Cybernet is an ISP that provisions wireless broadband services – including high-speed internet access, video surveillance and streaming HD videos – to over 2,000 residential and corporate customers in Tanzania from its three sites.
DNS was difficult to manage
- Previous solution complex and difficult to manage
- Servers often overloaded, causing unreliable customer services
- Unauthorised users created security risk of DDoS attack
- 1 x DNSBOX400 master and 3 x DNSBOX200 slaves
- Management headaches eliminated with easy, intuitive GUI on master
- Fit-for-purpose DNS solution at each site, with fast, reliable DNS services for customers
- Best practice architecture and security features protect against threats on multiple levels
Cybernet’s broadband services were previously handled by four Linux servers – each running a separate service. Three servers ran the open-source BIND software to resolve DNS queries.
Its recursive servers processed around 4,000 recursive DNS queries per second, while authoritative servers handled over 100 authoritative zones.
However, without an intuitive user interface, DNS configuration was difficult. Managing zones and updating DNS records had to be done manually, often resulting in errors.
Software and security updates also had to be applied manually.
Furthermore, the complexity of BIND meant that Cybernet couldn’t enable customers to make changes to their own zones.
Servers were unreliable and unsecure
As Cybernet’s customer base grew, the recursive servers became overloaded with an increasing number of DNS queries.
Technical Director Aatish Sachdev also noticed unauthorised users accessing the servers – which increased the risk of a distributed denial of service (DDoS) attack.
Concerned about the security and quality of service for his customers, Aatish researched multiple DNS, DHCP and IPAM (DDI) vendors for a solution, including ApplianSys and Infoblox.
Pleased with their affordability and secure design, he purchased one DNSBOX400 master and three DNSBOX200 slaves from ApplianSys.
Migrating from the old system to the new one was quick and easy. Aatish was particularly impressed with how easy the user interface was to navigate.
Since its deployment, DNSBOX has eased Cybernet’s previous management headaches – enabling the ISP to provide secure and reliable customer services.
The DNSBOX400 master centrally controls and manages DNS services on each of the three slaves, and its intuitive GUI makes day-to-day DNS administration significantly easier and quicker:
- A single configuration on the master can be pushed out to all connected slaves
- Advanced automation and validation features ensure there is no risk of misconfiguration
- A ‘User Groups’ feature allows Cybernet to securely delegate zone management to its customers
The DNSBOX200 slaves enable Cybernet to deploy a secure, high-performance DNS solution to handle customer requests:
- DNSBOX200’s modular approach can run both recursive and authoritative services on the same physical server, with each service running securely in its own “sandbox” environment
- This allows Cybernet to deploy a fit-for-purpose solution at each of its sites:
- At two sites, a DNSBOX200 slave handles both authoritative and recursive DNS on the same server
- At the third site, a DNSBOX200 slave handles just recursive DNS – which is more secure than their previous BIND solution thanks to the specialist security features of Unbound
- Each slave can handle up to 60,000 recursive queries per second – up to 15 times more than Cybernet’s previous solution, providing the high performance their growing business needs
- For added security, DNSBOX200 also has a ‘permitted subnets’ feature to prevent access by unauthorised users
“DNSBOX is the ideal choice for fast-growing ISPs like Cybernet who have outgrown their existing solution. The intuitive GUI allows for quick and easy DNS management as their workload increases, while our smart server management keeps maintenance tasks to a minimum. Cybernet are also assured of the highest security and reliability thanks to a hardened operating system and sensible hardware design,” comments DNSBOX Product Manager Magdalena Jovanovic.