"With DNSBOX we now have a hardened and easily managed solution not to mention the savings in space, electricity and cooling"
John Calisi, IT Manager of Operations, Tennessee Board of Regents, USA
"Performance is good, support is good and we would recommend ApplianSys and DNSBOX to our own clients."
Paul Schuur, Senior Consultant – Qwise B.V., Holland
"I was the only person who could make changes on our old DNS solution but now customers can manage their own DNS space."
Paul Schuur, Senior Consultant, Qwise BV, Netherlands
"ApplianSys have met all of our requirements as a DNS provider and the platform has provided us with a secure and robust solution"
Karl Jackson, Network Architect, 8el, UK
"DNSBOX allowed us to build a best-practice split DNS architecture in an affordable way."
Harmohan Sood, Reach Internet Ltd, UK

More Secure, More Reliable, Easier Redundancy, Cost-effective Resilience

Compared with alternatives, DNSBOX is particularly strong in dealing with the threats to your DDI services.

With most DDI appliance products, you can make your DDI more secure, more reliable and robust by spending more money. With DNSBOX, you can do so while spending less.

DNSBOX has advantages in terms of security and resilience on 2 levels:

Individual appliances DDI server architecture

Maximum Security

Hardened operating system

Ultra-secure Unbound for DNS caching, DNSSEC, automatic security updates

Easy separation of roles

Secure links, network traffic to each server or service controlled

Maximum Resilience

Inbuilt reliability: solid state storage

Extra redundancy: Dual Compact flash architecture

Easy low-cost redundancy: multiple options for failover, clustering

Inherently more secure

The DNSBOX platform is particularly secure in general, while the ultra-secure DNSBOX200 – generally deployed in more vulnerable and public-facing roles – features one of the most secure DNS implementations in the world.

DNSBOX uses an orthodox approach to DNS architecture compliant with RFCs, making it easy to put in place multiple layers of protection for maximum security:

  • Architectures designed for maximising security, such as:
    • Master-slave architecture with master hidden behind firewall
    • Physically isolated recursive and authoritative resolvers
    • Each service runs in its own discrete ‘sandbox’ – secure chroot
    • Affordable separate physical servers for serving different views
  • Security built into core software for each service running on DNSBOX, such as:
    • Highly-secure specialist recursive resolver, Unbound – a big advantage on this most vulnerable part of the DNS system. This resolver is purpose-built to deal with the threats to a DNS cache.
    • Security features of BIND.
    • DNSSEC to protect against cache poisoning.
  • DNSBOX appliances are hardened devices, packed with security features:
    • Purpose-built secure Linux Operating System, mounted read-only, so any system compromise would be recovered by an appliance reset.
    • The ability to separate services and traffic to the appliances onto different IP addresses and multiple different NICs to connect to different networks / users.
    • Built in firewall with remote administration only allowed over secure links (SSH / SSL).
    • AES encrypted IPsec connections between servers, authenticating and encrypting all traffic between units. This goes further than DNSSEC and TSIG, ensuring that only authenticated masters can update slaves. Zone transfers cannot be hijacked, spoofed or sniffed.
  • Routine software updates protect against any security vulnerabilities in embedded software such as BIND. All software on DNSBOX is monitored for security alerts. Any relevant updates are rapidly engineered into DNSBOX and released.

Westpac_quote_greyMore reliable devices, easy redundant architectures

With DNSBOX, you can build more resilient, robust architectures at a lower cost, for 2 reasons:

  • An individual DNSBOX appliance is rock-solid:
    • It is diskless and uses only solid state storage – making it 10x more reliable (hard disks account for 90% of hardware failures). If power fails, there is no loss of data or settings and reboot is immediate.
    • DNSBOX’s appliance software is engineered to deal with unexpected network events which can cause servers and services to fail.
  • Building redundant architectures is easier and costs less than with alternatives, because of the way the DNSBOX range is designed and priced, with multiple redundancy options:
    • Dual CompactFlash architecture
    • Easy, affordable master-slave architecture
    • Offline master-mode
    • Failover masters at discounted prices
    • Easy, reliable DHCP failover
    • High availability load-balance resolver clusters

Texas-Health_quote_grey

Next: Flexible Integration >

Because DNSBOX is versatile and scalable, our customers around the world come in all shapes and sizes. ISPs, enterprises, government agencies and even internet registers simplify, control and protect their DDI services with DNSBOX.

How can we make your visit easier?


Give us a few details about your requirement and we'll make your life easier by serving the most relevant information.
I work in a...
I prefer to read...
GO