"The management of DNS is very easy via the user friendly GUI. All you need is a basic knowledge of DNS and how it works"
Moataz Sabri, Topnet Internet Services, Saudi Arabia
"DNSBOX allowed us to build a best-practice split DNS architecture in an affordable way."
Harmohan Sood, Reach Internet Ltd, UK
"We have eliminated human-error from the updates and with administrators no longer having to work unsociable hours there is higher job satisfaction"
Dan Risher, Network Manager, UCG, USA
"With DNSBOX we now have a hardened and easily managed solution not to mention the savings in space, electricity and cooling"
John Calisi, IT Manager of Operations, Tennessee Board of Regents, USA
"DNSBOX can be managed by non-professional technicians. Just teach them a few quick steps then off they go"
Naif Orabi, Network Administrator at TAIF Ministry Of Education, Saudi Arabia

Ultra-secure, High Performance DNS/DHCP Server

DNSBOX200 is an advanced DNS slave, recursive resolver (DNS cache) and DHCP server for high performance and security needs. It is a very flexible appliance, which can be used in different ways and adapts to its specific role to give you a fit-for-purpose device.

DNSBOX-Slave-diagram2 It can be licenced for whichever of the 3 services you need. If you don’t use the appliance for all 3 roles, the user interface hides features you don’t need to keep things simple. It can be deployed in different ways:

  • Managed seamlessly from the DNSBOX400 / DNSBOX300 master web interface
  • Linked to other DNS or DHCP servers
  • As a standalone server (DNS cache or DHCP)

 

In addition, DNSBOX200 can be used as a DNS master, for editing authoritative DNS records.

DNSBOX200 runs authoritative and recursive (cache) DNS as separate services on the same physical server. This:

  • Improves security by isolating the authoritative server from the more vulnerable DNS cache, with each running in its own ‘sandbox’ environment. Each can be served from a separate IP address and on a different NIC.
  • Means you can follow this best practice approach yet only need to pay for and manage one physical server – the best of both worlds.
  • Gives you better performance as specialised software is used for the individual services:
    • BIND for authoritative
    • Unbound for recursive

When you use the authoritative resolver as a DNS slave…

  • You have the specialist DNS admin features you need on a slave:
    • Ability to display, filter and search for zones, as well as view their status
    • Real-time and historical graphs giving an overview of how your authoritative DNS service is performing, e.g. the number and types of queries and responses
    • Easy monitoring of slaved zones with zone logging and graphs on query and response types, e.g. visibility of which domains receive most queries
    • Support for slave and stub zones
    • IPv6 support

d200-dns-slave-small

  • Additional features make the service even more secure and reliable:
    • Support for DNSSEC signed zones
    • TSIG Keys
    • IP-secured connections with other DNS servers in your architecture
    • Offline master mode – serving zones from their last known ‘good’ state, if the master becomes unavailable

When you use the recursive resolver (DNS cache)…

  • Because the server is Unbound, you get a more secure solution and carrier-grade caching performance – 2.5x performance of BIND
  • You have the specialist DNS admin features you need:
    • Ability to display, filter, add, edit, delete and search for forward zones
    • Automatic forward zones creation for local zones
    • Real-time and historical graphs giving you an overview of how your recursive DNS service is performing, e.g. the number, rate and types of queries and service latency
    • Logging recursive queries to syslog and local log
    • IPv6 support

d200-recurs-slave-small

  • Additional features make the service even more secure and reliable:
    • Cache poisoning protection with max randomness for query ID and port, case preservation, response scrubbing and access control
    • DDoS attacks protection
      • Rate-limiter restricting amount of DNS traffic from individual or all IP addresses
      • Ability to block the IP address of the attacker using custom firewall rules
      • Automatic service restart if the DNS or DHCP servers are caused to fail
    • DNSSEC validation protecting against other compromised DNS servers with ability to configure DNSSEC trust anchors
    • High availability load balanced clustering gives you redundancy and protection against DDoS attacks – the more query load you can handle, the lower the risk of disruption

When you use the DHCP Server…

  • DHCP configuration is easy and accurate
    • Automated validation of DHCP configurations
    • Custom configuration fields
    • Import/export option for easy backups and ability to copy changes between servers, including importing configuration data from ISC-DHCPD servers
    • Ability to group hosts, subnets and networks with similar configurations
    • Support for all DHCPD options on global and subnet level
    • Ability to assign static IP addresses to clients using MAC authentication
    • Automated log rotation
    • IPv6 and DHCPv6 support

d200-dhcp-small

  • You can easily set up DHCP failover to ensure maximum availability of this critical service
    • Single web interface for managing all failover units
    • Separate XML-RPC interface between the servers – only the primary needs to be configured
    • Automated replication of changes to a secondary active unit
  • Informative DHCP statistics give you full visibility of the service. You can:
    • View and search for current and historical leases
    • View and search for specific hosts, DDNS zones, configured subnets and IP ranges
    • Group subnets, which share a common network media (e.g. same LAN or broadcast address)
    • Store additional description information about devices

PDF-icon-sm Download DNSBOX200 for DHCP Factsheet (pdf, 945.14kB)

D200-deployment-diagram-new-sm1. Pair of slaves in authoritative role for external DNS
2. Slave cluster in recursive resolver/DNS cache role for internal DNS
3. DNSBOX200 as a DHCP server with failover at secondary location
4. Single slave adopting both authoritative and recursive/cache roles

If you have just a few small zones, you can use DNSBOX200 as a DNS master for editing authoritative DNS records simply by switching its operating mode from slave to master.

When you use the authoritative resolver as a DNS master…

  • You have the specialist DNS admin features you need:
    • Ability to display, add, delete, edit, filter and search for zones, as well as view their status
    • Real-time and historical graphs giving an overview of how your authoritative DNS service is performing, e.g. the number and types of queries and responses
    • Easy monitoring of slaved zones with zone logging and graphs on query and response types, e.g. visibility of which domains receive most queries
    • Support for slave and stub zones
    • Automated validation of DNS configuration
    • IPv6 support
  • Additional features make the service even more secure and reliable:
    • Support for DNSSEC signed zones
    • TSIG Keys
    • IP-secured connections with other DNS servers in your architecture

Mini-master

 


Next: Better Appliance >

Because DNSBOX is versatile and scalable, our customers around the world come in all shapes and sizes. ISPs, enterprises, government agencies and even internet registers simplify, control and protect their DDI services with DNSBOX.

How can we make your visit easier?


Give us a few details about your requirement and we'll make your life easier by serving the most relevant information.
I work in a...
I prefer to read...
GO