributor

Re: DNS appliances and DNS structure

SEP,

have You looked at HP's SA9200 model?
It's nearly unmarketed but I don't have a very bad opinion of it. (On the other hand it's also the only one I got)

I *do* love the feature set these appliances offer - if I could afford racking it somewhere in Panama my website would stay online even if Europe fails for some reason.


If I were to make a business choice I'd take dyndns.org's services into consideration.
Opposing all appliances vendors (HP, F5, Bitblox[?], ...) they really have almost 10 years of proven 100% uptime by now.
yesterday I stood at the edge. Today I'm one step ahead.
Steven E. Protter
Exalted Contributor

Re: DNS appliances and DNS structure

This is for my employer in Israel. There are currently 4 DNS machines at 3 locations. If it makes business sense, they/we can put a DNS server in Panama.

The old infrastructure design has not proven reliable. The system is to be replaced with one that is managed by a team led and trained by me.

The point is to not make DNS contribute to or cause problems such as difficulty delivering mail.

The other point is that since many in our company observe religious holidays that prohibit doing technical work, that this team be able to detect and correct problems when its leader one or more members are unavailable.

There is not an endless supply of money, but if a reasonable investment can improve reliability and flexibility it will probably be made.

Hope that clarfies.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com