"With DNSBOX, our previous IP conflict problems are non-existent."
Mike Neverdusky, CDE Lightband, USA
"The DNSBOX is a well thought out, scalable and easy to manage solution"
John Calisi, IT Manager of Operations, Tennessee Board of Regents, USA
"We no longer have to put up with the hefty bills and poor service levels of our ISP’s DNS management service"
Mike Bird, IT Director, DHL, UK
"CACHEBOX offered three key criteria in one neat package: enhanced security, increased reliability and ease-of-use"
Mike Bird, IT Director, DHL, UK
"The DNSBOXes meet all of our expectations. It is very rare when a product actually performs as stated in the marketing literature..."
Randy Haynes, Senior Network Engineer, EDS, USA

More Secure, More Reliable, Easier Redundancy, Cost-effective Resilience

Compared with alternatives, DNSBOX is particularly strong in dealing with the threats to your DDI services.

With most DDI appliance products, you can make your DDI more secure, more reliable and robust by spending more money. With DNSBOX, you can do so while spending less.

DNSBOX has advantages in terms of security and resilience on 2 levels:

Individual appliances DDI server architecture

Maximum Security

Hardened operating system

Ultra-secure Unbound for DNS caching, DNSSEC, automatic security updates

Easy separation of roles

Secure links, network traffic to each server or service controlled

Maximum Resilience

Inbuilt reliability: solid state storage

Extra redundancy: Dual Compact flash architecture

Easy low-cost redundancy: multiple options for failover, clustering

Inherently more secure

The DNSBOX platform is particularly secure in general, while the ultra-secure DNSBOX200 – generally deployed in more vulnerable and public-facing roles – features one of the most secure DNS implementations in the world.

DNSBOX uses an orthodox approach to DNS architecture compliant with RFCs, making it easy to put in place multiple layers of protection for maximum security:

  • Architectures designed for maximising security, such as:
    • Master-slave architecture with master hidden behind firewall
    • Physically isolated recursive and authoritative resolvers
    • Each service runs in its own discrete ‘sandbox’ – secure chroot
    • Affordable separate physical servers for serving different views
  • Security built into core software for each service running on DNSBOX, such as:
    • Highly-secure specialist recursive resolver, Unbound – a big advantage on this most vulnerable part of the DNS system. This resolver is purpose-built to deal with the threats to a DNS cache.
    • Security features of BIND.
    • DNSSEC to protect against cache poisoning.
  • DNSBOX appliances are hardened devices, packed with security features:
    • Purpose-built secure Linux Operating System, mounted read-only, so any system compromise would be recovered by an appliance reset.
    • The ability to separate services and traffic to the appliances onto different IP addresses and multiple different NICs to connect to different networks / users.
    • Built in firewall with remote administration only allowed over secure links (SSH / SSL).
    • AES encrypted IPsec connections between servers, authenticating and encrypting all traffic between units. This goes further than DNSSEC and TSIG, ensuring that only authenticated masters can update slaves. Zone transfers cannot be hijacked, spoofed or sniffed.
  • Routine software updates protect against any security vulnerabilities in embedded software such as BIND. All software on DNSBOX is monitored for security alerts. Any relevant updates are rapidly engineered into DNSBOX and released.

Westpac_quote_greyMore reliable devices, easy redundant architectures

With DNSBOX, you can build more resilient, robust architectures at a lower cost, for 2 reasons:

  • An individual DNSBOX appliance is rock-solid:
    • It is diskless and uses only solid state storage – making it 10x more reliable (hard disks account for 90% of hardware failures). If power fails, there is no loss of data or settings and reboot is immediate.
    • DNSBOX’s appliance software is engineered to deal with unexpected network events which can cause servers and services to fail.
  • Building redundant architectures is easier and costs less than with alternatives, because of the way the DNSBOX range is designed and priced, with multiple redundancy options:
    • Dual CompactFlash architecture
    • Easy, affordable master-slave architecture
    • Offline master-mode
    • Failover masters at discounted prices
    • Easy, reliable DHCP failover
    • High availability load-balance resolver clusters


Next: Flexible Integration >

Because DNSBOX is versatile and scalable, our customers around the world come in all shapes and sizes. ISPs, enterprises, government agencies and even internet registers simplify, control and protect their DDI services with DNSBOX.

How can we make your visit easier?

Give us a few details about your requirement and we'll make your life easier by serving the most relevant information.
I work in a...
I prefer to read...