BlueCat's Adonis and BorderWare's NameVault
BlueCat offers the Adonis DNS Management Server, a DNS-only server (without DHCP or WINS) running BIND 9 software. The software runs under a hardened version of the Linux kernel. In a standard configuration, only port 53 (DNS) and the port that the management interface uses are open.
To configure and manage the appliance, you use the Adonis Management Console, a Java-based GUI that runs on any platform supporting Java 1.3. To secure server-management functions, the management console uses certificate-based user authentication and 128-bit SSL communication between the client and server. The management console's ease-of-use features include 100 levels of undo/redo functionality and wizards that support initial setup and conversion from other DNS platforms.
Adonis's security features include support for BIND 9 encrypted zone transfers and TSIGs to authenticate zone transfers and other DNS updates. Data-validation tools check for logical errors in DNS configurations and ensure complete and accurate synchronization and replication with slave servers. You can configure the appliance to require authenticated access by using digital certificates on both the client and server side. You can also configure an integrated firewall that's designed to reject any network traffic not related to DNS or the Adonis Management Console.
Adonis supports DDNS and caching server configurations. The appliance includes AD integration, with support for SRV records per RFC 2782 and support for configurations that include an AD master. When you use two units, Adonis supports automatic failover.
Adonis has a 1U rack-mountable chassis that houses a 2.6GHz Pentium 4based motherboard, 512MB of RAM, a 40GB disk drive, and a 10Mbps/100Mbps Ethernet port. BlueCat reports that the server can handle more than 20,000 queries per second and can support networks of as many as 100,000 IP addresses. The Adonis lists for $9995.
BorderWare has added BlueCat's DNS service appliance to its product line, marketing it as the NameVault DNS Appliance. Unlike BlueCat, BorderWare is bundling a 1-year service agreement with the purchase of NameVault DNS Appliance, pricing the package at $12,000.
Incognito's MSA Series
Incognito's MSA 300 and MSA 800 DNS server appliances use Cubix's three-blade and eight-blade servers, respectively, preconfigured with Incognito's DNS Commander software or IP Commander software (a companion DHCP server product) running under either Red Hat Linux or Win2K Professional. For example, a typical three-blade configuration might consist of one blade running DNS Commander under Red Hat Linux, one blade running DNS Commander under Win2K Pro, and one blade running IP Commander under either OS. (If you're unfamiliar with blade servers, see "Blade Servers," July 2003, http://www.winnetmag.com, InstantDoc ID 39181.)
Unlike some DNS server appliances, DNS Commander isn't based on the open-source software (OSS) BIND, although it's RFC-compliant at a BIND 9 level. DNS Commander is based on Incognito's proprietary implementation of DNS-related RFCs. Incognito touts its proprietary implementation as more secure (because the source code isn't publicly available) and more stable (because the company subjects its products to prerelease testing).
DNS Commander doesn't include AD support. However, the software supports stub zones as well as caching and conditional forwarding configurations. Other features of interest to Windows administrators include a WINS lookup feature and support for DDNS updates from DHCP servers and Win2K clients. Features of interest to Web administrators of multiple domains include the ability to disable domains and resource records. You can configure DNS in advance of system implementation and turn off name resolution for a domain without having to delete the information from DNS.
Incognito provides three ways to manage DNS Commander. A Win32-based application lets administrators configure and manage both Red Hat Linux–based and Windows-based configurations. You can use a Web interface when the blade is also running Microsoft IIS (under Windows) or Apache (under Red Hat Linux). A command-line interface lets you perform common administrative functions.
DNS Commander's price depends on the number of blades and the number of A (i.e., address) records the system will manage. A typical MSA 300–based configuration with two DNS Commander Pentium III processor 1GHz blades (one Red Hat Linux and one Win2K Pro) with licensing for 1000 A records costs about $7350. Incognito no longer actively markets MSA 300 and MSA 800 on its Web site, but you can contact the company for more information about these appliances.
