DNSBOX200 slave

Authoritative DNS slave

• Managed BIND resolver, with support for TSIG and IP secured zone transfers
• Delete zones, force updates, display zone files
• Full support for DNSSEC signed zones
• Compatible with any standards-compliant DNS server

DNS Cache

• High performance recursive resolver Unbound, with support for forward zones and global forwarding
• Optimised DNSSEC validation
• Denial of Service (DoS) protection
• Cache poisoning protection – max randomness for query ID and port, case preservation, response scrubbing, access control
• High Availability Load Balanced clustering

DHCP Server

• Easy DHCP configuration with automated validation and custom configuration
• Reports on live & historic DHCP usage
• Automated DHCP failover replicates data to a secondary active unit

Easy Appliance Management

• Secure, easy to use web interface
• Simple, safe upgrades: firmware update with option to rollback to previous version
• Graphical performance and system health reports
• Email, SMS and SNMP alerts
• Output to remote Syslog server
• Can be managed seamlessly from DNSBOX400
• Unlimited simultaneous administrators

Appliance Security & Reliability

• Each service runs in its own process in a ‘sandbox’ - secure chroot, held on RAMdisk
• Each service can be served from separate IP address over a separate NIC
• Hardened ApplianSys Linux OS. Read only, compressed firmware. Integral firewall
• AES encrypted IPSEC to other DNSBOXes
• TSIG secured transfers to 3rd party DNS servers
• Granular control of user access, only over secure SSH/SSL links
• Dual CompactFlash for security, reliability and redundancy

1. Pair of slaves in authoritative role for external DNS
2. Slave cluster in recursive resolver/DNS cache role for internal DNS
3. DNSBOX200 as a DHCP server with failover at secondary location
4. Single slave adopting both authoritative and recursive/cache roles